by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June 2013
QWhat weaknesses do you see in the traditional cyber- security model? The traditional cybersecurity infrastructure contains sev- eral detection, analysis and remediation gaps. Today, or- ganizations need to focus on two things: 1) Detecting un- known threats and 2) Reduc- ing response time. Currently, organizations focus most of their attention on alerting and prevention tools. This is undoubtedly why the majority of security breaches aren t discovered until months after the fact. These tools only catch what they re told to look for, and even when an alert is triggered, it s dif cult to identify the real threats among the tens of thousands of alerts these tools bubble up. Also, once an organization discovers a compromise, it takes days, often months to contain. It s likely, given their disparate tools and lack of collaboration capabilities, many organizations are failing to completely eradicate the threats they ve discovered. Q What are the shortcomings of relying heavily on sig- nature-based tools? You re still left with blind spots---things your intrusion detection, antivirus and data leakage prevention tools cannot see. This would include new malware that has not yet been de ned, so there is no signature to allow an IDS or antivirus tool to catch it. Also, DLP technol- ogy cannot detect sensitive information that has been saved as a JPEG or other image format. Another blind spot is traveling or telecommuting employees who are not logged into your network. Most network packet cap- ture solutions are blind to this. Until organizations have the visibility to detect unknown threats they will always struggle to defend their domains. Why is it important to have a security solution that analyzes both network and computer data? You don t have the whole picture unless you re correlat- ing host data with network communications. If a com- puter is acting up, you need to immediately view its net- work communications to see if it s calling out to other machines on your network, or some outside domain. If you ve detected anomalous traf c on your network, you should immediately drill down into all computers involved to see exactly what is happening on those machines. Having the whole picture at your ngertips can allow you to take decisive action in minutes, as op- posed to hours or days. Q What steps can an agency take to improve its re- sponse to security incidents? The keys to improving response times are integrated analysis and real-time collaboration. Organizations can implement an integrated incident response plat- form that provides network packet capture, computer forensics, including volatile/RAM analysis, malware tri- age and disassembly analysis, as well as built-in batch remediation. It can be integrated with your SIEM to en- able automated incident response, and all the critical analysis is conducted through a single interface. Net- work security, forensics, malware and information as- surance teams can all perform their respective analysis within the same dashboard. When all of this information is available in a single platform and teams are collabo- rating in real time, actionable intelligence is gathered in minutes, as opposed to hours, days or even months. Q How can an agency take a more proactive approach to protecting its networks? It s relatively easy to take a proactive approach to de- tecting unknown threats when you have that integrat- ed visibility into network communications, computer hard drive, volatile and RAM data, plus the ability to determine the behavior and intent of malware without sandboxing. You can use this technology to schedule regular, ongoing audits for data leakage. You can have teleworking employee laptops check in with both host data and Internet activity reports, even if they aren t VPN d into your network. You can schedule regular scans of segments of your network to identify potential- ly malicious binaries---and even perform bidirectional monitoring of removable media. Then of course, once a threat is validated, having that built-in remediation is invaluable. A A A A A Q F Jason Mical Vice President of CyberSecurity AccessData Sponsored Content F cc D , . cc .c