Organizations implementing Continuous Monitoring strategies are remiss if they are not taking into account the value of network telemetry in their approach. NIST Special Publication 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations provides guidance on the implementation of a Continuous Monitoring strategy, but fails to address the importance of network telemetry into that strategy. In fact the 38 page document only mentions the word “network” 36 times. The SP 800-137 instead focuses on two primary areas: configuration management and patch management. Both are fundamental aspects of managing an organizations overall risk, but to rely on those two aspects alone for managing risk falls short of achieving an effective Continuous Monitoring strategy for the following reasons
First, the concepts around configuration and patch management are very component specific. Individual components of a system are configured and patched. While these are important the focus is on vulnerabilities of improper configuration or known weaknesses in software. Second, this approach presumes that with proper configuration control and timely patch management that the overall risk of exploitation to the organization’s information system is dramatically reduced.
While an environment that has proper configuration and patch management is less likely to be exposed to known threats, they are no more prepared to prevent or detect sophisticated threats based on unknown or day-zero exploits. Unfortunately, the customization and increase in sophistication of malware is only growing. A recent threat report indicated that nearly 2/3 of Verizon’s data breach caseload were due to customized malware. It is also important to keep in mind that there is some amount of time that passes between a configuration error is determined and fixed or the time it takes to patch vulnerable software. This amount of time can potentially afford an attacker a successful vector. For these reasons organizations looking to implement a Continuous Monitoring strategy should depend on the network to provide a near real-time view of the transactions that are occurring. Understanding the behavior of the network is important to create a more dynamic risk management focused Continuous Monitoring strategy.
Network telemetry can consist of different types of information describing network transactions in various locations on the network. Two valuable telemetry sources are NetFlow and Network Secure Event Logging (NSEL). NetFlow is a mechanism that organizations can use to offer a more holistic view of the enterprise risk picture. NetFlow is available in the majority of network platforms and builds transaction records of machine-to-machine communications both within the enterprise boundary as well as connections leaving the enterprise boundary. These communication records provide invaluable information and identify both policy violations and configuration errors. Additionally, NetFlow also provides insight into malicious software communications and large quantities of information leaving an enterprise. Network Secure Event Logging uses the NetFlow protocol to transmit important information regarding activities occurring on enterprise firewalls. This is valuable data that can be aggregated with other NetFlow sources to bring additional context to the network behavior occurring.
Coupling the configuration and patch management guidance in SP 800-137 with an active NetFlow monitoring capability will provide organizations with a Continuous Monitoring strategy that is more system focused and more apt to fostering a dynamic risk management environment. Cisco will be discussing NetFlow, NSEL and other security topics at the March 21st, Government Solutions Forum in Washington, D.C. If you’re interested in learning more, click on the following URL:
Tags: 800-137, configuration management, Continuous Monitoring, cyber security, dynamic risk management, netflow, network secure event logging, NIST, Risk Management, vulnerabilities
How exactly are companies and cities going to successfully finance dramatic upgrades of urban connectivity? When will the financial engineers develop the tools which, when used, result in smarter and more prosperous communities where efficiencies are realized; where multiple urban systems are integrated; and where the return on investment shows up in improved local economies?
On Feb 1st this blogger took a first look at that conundrum, as part of a panel at The Cities Summit, —convened by The City of Vancouver. A few weeks later, I joined another group of leaders assembled at the second annual Conference on Sustainable Real Estate of NYU Schack Institute’s Center for the Sustainable Built Environment, where not surprisingly, the topic came up again, at the conference’s conclusion. Read More »
Tags: 21st century cities, Cisco, city transformation, green business, IBSG, Smart Cities, sustainable development, urban connectivity, urban innovation, urban planning, urban sustainability
Public Sector customers continue to debate the trade-offs of prioritizing lowest price switching, point product solutions, over designing and deploying Cisco network architecture solutions which provide a lower Total Cost of Ownership (TCO).
On February 23, 2012, Deloitte Consulting presented the findings of an in-depth research study that examines the operational, financial, and risk factors associated with the use of single-vendor and multivendor approaches in different types of complex networks which may be viewed here along with the report itself.
