Page 18 - FCW, August 2017
P. 18
CYBERSECURITY
FIGHT BACK MORE EFFECTIVELY
The best defense against cyber threats is a comprehensive defense-in-depth strategy.
SPONSORED CONTENT
TOM RUFF
VICE PRESIDENT
OF PUBLIC SECTOR, AKAMAI
WITH MORE AGENCIES relying on the cloud, enterprise mobility, and other game-changing technologies, the federal government is making true headway in improving produc-
tivity and citizen services. While embracing these future-proofing technologies is the right move, they come with increased security risks. They can pro- vide hackers ways to access government networks and risk exposing malware. The more network entry points, the greater potential for vulnerability.
Government agencies will continue to rely
on the cloud and mobile. What needs to change
is the way agencies address application security and delivery. The most effective strategy is to
fight back as far from the data center as possible; using agile, visible, highly available, and adaptable technologies to defend against DDoS attacks, SQL injections, cross-site scripting, and other security threats. This is the cornerstone of an effective defense-in-depth strategy, through which agencies set security policy at the edge of the network versus solely in the data center.
With this approach, agencies will be ready to defend the influx of Internet-connected sensors, which will soon be embedded in most devices, modes of transport, electrical fixtures, and other things agencies use every day. Consider last
year’s Mirai attack, which infected hundreds of thousands of Internet-connected devices such as video cameras, printers, and home routers. Without a comprehensive, nimble, defense-in-depth strategy to monitor, manage, and mitigate threats at the edge—such as Internet of Things devices—the next cyberattack is just around the corner.
Fully defending the network doesn’t start with buying new technology, but requires taking a full inventory of compute, network, and application layer assets. This involves locating the most vulnerable and critical applications. It also means truly understanding which parts of the network and applications end users can access—a process called network segmentation. Only then can you create
an effective vulnerability management program. Technologies that limit certain user access to specific applications are critical for enterprise security.
The next step is developing a comprehensive, consolidated approach to web application security. This requires:
Ensuringapplicationshavebuilt-insecurity. More software development today is done
with security in mind up front, instead of as an afterthought.
Conductingvulnerabilityandpenetration testing. Many agencies—including the DoD, DHS, and GSA—are taking this route. They are hiring third-party ethical hackers to try to hack their systems in a controlled environment to better understand vulnerabilities.
Improvingresiliency.Everyminuteawebsite is down is bad for mission-critical applications. This means using technologies that can scale and provide 100 percent availability.
Ensuringvisibility.Usetechnologiestomon- itor who is accessing applications, which applica- tions are being hit, and the network conditions.
Applyingapplicationfirewalls.An application firewall detects and blocks attacks at the application layer—the most important layer, because that’s where attacks will occur.
Comprehensive security at every layer is the
best defense against cyberattacks. Information- sharing is another way to improve security without any technology. After all, an attack on one agency is relevant to other agencies, so it’s critical for agencies to share information in near real-time with other agencies and law enforcement. It’s also important to share information between private industry and the federal government. For example, we monitor attacks worldwide before a government site will see them, because cybersecurity is what we do every day. Changing the culture of collaboration can go a long way towards fighting back.
Tom Ruff is vice president of public sector at Akamai.
S-12