by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June 2013
Full 10 question interview online at: GCN.com/2013ContinuousMonitoring SolarWinds on Continuous Monitoring QWhat is continuous monitoring and why is it important? How is it different from the "checklist compliance" approach originally required by FISMA? AContinuous monitoring is the ability to automatically collect data and report on the performance, availability and security posture of your IT infrastructure and applications. The "checklist compliance" approach originally required by FISMA looks at risk and compliance at the time of implementation or audit. Reporting on a quarterly or monthly schedule is no longer adequate, driving FISMA s additional requirement of "automated and continuous monitoring." The consequences of a successful cyberattack can be catastrophic and a vulnerability that becomes apparent only in a monthly report could have already been exploited. The need for continuous monitoring comes from an increase in both old and new security threats and from the constant -- but necessary - change of IT infrastructure. QHow does continuous monitoring t into an agency's larger cybersecurity strategy? AFirst, we need to understand that the functions of IT op- erations and information security, which traditionally have been seen as separate, are no longer different at all. The health of networks and systems and the security of net- works and systems are now one and the same concern. Continuous monitoring has been almost universally adopted by IT operations teams for years to identify problems and to "keep the lights on." Now that Information Assurance (IA) is rapidly adopting continuous monitoring to help achieve their goal of protecting the same IT infrastructure from intrusions and other exploitations they are seeing the same need. For both groups, weekly or monthly reports are great for trending and analysis, but real- time continuous monitoring for known vulnerabilities and known attack patterns is critical for keeping ahead of threats. Because of the signi cant overlap between what information IT operational professionals and information security professionals need to track for continuous monitoring, it makes sense to look at combining some of these monitoring functions, adopting continuous monitoring tools that can provide value to both groups at the same time. It s all about dual use. Dual use means that the same raw technical data that is gathered can provide both an ops view and an IA view. "Monitor once, report many" is the new way to cost effectively implement continuous monitoring. Getting dual-use value out of continuous monitoring tools should be part of every agency s cybersecurity strategy. Sanjay Castelino VP and Market Leader, SolarWinds Sponsored Content Continuous monitoring is recognized as a powerful tool for identifying and mitigating potential threats to an agency's infrastructure. But that s just one aspect of its value, says Sanjay Castelino, vice president and market leader at SolarWinds. Continuous monitoring also can provide information technology professionals with invaluable insight into the health of that infrastructure. It s all about dual use.