Learning Center
Plans & pricing Sign in
Sign Out

Rethinking infrastructure protection


While this familiar methodology has served acceptably for many years, it is unfortunately not well suited to the needs of critical infrastructure protection. Firewalls often cannot be placed around assets, simply because no reasonable perimeter can be identified. Passwords are often ineffective in infrastructure settings where compromised insiders might be the primary risk.

More Info
									                                                                                          From the CSO’s desk

Rethinking infrastructure protection
Edward Amoroso
SVP/CSO, AT&T                                 cerns
                                   to-day concerns of protecting                                           tected by o one type of

       he approach that most                   rastructure
                                   massive infrastructure for                                              method.
       security experts follow                ational
                                   essential national services.                                                The use of human discre-
       centers on three basic         To begin with, deception                                                      mai
                                                                                                           tion in maintaining secrecy
approaches: building security                 tentionally
                                   involves intentionally tricking                                         around sec security operations
walls around critical assets,      adversaries using bogus traps.                                          is applied i government
strengthening credentials                     ding
                                      Since hiding critical                                                settings, bu not so much in
used to access critical assets,               nd
                                   assets behind a massive                                                 corporate e   environments.
and placing surveillance           corporate perimeter no                                                       Similar to log file capture,
around these assets. Most of                   ks,
                                   longer works, separation                                                   intelligen collection of the
you would recognize these                     olating
                                   involves isolating the                                                      right typ of data from
three approaches as firewalls,                 al
                                   most critical assets in a                                                    infrastr
                                                                                                                infrastructure systems
passwords and log files.            protected enclave that                                                       must be addressed.
   While this familiar method-                d
                                   is separated from less                                                         The a ability to correlate
ology has served acceptably        important resources.                                                    disparate d into action-
for many years, it is unfortu-                y
                                      Diversity ensures a mix                                              able intellig
                                                                                                                 intelligence requires
nately not well suited to the                 ogies,
                                   of technologies, vendors                                                human skil and automated
needs of critical infrastructure              aches,
                                   and approaches, thereby                                                 tools; while response involves
protection. Firewalls often                   he
                                   reducing the likelihood of                                              the creation of 
To top