Federal News Radio hosted RSA Chief Technology Officer Zulfikar Ramzan and three federal executives to take a look at several aspects of network visibility and analytics.
“The reality is that you can’t be reactive anymore,” Zulfikar Ramzan, chief technology officer for RSA, said on Federal News Radio’s In Focus. “A reactive posture is what gets you into trouble in the long run. Now the good news is that even though there are these zero day vulnerabilities and sophisticated attackers, at some point in the course of every attack, someone utilizes a known tool or some known piece of infrastructure simply because it’s too expensive for attackers to do everything fresh for the first time.”
“In the end it’s behavioral,” William Yurek, program director of cyber intrusion investigations at the Defense Criminal Investigative Service said on Federal News Radio’s In Focus. “People will always be the weakest link at any level. They will always be what we have to key on. Unfortunately, we forget about that. Behavioral analytics is an attempt to get us back to the idea of looking at how people behave, in the simplest sense. But how we can use that in both the predictive sense, and frankly, in my viewpoint as an investigator often times we come in and it’s kind of too late. But there are behavioral factors you can use to analyze bad guy activity and try and create a behavioral finger print of a human being.”
“We really focus on that endpoint protection,” Steven Hernandez, CISO, acting CTO and director of information assurance for the Office of Inspector General at HHS said on Federal News Radio’s In Focus. “Not only, at some point, that endpoint probably had to handle keys or certificates to do that job, to get that encryption in place – that’s very helpful for us – but also for anything that we run, that’s where we want the encryption to really take place. Because I guarantee you at some point that magical network encryption box you have is going to fail, or a network engineer is going to make a mistake and going to route around it, or your cloud provider is going to make a mistake and all of a sudden your information is in the public network. And so, as a custodian of the data, at that application layer, sometimes at that session layer, that’s where we really focus our efforts.”
“We encrypt almost everything,” Frank Konieczny, chief technology officer of the U.S. Air Force, said on Federal News Radio’s In Focus. “Probably close to 100 percent, if not 100 percent, within the Air Force domain right now, because you have to. Now the question becomes, when do you decrypt to look at everything else? And we do it at the application level or at the endpoint level, user endpoint level, so we don’t like decrypting in the middle because that just adds another factor or problem area for incident reporting.”