by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : July 30, 2014
SIMON CROSBY is co-founder and chief technology officer at Bromium. Commentary | SIMON CROSBY It is no exaggeration to say that every aspect of our online society and critical infrastructure is being actively probed for vulnerabilities. The Internet is already a key battle- ground in international conflicts, and agencies are under relentless attack. Yet while we typically hear about the costly consequences of data breaches, we seldom hear how an attack started. The recent Verizon Data Breach Investigations Report confirms the ugly truth: 71 percent of attacks start at endpoint devices because humans are easy to deceive. A single click can give an attacker a gateway to an agency’s network. Federal employees and contractors must assume their endpoints will remain under targeted assault. Organizations across government and industry reflexively respond to those attacks by layering a dizzying array of security measures on devic- es: data loss prevention, sandbox- ing, host-based intrusion preven- tion, whitelisting, and rootkit and bootkit detection, among others. As reasonable as layered security sounds, though, it is ultimately a game of diminishing returns. Each newly layered defense adds cost, negatively affects the user experi- ence and remains susceptible to the same Achilles’ heel: Stacks of layered security can be defeated by attacks that exploit vulnerabili- ties deep within device operating systems, such as Windows. Unfor- tunately, such critical vulnerabilities are being discovered at an alarming rate: More than 80 Windows kernel vulnerabilities were disclosed in 2013, up from 26 in 2012. In view of layered security’s shortcomings, we need to radi- cally overhaul the security of our endpoints. They must be inherently secure — by design. If we could achieve that, devices would shrug off persistent attacks even when targeted employees are enticed into clicking links and attachments. Fortunately, thanks to a new technique called micro-virtualiza- tion, that goal is within reach. Micro-virtualization takes advantage of unused virtualization features on PCs’ CPUs to invisibly hardware-isolate each task — such as each tab in a browser, each file being edited or each email and attachment. Once isolated in this manner, a task cannot be hijacked for attacking the operating system, stealing data or accessing agen- cies’ networks if malware arrives and “detonates” in the course of employees’ work. This isolation-based defense turns the security problem on its head. It eliminates false positives and the debate over detecting “new” versus common malware because micro-virtualization isolates any malicious activity, period. Clicking on a poisoned attachment is not a risk — a compromised task will simply be discarded when the user closes the application. Users can safely click on anything; even when they make a mistake, the system will defend itself. Agencies that adopt isolation can stop mandating new endpoint controls that hamper users and instead rely on PC hardware they have already bought and deployed. Additionally, data on what is trigger- ing micro-virtualized tasks to close and kill malicious processes can be reported to security teams for tun- ing perimeter and other defenses against attack activity they would have otherwise missed. Mobility and consumerization of IT are here to stay, which makes micro-virtualization a timely, com- pelling strategy. With micro-virtu- alization on their devices, agencies can confidently say yes to telecom- muting, Web applications and other demands while still protecting users from threats that target things such as legacy Java or unpatched devices. Endpoints automatically isolate and shrug off malware, users stay productive while security set- tings remain intact, and collabora- tion with interagency and industry partners can continue apace. ■ Isolate and conquer: Beyond layered security Micro-virtualization can throw cyberattackers into solitary confinement before they strike and keep even unwary users from letting them in Agencies can confidently say yes to telecommuting, Web applications and other demands while still protecting users. 12 July 30, 2014 FCW.COM
July 15, 2014
August 15, 2014