Experts Say Perimeter-Based Security Not Enough

Protecting network systems from security threats will not get any easier in 2010, and the security community will have to address issues that haven't gotten a lot of attention in the past few years, according to security experts speaking at the Government Technology Research Alliance Council meeting.

Existing processes and technologies are not getting the job done because organizations and industry vendors are too focused on protecting network perimeters, said Amit Yoran, chief executive officer of NetWitness, at a luncheon Dec. 7. He is a former director of the U.S. Computer Emergency Readiness Team and the Homeland Security Department's National Cybersecurity Division.

Most IT security tools are signature-based, which means they focus on known threats and cannot meet the challenges of emerging advanced threats from criminal organizations and nation-state adversaries, Yoran said. In today's organizations, it is impossible to define where perimeters and boundaries are and where data is located.

"The security market is almost focused on network-layer activities, which is useless against advanced threats," he added.

Randy Vickers, the current director of US-CERT and DHS's National Cybersecurity Division, agreed that the security community must go beyond signature-based detection.

"We have to get more robust detection," Vickers said. Intrusion detection and other signature-based tools are limited because they force security operators to act on what they know, not what could be happening.

But there's a risk to moving to a more heuristic detection approach, which uses past experiences to make educated guesses about present network behavior. When organizations move into more behavior-based anomaly detection, they might collect sensitive data such as medical information, Social Security numbers or other information protected by rules or legislation, he said.

"I'm not talking about deep packet inspection but normal types of anomalous information," he said, adding that there is concern about how DHS and other agencies collect data. "If we can't get past those issues, we will never get to the point at the enterprise level where we are looking at things in a heuristic way."

DHS will focus on prioritizing threats, managing risks in cyberspace and encouraging security innovation in the coming year, Vickers said. Officials will emphasize building on programs that stress information sharing with security operations personnel and chief information officers, he said.

Meanwhile, Yoran offered his list of cyber threats that are bound to keep security experts awake at night. They include:

  • Attacks that continue up the network stack, affecting applications.

  • A continued focus on Web- and e-mail-based delivery of attacks. "We have no effective method to police or patrol Web traffic," he said.

  • Custom malware.

  • Increasing challenges in incident response. Attacks will attempt to shut down command and control channels.

  • An expected increase in the prevalence of sleeper software.

  • A rise in attacks that target mobile computing platforms.

About the Author

Rutrell Yasin is the senior technology editor of Government Computer News (


  • OneDrive Users To Get Storage Options, Plus New Personal Vault

    Microsoft announced a few OneDrive enhancements, including storage-option additions, plus a new "Personal Vault" feature for added security assurance.

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.