As government organizations continue to deal with an increasing number of cyber threats, one thing has become clear to those who protect our digital assets: there is no silver bullet.
It is important to acknowledge the need for more robust planning and to understand that simply throwing the latest "magic box" at the problem is not going to outsmart the sophisticated cyber criminals we face today. This is especially true as points of entry into our networks expand to a mobile workforce and a vast collection of new devices and sensors — what we refer to as the Internet of Things.
Like it or not our workforce will connect from any location, from any device, and to any application, which could be running anywhere, including in the cloud. While most organizations fear the security risks associated with mobile devices, the fact is that most malware attacks on networks occur through legitimate users visiting legitimate websites, regardless of what device they are on. According to the 2013 Cisco Annual Security Report, mobile malware makes up less than 0.5 percent of total web malware encounters.
This is a transitional time for IT as devices and data become more prolific and the many trends already underway, including mobility, virtualization, and cloud computing, continue to mature. While this brings new challenges for federal organizations, it also presents an opportunity to improve our approaches to cybersecurity, many of which will focus on the network.
Only the network has the ability to see every connection from every end user, regardless of where the user connects from — be it a teleworker in a home office or on the road, or an employee accessing applications while in the corporate office. With this detailed view the network can identify connected assets, provide visibility into their actions, and stop attackers before they steal critical information.
The network can provide:
- Identification and inventory of assets — In order to protect your enterprise you have to know what is connected to it at all times and in real time. The network can provide information on who and what is connecting to your network, the legitimacy of the connections, and what applications they are accessing. The establishment of enterprise policy is critical to control legitimate usage.
- Visibility — Using identity information and monitoring tools such as NetFlow, the network can provide real-time visibility into all activities. IT managers can thereby easily spot abnormal behavior, such as a legitimate user downloading sensitive data from a nontraditional location.
- Mitigation — The greatest challenge for IT staff is stopping malicious activities in a reasonable timeframe before much damage is done. Security tools that simply sit at the access point of the network have proven ineffective and easily thwarted. Since the network is the only asset that sees all traffic, it is the logical place to stop cyber criminals before they carry out their attack. Using approaches such as Software Defined Networking (SDN), the network can isolate attacks quickly and mitigate risk.
The cybersecurity industry has provided valuable tools to defend against attacks for years, but they have been limited in their effectiveness largely due to their inability to quickly scale to meet today's threats. As IT trends such as mobility and cloud computing blur the lines of technology, the network remains the only platform that provides real-time cyber situational awareness and protection mechanisms. We must treat the network as a single "security sensor" and use the valuable information it provides to stay one step ahead of cyberattacks.
Kevin Manwiller manages the security and mobility architecture team for Cisco's federal customers.