There is no question that security is becoming one of government’s top IT concerns. Breaches have become so frequent that it is no longer a question of if they will occur, but when. According to a GAO report, the number of security incidents at federal agencies that have involved the potential exposure of citizens’ personal information has increased from 10,400 in 2009 to more than 25,500 in 2013.
As government looks towards continuous monitoring and other comprehensive approaches to improving security, there are still some foundational security checks and balances that can repel unnecessary risk. As network security remains the most critical area of vulnerability prevention, government agencies are in need of next-gen solutions that don’t stifle innovation. Today’s networking gear is undergoing transformative changes that are delivering unprecedented performance from the core to the very edge of the government enterprise.
Agencies need a solution that will allow them to remain secure without inhibiting network capabilities.
Legacy offerings that protect data in flight over the network often severely impact performance and in turn, employee productivity. In fact, in a recent survey of IT professionals 75 percent of respondents stated they experienced a decline in network performance when firewall, anti-virus, and deep packet inspection security appliances and tools were enabled. The same survey found that 40 percent of respondents simply disable security functions in an effort to avoid sluggish application performance.
To help customers solve the performance challenge, Brocade has introduced the first wire speed inline encryption solution for modular routers, allowing agencies to protect their data without a performance hit or a big price tag. Direct feedback from federal agencies led Brocade to introduce this innovative model. With four ports of 10GbE and four ports 1GbE, the module allows for wire speed encryption that can protect data in-flight in both wireless area network or hybrid cloud environments. These eight ports have the ability to create a single 44G pipe for maximum data throughout. Learn more about the new security solution, here.
Follow me on Twitter at @AKRobbins2010 to continue the conversation!
Anti-virus, firewall and deep packet inspection is all necessary, but when one analyses an attack scenario, here are the steps:
• Steal a user’s digital certificate, private key and/or password.
• Use the stolen credential to gain undetected access since a legitimate cred was used.
• Expand access by probing the internal network and using admin tools
• Steal data and transmit files. Stolen keys will decrypt files offline.
The first step has to be secure authentication of the user before they are allowed access. Some of the best ways to do this is to greatly increase the frequency of changing passwords, increase length of passwords, and get the employee out of managing the passwords.
HHS has finished their security testing of Access Smart’s Power LogOn secure password management and authentication solution. It passed. They are now starting to deploy Power LogOn on their existing PIV credentials to eliminate their password burdens.
Cyber Security is about solutions and not just products. Using Brocade is important to help secure past the firewall. But if the hacker gets in to the network with stolen certificates, keys or passwords then the encryption might be useless.