Page 23 - Cyber Warnings December 2015
P. 23
The current architecture includes Palo Alto Networks’ Next Generation Firewall, FireEye’s
network sandbox, Hexis’ HawkEye G solution for next generation endpoint detection and
response, and Splunk as the command and control layer.
Mr. Quade also highlighted the importance of auto resiliency and auto regeneration. In a
recent interview, Mr. Quade defined resilience as “the ability of a system to recover and
resume operations, or to continue to operate, in the face of adversity.”
In the same interview, Mr. Quade indicates “Automation - specifically, real-time
orchestration and integration of a variety of security products - is an approach starting to be
leveraged in cybersecurity efforts to auto-harden and auto-defend our networks.
Even with that in place, it is inevitable that our networks will be attacked. So, auto-resilience
is the next logical step to enabling speed in systems recovery and maintenance of
functionality.”
Reduce Your Risk of Compromise Through Integrated & Automated Active Cyber Defense
This panel focused on the aforementioned SHORTSTOP reference architecture and was
moderated by Patrick Arvidson, Director for Defending DOD Networks and Mission Assurance
OSD, Office of the Principal Cyber Advisor and Russell Glenn, Director Cybersecurity, KEYW
Corporation.
The panel included representatives from FireEye, Hexis Cyber Solutions, Palo Alto Networks, and
Splunk.
The future of cybersecurity lies in leveraging automation and integration.
A fog of alerts makes it challenging to detect and respond to APT attacks.
A government agency that is adopting the Active Cyber Defense architecture has
experienced an 80% efficiency improvement on day to day routines. They were able to take
12 front line defenders down to 3 with the other 9 now focused on doing hunt operations.
The most vulnerable part of environments is users and endpoints.
The Evolution of Security Innovation and What is Next? — Panel
Prevention is not working well because it’s based on having prior knowledge of what attacks
look like.
Prevention is more than taking foreknowledge or intelligence and configuring tools it’s about
containing a breach.
John Pescatore of SANs hits the nail on the head indicating that there’s a difference
between containing a breach and containing malware. It’s about removing the threat before
it does damage. Prevention is preventing damage not APTs getting in.
23 Cyber Warnings E-Magazine – December 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
