Close this Advertisement

What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

EmbedEmbed

Cybersecurity defenses need to evolve, experts say

High-profile breaches prove traditional IT network defenses not enough

Now that the scope of malicious cyberattacks has been proven, the traditional model of defending against them needs to evolve, according to two security experts who spoke at the FOSE conference in Washington July 20.

A rash of recent high-profile breaches confirm that conventional defenses against cyber threats aren't working — including breaches that have cost Citigroup upwards of $2.7 million, RSA an estimated $100 million and untold money from the numerous attacks on Sony, Jimmy Sorrells, senior vice president, INTEGRITY Global Security, told the conference.

“It’s going to be painful, but we’ve got to change the mindset of security…from the traditional model of perimeter defense to a modern, contemporary security," Sorrells said. "We have to move to a new philosophy of security.”

Sorrells said a big part of the problem is IT systems that were built too fast to meet demands, but without proper security considerations.

“People didn’t think about, ‘This is going to be the backbone of my business for the next 50 to 60 years,' " he said.

Today’s security requirements go beyond perimeter defenses such as firewalls and virtual private networks, what Paul Williams, executive director of security services at White Badger Security, called a “castle-like mentality.”

Williams said Stuxnet's penetrations were enabled by a number of mistakes, including ineffective anti-virus software, no zero-day exploit protection, unblocked peer-to-peer machine connections and undetected malware covert communications and critical application changes.

According to Sorrells, the recipe for security is built on five key tenets:

  • Making a comprehensive inventory of assets that includes all data.
  • Categorizing assets based on confidentiality, integrity and availability.
  • Compartmentalizing and segmenting infrastructure.
  • Mapping assets into compartments, such a zones or enclaves.
  • Using common criteria as a scorecard for critical IT components.

Even with critical IT network defense components in place, nothing works better than the human eye, Williams said.

“There’s no product on the market that can match manual analysis,” he said.

About the Author

Amber Corrin is a staff writer covering defense and national security for Federal Computer Week. Follow her on Twitter: @AmberInsideDOD.

Related Articles

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Related Webcasts

Related White Papers

Related Podcasts

Related Resources

Editorial Webcasts

  • Desktop Virtualization: Better Management with Smaller Budgets Register Now

    This webcast will explore the benefits of desktop virtualization, and how the innovative technology can help agencies lower the cost of their IT infrastructure, improve end-user performance, while enabling a mobile workforce. A government expert will share real-life case studies of leveraging desktop virtualization solutions to enable secure telework policies, organization-wide IT infrastructure standards and extend the life of current hardware assets - Register Now!! Read more

More Editorial Webcasts

Federal Computer Week eNewsletters

  • Subscribe to Newsletters Subscribe

    Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.