ONLINE BONUS: Threats, Solutions on the Rise

IT Security Buyer's Guide
ONLINE BONUS: Threats, Solutions on the Rise

By Teri Robinson

Security threats may be on the rise but so is the number of security products from which federal agencies have to choose. It seems that products, services and applications change and emerge almost daily to address particular types of threats to government security.

Fending Off Cyberattacks
According to statements in a McAfee white paper by Lee Fisher, McAfee Security Strategist, “We have entered a new phase of malicious activity.” As a result “proactive protection is becoming imperative-it is the only way to offer users absolute confidence.”

The white paper notes that just a couple of years ago, “McAfee researchers were seeing roughly 300 potentially malicious threats emerging each month, but today the figure has rocketed to 2,000, largely due to the growing number of bots.” What’s more, attacks are becoming more sophisticated and “designed to specifically slip under the radar of government cyber defenses,” McAfee has said. “Attacks have progressed from initial curiosity probes to well-funded and well-organized operations for political, military, economic and technical espionage.” Cyberattackers have tapped bots, Trojans and zombies to do their dirty work. And spyware as well denial of service attacks have proliferated.

Recent high profile attacks on the Defense Department’s email system and Google point to extremely organized efforts, not just by individuals or criminal organizations, but by governments. According to the Wall Street Journal, in response to the rise in cyber attacks, the U.S. National Security Agency is at work on a system designed to detect cyber-assaults on the electrical grid, nuclear power plants and other infrastructure.

As the nature and sophistication of attacks changes, so do the solutions and strategies that government is adopting. Trusted standard fare like firewalls are no longer the centerpiece for protection against cyber-attacks. Instead, government is investing in things like continuous monitoring solutions that keep an “eye” on the network 24/7. Microsoft, Ncircle, netForensics and others have taken the lead here. In addition, companies like RSA and LogLogic are applying analytics to audit logs.

Keeping Up with Social Networking
Social networking sites are quickly becoming an important tool for government agencies. But use of Facebook, Twitter, YouTube and other social networking media open agencies to greater threats. Some agencies have turned to surveillance software like SpectorSoft or NetVizor, which are housed on the desktop. A variety of products have surfaced to help agencies and the enterprise incorporate social media but mitigate their vulnerability. Socialware, Facetime and Teneros offer SaaS middleware to monitor social media use. And companies like RightNow, Alterian, Scoutlabs, and The Internet Archive are also geared toward monitoring social media activity.

Conitinuous Monitoring
As FISMA reform becomes a reality and agencies are expected to report compliance online, continuous monitoring will become a must-have for government groups.

NIST has clearly stated the need for continuous monitoring, noting that “a continuous monitoring program allows an organization to maintain the security authorization of an information system over time in a highly dynamic environment of operation with changing threats, technologies and missions/business processes. Continuous monitoring of security controls using automated support tools facilitates near real-time risk management and promotes organizational situational awareness with regard to the security state of the information system.”

A variety of solutions are evolving to meet this demand. For instance Splunk offers solutions that can monitor data-streams in real-time and search terabytes of historical data to continuously monitor data coming in ASCII text from any data source. Splunk can monitor changes to files that identify system ‘configuration drift’ by comparing against a baseline.

The ArcSight ESM Compliance Insight Package for FISMA delivers a comprehensive, continuous monitoring and review solution and proactively identifies and manages incidents.

The RedSeal Network Advisor gathers configurations from network control devices such as firewalls, routers and load balancers and identifies security vulnerabilities in devices.

Safeguarding the Source: Database Security
An Oracle white paper recently quoted Rich Mogull, founder of the Securosis research and analysis firm, as saying, “We need to acknowledge that threats have changed, from noisy to quiet, from the edge of the organization to the center. We also need to understand that attackers’ motivations have changed – web site defacement isn’t the goal; fraud and data theft are.”

Traditionally, government agencies and the enterprise have trained their security efforts on the perimeter of the network, using firewalls, VPNs, and antivirus and antispam software to deflect intruders. But these efforts are just the first steps toward security now that threats are growing in intensity, frequency and sophistication.

In a Forrester Research report, principal analyst Noel Yuhanna, explains that “despite significant effort to protect enterprise databases, attack rates continue to rise.” Today’s attacks “are more sophisticated than ever, and many occur without enterprises being aware that an attack is taking place, especially in the case of internal attacks, which are the hardest to detect.” Vendors like Oracle offer advanced security measures that offer additional protection by providing encryption and masking, access and authorization controls and auditing and monitoring functions.

What’s more, some vendors are teaming up to provide more comprehensive database security. For instance, Praetorian Secure, LLC, recently joined forces with Application Security, Inc. to provide AppSec’s database security offerings, which monitor and secure databases in realtime, to government and commercial sectors.