by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : August 2014
38 how valuable individual assets are to the enterprise. "If there's malicious activity on an end-user device, for example, organizations can keep it from reaching the servers," Manor says. Segmentation also enables enterprises to create security vaults. ese high-security compartments wall off data and IT systems with extra layers of protection, often by restricting access to only a select group of staff members and by routinely encrypting all information stored in these vaults. "Highly sensitive information shouldn't reside in systems throughout the network," Mitchell says. "It's safer to put it in one secure location and then provide placeholders for any process that needs the data. "IT managers don't have to worry about securing the information in multiple databases," Mitchell notes. He adds that organizations can apply the strategy to any data types, including files containing intellectual property or personal records. Similarly, some vendors offer sandboxing solutions, via cloud services or on-premises appliances, that isolate email attachments and other high- risk files so IT managers can look for zero-day malware and other threats. Web security gateways use real- time analytics to monitor the web destinations of users. Sandboxing is part of Websense's solution. "When someone downloads a file, the solution will push it into a cloud-based sandbox environment, where we'll determine the safety or maliciousness of the particular file," Debrosse says. e technology can also issue safety ratings of web destinations using reputation analysis, such as whether hackers previously compromised the source of the download. " ere are approximately 30 different weights and measures that we apply to analyze websites. If we haven't encountered a site previously, real-time classifiers look at its content, break the site down into constituent parts and analyze it for its threat level." Step 4: Implement continuous monitoring. IDS, DLP, secure web gateways and other traffic monitoring technologies generate a constant stream of reports, which can challenge security managers to spot signs of nefarious activities within a constant flood of data. Security information and event management (SIEM) technologies aggregate information from event logs, create summaries and automatically generate alerts when anomalies arise. Summaries and alerts from throughout the security infrastructure appear within a management console so administrators maintain situational awareness from a central location. SIEM systems also offer the added advantage of making the data accessible for reporting and auditing activities important for regulatory compliance. SIEM applications can aggregate activity data from DLP systems, NAV applications and event logs into one central console for easier viewing. Step 5: Protect endpoints. In addition to data encryption, which protects sensitive information stored on notebooks, smartphones into and out of the network to see if files are embedded with malware. Some sophisticated security appliances, such as Trend Micro's Deep Discovery, provide multiple safeguards in a single box. For example, Deep Discovery can help thwart APTs with a component that inspects network traffic and applies advanced threat detection and real-time analysis and reporting to the information. Deep Discovery Advisor technology analyzes data sent to a protected "sandbox" and also offers visibility to networkwide security events. In its 2014 Security Value Map for Breach Detection Systems, NSS Labs ranked Deep Discovery highest among the products it tested, thanks in part to the product's top score for breach detection and its relatively low total cost of ownership. Data loss prevention (DLP) solutions can flag files that are going to systems that aren't part of normal operations, such as when a server attempts to send staff Social Security numbers outside of the organization. DLP systems also help security administrators classify information according to its sensitivity so they can apply appropriate management policies to the information, such as encrypting or restricting access to it. DLP's value extends beyond protecting against hackers. "Sensitive information may leave the organization even when people are not acting maliciously," says Jeff Debrosse, director of security research at Websense, a vendor of security solutions. " ey may upload a work document to a file- sharing site so they can access it from the road while they're making sales calls, for example. While their intentions are good, they may be violating internal security policies and putting their organization at tremendous risk by exposing sensitive information." Step 3: Isolate critical assets. e analyses in Step 1 can also help organizations create network segments that separate resources based on FEATURE | SECURITY "HIGHLY SENSITIVE INFORMATION SHOULDN'T RESIDE IN SYSTEMS THROUGHOUT THE NETWORK. IT'S SAFER TO PUT IT IN ONE SECURE LOCATION AND THEN PROVIDE PLACEHOLDERS FOR ANY PROCESS THAT NEEDS THE DATA." ---Matt Mitchell, Director of Risk Advisory Services for Knowledge Consulting Group