They key findings are summarized in the following 7 items:
- Within the context of total IT spending, the use of single-vendor or multivendor architectures does not present material cost differences on a long-term basis. Initial cost savings realized in multivendor network implementations are mitigated by the incremental operating costs over the life of the equipment.
- Enterprise networks are considered critical production systems, key to business operations. Networks must be managed with an appropriate operational risk perspective.
- Customers prefer a single vendor to be responsible for all network components and services. The operational risk associated with network support, not the cost, is the primary factor when influencing the decisions to use single or multivendor architectures.
- Staffing costs are not significantly impacted by the use of multiple vendors; it is more influenced by the mix of functions supported and the types of network services provided.
- Using products from different vendors can bring down initial costs for certain products, but adds higher operating risk in service, support, and operational integration.
- The use of multiple networking vendors introduces additional operational risk based on the need for customers to assume increased risks for integration, interoperability and support.
- When using multiple vendors’ products, customers frequently do not recognize the interdependencies of functionality, long-term costs, and impact on operational risks
And be sure to watch Director of Public Sector Systems Engineering, Dave West on youtube present his version of why low-cost, ” Good Enough” Switching is not Good Enough for Public Sector Customers looking for a reliable, secure, highly available, well supported and investment protected network.
Tags: dave west, Deloitte, good enough, multi vendor, network, pollock, public sector, report, tco, video
The Obama Administration is committed to building a 21st century government and the strategic use of technology will be transformative in making that vision a reality. Organizations are being challenged now, more than ever to balance limited technology resources and budgets with policies and user demands. However, savings is not always measured in dollars, but could include increased employee productivity, lower energy costs, and enhanced end user experience through improved service levels.
The City of Raleigh experienced these and other residual benefits firsthand as they worked to create a unified vision for technology. By leveraging a unified approach to voice, video and wireless solutions, they were able to revitalize downtown area businesses, the convention center, schools and low-income households. In doing so, they not only renewed interest in an emerging community, but recognized significant cost savings. The government network is better positioned to serve the needs of their constituents and businesses and continuously drive improvements for the city and its citizens. Individuals and investors have returned to the downtown Raleigh area and nearly 2,000 low-income households now have wireless internet connectivity. By leveraging the power of a secure, scalable and reliable network, the City of Raleigh has realized the benefits of connecting, innovating and saving, far beyond dollars saved. Learn how “America’s Most Wired City” put this plan into action and how they are better positioned to adapt to the changing demands of the people they serve.
Join us at the Government Solutions Forum on March 21, 2012 from 8:00am-3:45pm at the Grand Hyatt Hotel in Washington, D.C. http://www.cisco.com/web/strategy/government/solutionsforum.html
Follow the live chatter on Twitter using #CiscoGSF. To find out how you can drive down the total cost of ownership for your network and learn innovative ways to cut costs, please visit http://www.cutting-costs.com/
What do the U.S Patent Trade Office (PTO), the City of San Antonio and the Mooresville Grade School District in North Carolina all have in common? Each of these organizations is using technology in unique and innovative ways to fundamentally change how they approach their business. By implementing a telework program, the PTO was able to recognize $19M in savings in real estate costs, while at the same time, providing their employees with the flexibility to work remotely and save commuting time. Mooresville School District improved graduation rates from 64 to 91%, by implementing a Digital Conversion program which provides every student in grades 2 and above with a laptop, integrating mobile technology into researching, multimedia projects and three dimensional learning. The City of San Antonio succeeded in improving traffic, lowering gas emissions and shortening commute times, by creating an intelligent traffic signal communication network.
While these stories demonstrate great results, they are not entirely unique. Many government and education organizations are turning to technology to help them connect, innovate and save. There are some great stories to be heard and lessons to be learned. If you find these examples interesting, you might want to check out this Town Hall discussion where representatives from these organizations, as well as from the City of Raleigh North Carolina, The City of Aurora Illinois, the Idaho Education Network and McHenry County discuss the new and exciting ways they are deploying technology. You might even learn a thing or two from traffic lights.
Tags: Digital Conversion Program, Mooresville Grade School, Mooresville School District, Patent Trade Office, PTO