by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : November and December 2016
than half have a formal program in place to address the issue.4 SECURITY BEFORE, DURING AND AFTER As the threat landscape changes, traditional security tools such as firewalls and intrusion detection systems are no longer enough. While these tools are a critical component of a comprehensive security strategy, they only address part of the issue. While implementing these controls to deter attacks before and during events is important, they can’t catch everything. This is why it’s so important to continuously monitor internal networks, searching for unusual behaviors and unknown threats. The best way to do that is to focus on both bad behaviors and behavioral anomalies. This can be accomplished by collecting network traffic metadata such as Cisco NetFlow and analyzing it with Cisco Stealthwatch. By capturing data for every network transaction directly from infrastructure devices such as routers, switches, and firewalls, NetFlow and Stealthwatch transform the network into a powerful security sensor that can immediately flag suspicious activity. Stealthwatch uses this telemetry to establish a baseline of normal behavior for devices, users, and the network as a whole, which it then uses to alert on anomalous activity that can signify malicious activity. For example, if the system identifies a phoned communication from within the network to an abnormal site in Ukraine, the system would send an alarm to alert administrators to investigate further. Cisco’s Stealthwatch turns every part of the network into a sensor— routers, switches, wireless devices, virtual networks, and more—and uses this data to detect traffic and behaviors that could signify an insider threat. For example, it can help agencies identify if a non-classified network interacts with a secure network, providing the information managers need to investigate the specifics of the interaction and determine if there has been any misconduct or attack. CONTINUOUS CHANGE As more devices become network- capable and technology and threats continue to evolve, the cyberthreat landscape will remain volatile. Keeping up with these dynamic threats and techniques requires attacking the problem during all three phases: before, during, and after an attack. All types of tools should have robust security analytics, which improve the quality of detection. Because each type of tool addresses a different set of issues, there is no one product or solution that can manage all three phases. Therefore, it’s critical to ensure all types of security tools—from firewalls and IDS to breach detection and forensics solutions—work well together. This is where Cisco’s philosophy of creating simple, open, and automated security solutions can help. For example, Cisco Identity Services Engine (ISE), our access control technology, integrates seamlessly with Stealthwatch. Together these tools can identify people on the network, what they are doing on the network, and quarantine them from the network if needed. Most importantly, treat threat prevention and mitigation as an ongoing process. “Don’t think about it as a destination, but a journey,” says Joseph Muniz, a Technical Solutions Architect at Cisco. “You’re never fully secure because there will be new technologies and new threats all the time. It’s about putting a system in place you can rely on to keep on top of existing and new threats.” For more information please visit: http://www.cisco.com/c/en/us/products/ security/index.html 4 MeriTalk, Inside Job: The Federal Insider Threat Report, September 2015 5 Ponemon Institute, Closing Security Gaps to Protect Corporate Data, August 2016 6 Ernst & Young, Shifting into High Gear: Mitigating Risks and Demonstrating Returns, 2016 Three Types of Insider Threats While every insider threat poses a danger to organizations, they aren’t all malicious. The most common type, in fact, is simple negligence. Employees who neglect to scan their laptops when entering the building or use simple passwords that are easy to hack are often a common attack vector. Insider negligence is more than twice as likely to cause problems as other factors, such as external hackers or malicious employees.5 The best way to avoid these issues is by automating security processes, such as enforcing complex passwords. The second type of insider threat is caused by employees whose credentials or computer has been compromised by external hackers. The best way to address this type of threat is breach detection technology that searches for anomalies and unusual behavior. The last type of insider threat is the malicious insider—employees who may be angry at the organization or want to gain financially. Malicious insider threats are one of the fastest growing types of threats.6 Threat detection technology is critical to monitor these insider threats. SPECIAL REPORT CYBERSECURITY: INSIDER THREATS Sponsored Content
January and February 2017