by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2013
Nevada's Transportation Depart- ment, like many other agencies, is better at generating logs and other security information than using the data. Reviewing log data ideally is a routine process for administrators and security professionals, but in the real world the volume and complex- ity of the data can make it hard to keep up. "We do not have the resources to do it on a regular basis," said Kimberly Munoz, the Nevada DOT's IT manager. Munoz wanted something that could bring the data togeth- er into a central, easily searched location, "like a Google of our system data," she said. The tech- nology existed, but with budgets tight, getting the funding for it was a challenge. Fortunately, "I was able to lobby and get this on the list," said Munoz, who sits on a statewide security committee. In the fall of 2012 the depart- ment began a demonstration with Splunk Enterprise, a tool to gather and correlate struc- tured and unstructured network data and make it visible and available for search and analy- sis. Initial plans were to enable better reporting of the depart- ment's content filtering and to document Web activity. But even in the trial stage, Splunk began finding misconfig- ured network devices almost im- mediately. On a firewall that had just been deployed that should not have allowed outside Se- cure Shell connections, Splunk alerted the team to a number of failed connection attempts from China. The configuration was fixed within a matter of hours. "It definitely has improved our security posture," said Munoz. Splunk is an example of a tool that can automate, or help to automate, routine and cumber- some tasks that are difficult or impractical to do manually. It integrates various types of data in different formats and makes them visible through a "single pane of glass." "It is used in IT operations to help with network and systems management, to monitor and understand the use of applica- tions and for operational intel- ligence," said Bill Cull, Splunk vice president of public sector. But, "the primary thrust of what we're doing has been in cyberse- curity," he said. FIGHT AUTOMATION WITH AUTOMATION The demand for automation in cybersecurity is not surprising. Attackers increasingly are using automated tool kits to launch attacks, searching for vulner- abilities and weak passwords and then deploying multistage exploits to breach systems and escalate their privileges on it. Al- though many enterprises detect and block thousands of probes and attempted breaches daily, many attempts make it through perimeter defenses, and once inside a system they can hide themselves well. Steve Hanna, distinguished engineer at Juniper Networks, said that 60 percent of suc- cessful breaches are completed within a day, and 46 percent of them within an hour. Discovery, on the other hand, often is a lengthy process. Fifty-six percent of these breaches are not dis- covered for more than a month after they occur, and many of them are discovered not by the system owners but by external parties --- the latest figure from Verizon's 2013 Data Breach In- vestigation Report is 69 percent. While attackers are commer- cializing and automating their attacks, government IT shops are struggling with static or shrink- ing budgets and a shortage of trained, experienced security professionals. Security automa- tion is emerging as a means of There are a growing number of products that can help automate the job of IT security, but the key is building a standards-based system to take advantage of them. SECURITY AUTOMATION: HOW AGENCIES GET TO THE NEXT STEP BY WILLIAM JACKSON 24 GCN JULY 2013 • GCN.COM