by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January 2014
Federal budgets are tight and money is not likely to get any looser in the foreseeable future, so making sure you get value from a cybersecurity investment is critical, said U.S. Postal Service corporate information security of cer Chuck McGann. The Postal Service now is using the RedSeal network monitoring platform, originally intended to evaluate rewall rules, to improve situational awareness and operational security across its extended enterprise. "I want my money's worth," said McGann, a self- described frugal Yankee. Getting that requires a vendor willing to stand behind products and ensure that customers get the expertise needed to make a product work. "You have to hold the vendor accountable to making you successful quickly," he said. "If you don't make the vendor commit to value by the end of week one, you're selling yourself short." When the USPS was in the market for a network monitoring and analysis tool, it considered licensing software from RedSeal networks. But McGann was cautious about spending money for a platform that he was unfamiliar with. He went to RedSeal with his concerns that there could be a long break-in period before results were seen. Their solution was to offer it as a service rather than a product. "Either it works, or you don't pay," he said. It worked and McGann is happy with the investment and with RedSeal's willingness to stand behind its product. It is not just the quality of the product that matters in a successful implementation, but the customer's ability to use it properly. Experienced personnel are in short supply in many shops, and agencies might not have the in-house expertise to get the most out of their tools. Again, look to the vendor, McGann advised. "If you don't have the expertise to make it a success in the rst week, buy the knowledge," he said. "Make the vendor bring it to the table." Success in the rst week with a new security tool might sound like a tall order, but McGann goes even further. "On day two I expect results," he said. That might be a high bar, but it is not an unreasonable one, he said. "If you don't set the bar high, no one will reach it." --William Jackson Getting your money's worth out of IT security tools GCN JANUARY 2014 • GCN.COM 27 cially possible. I always thought that FISMA was a viable mea- suring stick for security." A recent gap analysis found that "we are not far off" from meeting FISMA demands. As a major retailer that accepts credit cards, the Postal Ser- vice is bound by the Sarbanes-Oxley Act for accounting in pub- lic companies and PCI security requirements. These were the drivers for implementing RedSeal in 2012. The initial plan was to get a software license for the platform, but McGann said he was leery about committing to a deal that could require a long ramp-up time before returning value. "I've seen way too much of that in this environment," he said. The solution was to get it as a service from the vendor with the guarantee that USPS would pay only if it performed. One of the first payoffs was the discovery of about 80,000 firewall rules that could be eliminated. "It helped us clean up the envi- ronment," McGann said. HOW IT WORKS RedSeal works by first gathering configuration files from all network layer devices on the network. This can be pulled from the network itself or imported manually to a server that is not running on the network. This data is used to model the net- work and build a map that not only shows the devices, but how devices can connect with each other. "That's the foundation of complete end-to-end visibility," said Baker. Vulnerability data then is imported from scanners already running on the network. This data is analyzed and displayed graphically, showing the potential impact of vulnerabilities de- pending in part on the connectivity of the devices where they are found. McGann said significant exposures have been found on apparently insignificant devices in the USPS network that, if ignored, could have opened a path to thousands of servers. It also has been incorporated into incident response by letting analysts see the connectivity of devices that might be compro- mised. This can tell where to look for malicious traffic, and what other devices to check for possible infections. "This tool gives us a lot more visibility into what is happen- ing on the network," he said. "It started giving us a knowledge base that we previously hadn't had." Mapping and analysis is done daily, although the entire net- work is not scanned every day. "We parsed it out into multiple subnets," he said. "Over the course of 30 days we have mapped the entire environment at least once." Is that often enough? "For right now, once a month is good," McGann said. "But my goal would be once a week." For the time being, that goal remains a desire with no firm deadline. But as the network is cleaned up over time, mapping and analy- sis can go more quickly and the goal might be achievable. •