Maintaining the integrity of critical network assets

12 05 2010

This is a little different than a marketing blog but it has to do with keeping business assets protected. And that certainly fits into the business of doing business.

Did you know that more than 25 million new strains of malware were uncovered in 2009? And that the US Senate Security Operations Center reported nearly 14 million cyber attacks per DAY!!! These are staggering figures. According to the Department of Homeland Security, cyber attacks roles three fold from October 2005 through October 2007 and the belief is that the attacks are increasing at an exponential rate. These alarming statistics have awakened the government and the President has made cyber security a top priority with the initiation of the Comprehensive National Cyber Security Initiative and the appointment of Howard Schmidt as the government’s cyber czar.

I was reading some comments that George Kurtz, EVP of McAfee, made at a recent FAA conference on Cyber Security and it made me think. He said that we need to find a way to solve an attack (on a network) in 15 minutes vs. the 24-72 hours we now take. For the home user, using McAfee with its signature-based approach is fine, and I probably can wait for a short time to have a new virus or Trojan signature uploaded to my computer. (Full disclosure: I use McAfee on three of my PCs). However in a critical network – be it FAA, a carrier network, a government agency, a SCADA network, or a health care network- where the asset value is high or the compromise of data would result in economic loss or even physical disaster, we don’t have the luxury of time. At line speeds now approaching the multi-gigabit level, 15 minutes means that an inordinately large amount of traffic/data has worked its way onto a target network. It’s not that signature based approaches are bad at all; they serve a purpose. Yet, they don’t go far enough for a critical network.

The key to protecting these critical networks is based on a dynamic understanding of what is happening. By definition, once a signature is developed, it is old- still useful for some but not all users. To maintain the integrity and availability, companies, carriers, and government entities must have situational awareness and know what is happening at all times. This requires a mosaic of different protection devices such as the normal firewalls, IDS/IPS systems, and forensic analyses. Yet, these systems and appliances must be complemented by a new class of products called network intelligence analytics which provide a dynamic three dimension view of data correlated with other data and correlated in both space and time. Only through this three dimensional view and the visualization of what is transpiring in the network will protection against cyber attacks be minimized. This nascent part of cyber protection is led by companies such as Narus whose traffic intelligence platform called NarusInsight provides the dynamic analytics that the network and security officers need to see what is happening across layers 2 through 7 in their networks. By processing the data in real time and applying real time analytics vs. mere forensics, the network and security officers can act swiftly to mitigate attacks.

Still, attacks will occur and the industry needs a call to action to aggressively respond to these attacks. The industry nees to band together in a collaborative fashion to thwart these attacks- or at least slow them down. At a recent RSA conference on security, several experts, including Greg Oslan, CEO of Narus, suggested a joint collaboration between government and private entities. That is thankfully coming about. Yet even within companies and across companies, network managers and security officers must share information, work across silos ( security and network operations are not necessarily engaged together nor share common platforms), and work across all areas of business. By doing so, we can view the problems and therefore the solutions through a multi-faceted approach. Coupled with a mosaic of complementary and new technical solutions, the industry will have the best opportunity to maintain the integrity of critical network assets vital to our economy and national defense.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: