Rethinking infrastructure protection

Document Sample
Rethinking infrastructure protection Powered By Docstoc
					                                                                                          From the CSO’s desk


Rethinking infrastructure protection
Edward Amoroso
SVP/CSO, AT&T                                 cerns
                                   to-day concerns of protecting                                           tected by o one type of
                                                                                                                        only


T
       he approach that most                   rastructure
                                   massive infrastructure for                                              method.
       security experts follow                ational
                                   essential national services.                                                The use of human discre-
       centers on three basic         To begin with, deception                                                      mai
                                                                                                           tion in maintaining secrecy
approaches: building security                 tentionally
                                   involves intentionally tricking                                         around sec security operations
walls around critical assets,      adversaries using bogus traps.                                          is applied i government
                                                                                                                         in
strengthening credentials                     ding
                                      Since hiding critical                                                settings, bu not so much in
                                                                                                                       but
used to access critical assets,               nd
                                   assets behind a massive                                                 corporate e   environments.
and placing surveillance           corporate perimeter no                                                       Similar to log file capture,
around these assets. Most of                   ks,
                                   longer works, separation                                                   intelligen collection of the
                                                                                                              intelligent
you would recognize these                     olating
                                   involves isolating the                                                      right typ of data from
                                                                                                                      type
three approaches as firewalls,                 al
                                   most critical assets in a                                                    infrastr
                                                                                                                infrastructure systems
passwords and log files.            protected enclave that                                                       must be addressed.
   While this familiar method-                d
                                   is separated from less                                                         The a ability to correlate
ology has served acceptably        important resources.                                                    disparate d into action-
                                                                                                                        data
for many years, it is unfortu-                y
                                      Diversity ensures a mix                                              able intellig
                                                                                                                 intelligence requires
nately not well suited to the                 ogies,
                                   of technologies, vendors                                                human skil and automated
                                                                                                                     skills
needs of critical infrastructure              aches,
                                   and approaches, thereby                                                 tools; while response involves
protection. Firewalls often                   he
                                   reducing the likelihood of                                              the creation of 
				
DOCUMENT INFO
Description: While this familiar methodology has served acceptably for many years, it is unfortunately not well suited to the needs of critical infrastructure protection. Firewalls often cannot be placed around assets, simply because no reasonable perimeter can be identified. Passwords are often ineffective in infrastructure settings where compromised insiders might be the primary risk.
BUY THIS DOCUMENT NOW PRICE: $6.95 100% MONEY BACK GUARANTEED
PARTNER ProQuest LLC
ProQuest creates specialized information resources and technologies that propel successful research, discovery, and lifelong learning.