New Jersey invests in security

New Jersey Information Technology

Officials in New Jersey's technology office are better prepared to respond to cyberattacks after deploying an advanced enterprise security appliance that detects and mitigates threats across the statewide network.

They are using a product called PN-MARS 200 developed by Protego Networks. The appliance receives raw network and security data from various devices, such as network switches, routers, vulnerability analysis tools, intrusion-detection systems, servers and firewalls. With that information, PN-MARS, which stands for Mitigation and Response System, provides a topology or virtual map of the state's network. The appliance, which does not affect network performance because it does not operate as a device on the network, can correlate and consolidate thousands of network and security events per second. Those events can be viewed on a centralized, Web-based console.

Officials at "state agencies, like other corporations, face similar [information technology security challenges: how to optimize operations, prevent threats, respond to incidents and demonstrate due care compliance standards with a limited budget and resources," said Scott Gordon, Protego's vice president of marketing. "PN-MARS cost-effectively addresses these challenges in a scalable, high-performance threat management appliance that is easy to purchase, deploy, use and maintain."

Jim Hammond, a network engineer at New Jersey's Office of IT (OIT), said a single PN-MARS appliance, which has been in use for a year, has adapted to about 11,000 state networks. His group is responsible for the state's wide-area network and acts as an Internet service provider for about 60,000 users.

The Protego appliance helps his 11-member staff effectively use their time and resources, he said. Some use the appliance as a network management tool that can show traffic patterns, chokepoints and other problems. It also helps them better respond to threats and false positives, or alarms.

For example, Hammond said intrusion-detection system sensors generate many alarms. Turning off the sensor's parameters would reduce these alarms, but that defeats the purpose of using such sensors. By learning a network's underlying structure, the PN-MARS appliance uses that baseline knowledge to determine whether something is a false alarm.

"In the Protego box, we can say, 'Confirmed false positive,' and it's very granular," Hammond said. "You can say, 'From this server on this port to that server on that port.' So it builds those rules for you if you go through their script to confirm it's a false positive."

PN-MARS' strength is acting as a bridge between network and security operations, enabling officials to more efficiently identify, investigate and respond to valid incidents. Color-coded alerts that correspond to high-, medium- or low-level attacks are displayed on a summary screen, which provides a look at the network's health, he said. PN-MARS visually shows the attack path in real time and lets administrators view details about the attack to perform post-event forensic analysis. The system can automatically mitigate the breaches and generate options that can be manually applied, which is how OIT officials address threats.

Hammond described it as a "network diagram of where all the incidents are showing up at that time. We have a lot of people out there, and we have a lot of false positives, and we have a lot of shapes, but they definitely change if there's a new virus coming out or a new worm. We'll actually see changes in the traffic patterns there."

Anna Thomas, OIT's chief for strategic development and digital communications, said cybersecurty has been a top concern for New Jersey's chief information officer, Steve Dawson, for the past two-and-a-half years and for many other state government officials to some degree, despite dwindling resources and staff.

Officials said a return on investment from the product includes operational productivity improvement and lowered mitigation costs from responding to incidents earlier. Thomas said there are also less capital expenditures and maintenance when considering alternative solutions.

Hybrid appliances

Phebe Waterfield, an analyst at the Yankee Group, said Protego is among the first vendors to produce hybrid appliances, which she calls network security solutions. Most security event management (SEM) vendors designed systems around events, not devices.

It's easier for IT administrators to justify expenses related to managing devices, she said. Protego also utilizes an organization's existing infrastructure, which resonates with IT managers who need to justify every penny spent on security, she added.

Although Protego, which was founded about two years ago, is still new, it's likely to drive the market in a new direction based on the correlation, visualization and mitigation features of its products, Waterfield said.

SEM vendors "have already started adding some features, but it wasn't their kind of focus, originally. If you ask them about it a lot of them would say, 'Our customers don't want us to take action; they don't trust us to take action.' So yes, it's going to make the SEM [market] more competitive," Waterfield said.

Covering a wide area

Officials in the New Jersey Office of Information Technology are using the Protego PN-MARS 200 appliance to monitor and mitigate security threats. The office acts as the state's Internet service provider for the wide-area network, which:

* Supports 15 departments and more than 40 agencies.

* Has more than 60,000 users.

* Is composed of about 3,500 Cisco Systems switches and routers.

* Is spread across more than 1,500 sites.

* Handles more than 2.5 billion transactions yearly.

Source: New Jersey Office of Information Technology

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group