by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2013
SECURITY AUTOMATION CYBERSECURITY GCN JULY 2013 • GCN.COM 25 catching up with, and maybe getting ahead of, the bad guys. Security is not a point process, however, and security au- tomation is not accomplished with a single product. It is a broad approach that uses standards-based tools to handle routine tasks automatically, taking humans out of processes that can be done automatically and freeing them for the jobs that require a human touch, such as in-depth analysis or re- sponse decisions. STANDARDS-BASED SECURITY The government is working to create a standards-based se- curity environment through the Security Content Automa- tion Protocol (SCAP), a suite of interoperable specifications developed at the National Institute of Standards and Tech- nology in collaboration with the public- and private-sector security community. Although NIST's agenda for security automation goes be- yond vulnerability management, SCAP in its present form, Version 1.2, deals primarily with endpoint compliance for configuration requirements. The specifications, contained in Special Publication 800-126, support automated configu- ration, vulnerability and patch checking, technical control compliance and security measurement. "In the U.S. government it has been a challenge to imple- ment configuration management," said NIST's Dave Wal- termire, SCAP architect. "There is often a tension between allocating resources to manage systems and developing con- figuration management policies, procedures and baselines." The SCAP specifications provide the building blocks for vendors to provide standards-based tools that can work and communicate with each other in automating these pro- cesses. They create a common format for developing and en- forcing baselines and producing standardized results. This requires common methods of expressing information about hardware, software and vulnerabilities. GOVERNMENT DEVELOPED SOLUTIONS While NIST is building a framework for interoperable vendor products that agencies can implement within their systems, the Homeland Security Department is developing an intru- sion detection and prevention system to be offered as a man- aged service through agencies' Internet service providers. Einstein was initially deployed in 2004 to detect and block malicious activity across the .gov domain. The first version analyzed network flow information from participating agen- cies to provide a high-level view for observing potential It is commonplace to point out that there is no silver bullet in IT security, but it bears repeating that although automating routine security processes can be a big help in protecting assets and systems, it is not a panacea. Steve Hanna, distinguished engineer at Juniper Networks, in a recent presentation hosted by the Trusted Security Group o ered a short list of caveats for implementing automated tools. Security automation is a new technology. Tools are available, and standards to enable integrating them into an enterprise are emerging, but there often is little experience in large scale implementation across an enterprise. There also is a chance that false positives can block legitimate tra c when responses to suspected malware are automated. Automated responses can be used against you. You don't want to be blocked from your own network if there is a kill switch that can be accessed by an intruder. Don't become complacent. Don't assume that the automated system is taking care of everything. This is your opportunity to do some more sophisticated analysis and look toward the new kinds of attacks that are coming. This is freeing you up from the routine items so that you can do more sophisticated things. Sophisticated attacks can go unnoticed. Recognize that your automated system isn't going to catch every attack. SECURITY AUTOMATION IS GREAT, BUT DON'T LET THAT FOOL YOU