by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : May 2014
enabling real defense in depth with tools that talk to each other. A new generation of tools is emerging, leveraging data to provide greater visibility, analysis and faster response for enterprises. These new tools work with point secu- rity, not in place of it. "They are as good as the point products sending data to them," Sann said. HOW VENDORS ARE REACTING ForeScout s solution for data sharing within the enterprise is ControlFabric, a set of technologies that lets the company s CounterACT endpoint control tool inter- act with other IT security products on the network. It not only allows manage- ment and enforcement of security policy on endpoint devices on the network, but helps enable continuous monitoring and mitigation through products already in place. The CounterACT platform provides vis- ibility into the configuration and security status of computers on the network, including whether patching and anti- malware are up to date and what applications are running --- and can detect malicious or risky activity. It can also respond to policy violations with alerts, restricting access or re- mediating the computer. The obvious limitation of this type of functionality is that it is operates only within the network. With increasing numbers of users connecting to enterprise resources remotely through desktops, lap- tops or mobile devices outside the agency network, it is becoming im- portant to have device visibility out- side the perimeter as well as inside it and to extend the reach of enter- prise management tools. ForeScout plans to address this need with the release later in 2014 of RemoteControl, a free download- able software option for Counter- ACT. Placed outside the network in a DMZ, it can monitor and update remote endpoints when not con- nected to the agency network. To do so, the SecureConnector light- weight client opens a secure link to remote devices to enable monitoring and management without opening connec- tions through a firewall. Because of the increased use of person- al devices in the workplace, RemoteCon- trol integrates with other mobile device management solutions that provide com- partmentalization for non-government devices, supporting the segregation of personal and business spaces. OTHER ENDPOINT APPROACHES Cylance takes a different approach to end- point security, identifying malicious code on devices by using mathematical mod- eling. The company s product, Cylance- PROTECT, compares the mathematical characteristics of software being exam- ined against a large known population of code to make a judgment about whether or not it is malicious and lets user policy control whether it executes. The technique is fundamentally dif- ferent from signature or behavior-based detection, said Cylance CTO Glenn Chisholm. Signatures require a known sample of malware to protect against it, and behav- ioral tools require some execution to work. But "there is a great deal that can be seen in an object before it executes," Chisholm said. CylancePROTECT is an agent running on the endpoint that uses proprietary algo- rithms to model software being examined. Machine learning lets it respond quickly to allow or block execution based on the user s policy. "We know there is substantial variation in what is good and what is bad," Chisholm said. But even new threats don t have en- tirely new characteristics. "We don t make assumptions; we are looking at the entire binary population and making a decision." Although the technique should make it possible to block zero-day attacks, it is not perfect in its judgment, Chisholm said. "Nothing is ever going to be 100 percent." The tool scores the likelihood that a piece of software is malicious and leaves the decision on whether to block it up to the user. "It allows an organization to manage its own risk posture. You can be very conservative or you can be very liberal." CylancePROTECT is not a replace- ment for existing products, but a complement to them. Cylance pro- vides APIs for other security tools to let them work with CylancePROTECT to manage execution of software on the endpoint. "We don t say this is the holy grail," Chisholm said. "This provides anoth- er layer of defense at machine speed. You are still going to have to have other security controls," such as ac- cess controls, data management and privacy controls. "All of these things are absolutely critical." AUTOMATED INCIDENT RESPONSE The first layer of network defense traditionally has been concerned with detecting and blocking mal- ware, attacks or other malicious activity. But most security profes- SECURITY 22 GCN MAY 2014 • GCN.COM In a 2013 report to the president, the National Security Telecommunications Advisory Committee recommended modernizing network security not by migrating away from current point security tools, but with a process of upgrades and additions, including: 1. Implement security technologies and techniques providing for network defense-in-depth, protecting network users, devices, data and applications wherever they are located. 2. Upgrade legacy network security technology with next-generation tools and processes. 3. Use automated data analytics that take advantage of the next-generation tools to achieve real-time contextual cybersecurity. Setting the strategy