Security

Governments Aim to Secure Network Traffic

IT managers take a layered approach to guard against malware and malicious attacks.

Google+ Twitter

Steve Zurier is a freelance technology writer based in Columbia, Md.

So much of the promise of new security products centers around keeping up with the latest threats so organizations know what they’re up against. Part of the problem over the past couple of years was that traditional security products could only defend against known malware threats.

That’s all changing with products such as the Malware Protection System from FireEye.

Freud Alexandre, enterprise architect and security manager for the city of New Orleans, says that FireEye’s MPS lets them identify advanced persistent threats and remediate them before they can do damage to the network.

“FireEye offered us the most complete end-to-end solution,” Alexandre says. “When we first started with them more than two years ago, the malware in our web traffic ran at close to 40 percent. Today, we are down to less than one percent.”

70%

The percentage of attacks where there’s a secondary victim when the motive for the attack is known

SOURCE: Verizon, “2015 Data Breach Investigations Report,” April 2015

The FireEye MPS monitors the city’s web traffic 24/7, places the malware or advanced persistent threats into a sandbox and deletes them from the network. Alexandre says the dashboard tools offer excellent visibility into network traffic, which lets him provide officials with detailed reports on security threats and offer solutions for mitigating them. “With 5,000 internal customers, many of whom are working remotely today, we just thought we needed some added protection to our web traffic,” he says.

New Orleans takes a layered approach to security. In addition to the FireEye MPS for web traffic, the city deployed a full complement of firewalls, intrusion detection/prevention systems and anti-virus software.

State Organizations Fight Imminent Threats

Utah’s Department of Technology Services supports 23 agencies in the executive branch of government. Philip Bates, chief information security officer, says the agency uses a mix of tools to protect the network from cybercriminals and hacktivists.

The agency runs Symantec anti-virus software and firewalls, as well as intrusion detection equipment from Palo Alto Networks. It also feeds logs from the different network and security products into Splunk, which delivers analysis of potential threats the network faces.

“We learned that on an average day, there are about 100 million attempts on our network,” Bates says. “What makes it more dangerous today is that the attackers may not be just attacking our network, but using us as a launching pad to attack other states as well.”

Bates says the agency also works closely with the state’s Fusion Center, which coordinates cybersecurity and other law enforcement activities with the FBI and Department of Homeland Security.

How to Combat Advanced Persistent Threats

Frank Dickson of Frost & Sullivan shares some findings from his recent report about advanced persistent threats:

• APTs require security pros to take a behavioral approach to detecting malware. Instead of detecting malware based on known signatures, behavioral malware detection watches what the malware does across the network.

• A network security sandbox provides an analysis environment (which is often virtualized) in which a suspicious program is executed and then observed, noted and analyzed in an automated manner.

• Sandboxes are more effective because they go beyond the mere appearance of the malware and observe what the malware does. Therefore, results from sandboxing are more conclusive in determining if executables are malicious.

maxkabakov/Thinkstock