When it comes to protecting state government networks, you can’t protect what you can’t see.
“That’s the key to security nowadays at a fundamental level,” Zulfikar Ramzan, the chief technology officer for RSA, told StateScoop TV at the National Association of State Chief Information Officers midyear conference.
But it’s not just about being able to see what’s happening across the state government enterprise, Ramzan said. In fact, there are two elements to visibility: real-time monitoring and retroactive examination.
“Attackers move very swiftly,” Ramzan said. “They’re after your critical assets. If you can’t figure out what they’re doing quickly enough, there’s a good chance they’re going to get to those crown jewels.”
On the retroactive front, Ramzan said government needs to be able to trace attacks back to their root cause in order to fully understand the scope of an attack.
“Visibility is really about depth and breadth, but also about being able to look back in time and do things also at a real-time fashion as well,” Ramzan said. “Oftentimes, when an attack does take place, you might see a single artifact, and the goal should be able to trace that artifact back to its root cause and understand the full scope, the ramifications of that attack.”
With that visibility in place, states can merge that with the knowledge and understanding of mission-critical assets, Ramzan said, to build a more secure enterprise.
“It’s really critical to be able to filter down to understand the most critical elements to your organization, what I think of as mission-driven security,” Ramzan said. “What is your organization trying to achieve at a more fundamental level, security aside? It turns out that if you can’t tell the difference [between what’s mission-critical and what’s not], you won’t know which incidents matter most to your organization.”
This video interview was brought to you by RSA.