by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : August 2013
QWith cyberattack targets shifting from government networks to the commercial industrial base, what new requirements does that create for protecting those networks? The increasing intensity of what we're seeing requires a comprehensive security pro- gram and a better grade of security than has generally been funded in IT budgets. With the escalating frequen- cy of attacks, you can't afford service outages every time you deal with an issue. You need a real-time view into your network so you can be proactive in responding to threats -- even anticipating them -- with the ability to iso- late those threats and keep operating. It's like the quar- terback who heads to the bench and looks at pictures from the press box during the game. From the eld he can't see all the moving parts, but with that "eye in the sky" feedback, he's going to be much more effective as the game goes on. QWhat do you see as the best way to approach critical infrastructure protection? In large enterprises, sometimes just understanding the scope of the network is dif cult, and an understanding of the threat usually develops over time. Taking a more holistic view encompasses an understanding of the net- work, the threat, and the weaknesses of various security systems. It also enables administrators to layer defense and not depend on a single approach, which can build up much better security. We're nding success in this approach with our critical infrastructure protection for the utility industry. What are the advantages of that holistic view of the network? One example is adding visualization of the security situ- ation of the network, with the objective of isolating and containing attacks instead of trying to prevent them. Zero-day attacks by nature can't be stopped since their signatures have not been previously observed, so this isolation strategy can be very effective if it is added to typical signature blocking approaches. It enables you to quickly identify network trouble based on real- time monitoring of network traf c, helping you operate through the attack and avoid system-wide shutdowns of the services you provide. QWill customers need to replace their networking equipment and network management systems to accommodate this augmented security system? In general, no. Interoperability standards are emerging and we're able to design visualization systems to be in- teroperable and compatible with products and systems from other vendors. The new security overlay can feed the systems already in place. But customers should be ready to update their networks on an ongoing basis as we see what new technologies are needed to continu- ally improve the system. We need to at least outpace the bad guys. Q What are some emerging best practices in protecting critical infrastructure networks? First, understand the threat: What do you need to pro- tect and against what kind of attacks? Then develop a comprehensive security architecture that enables you to evaluate and deploy new security technologies as they become available. Design it so you can implement it in phases and keep it within your budget. Of course begin with the basics -- inventory your network assets, use strong access control, deploy rewalls and other boundary defenses, monitor and analyze audit logs, develop an incidence response capability -- all the stan- dard IT "security hygiene." But don't depend on one system or think that because you have these basics in place you are well protected. Today's threats require a more sophisticated, layered defense approach that protects in multiple ways. Again visualization adds net- work security situational awareness. And don't forget about insiders. Not all threats come from the outside. Authentication and network compartmentalization are important aspects to securing your network. A A A A A Q H Jerry Goodwin VP and General Manager ViaSat Secure Network Systems Sponsored Content F S , g www. . /