Protecting Vital Federal Government Assets

Federal departments and agencies are acting to improve their security postures in the face of growing concern over cyber attacks perpetrated by politically motivated hacktivists, terrorists and unfriendly nations.

The major deterrents that prevent other nations from overt and large-scale attacks on federal agencies are fear that the U.S. could respond in kind by launching malicious content and/or distributed denial-of-service (DDoS) attacks against a hostile government. Going a step further, the Department of Defense has publically reserved the right to use force in response to a major cyber attack by a foreign government.

Other nations, particularly China, are suspected of targeting U.S. companies, including defense contractors, with cyber attacks aimed at stealing critical corporate information. Security giant RSA was the victim of a breach that exposed information about its flagship SecurID authentication products. The series of so-called Aurora attacks compromised Google, Adobe and a number of other companies.

In July 2011, two U.S. government-funded research laboratories, Pacific Northwest National Laboratory and Thomas Jefferson National Laboratory, and Battelle Memorial Institute, which operates Pacific Northwest, were targets of a highly sophisticated cyber attack. No classified data was reported stolen, but the concerns raised were very real. Earlier cyber attacks shut down network access at giant defense contractor Lockheed Martin and the Oak Ridge National Laboratory.

In addition to the high profile risk to the nation's defensive posture, federal agencies are responsible for protecting vast numbers of personal information records of U.S. citizens, that would be very attractive to cyber thieves, including personally identifiable information (PII), tax and other financial records, health and insurance information, census data and military records.

Targeted attacks, in some cases, advanced persistent threats (APT) that employ zero-day exploits, and stealthy low-and-slow techniques to evade detection are not new, despite some recent prominent examples, and are a very real threat from nation-states and other criminal or hostile elements that have the expertise and resources to execute them.

The DDoS Threat

Federal agencies also have to deal with the constant threat of distributed denial-of-service (DDoS) attacks, which are on the rise (Gartner reports a 30% increase in 2010 with every indication the trend would continue). Unfriendly governments or terrorists might launch such attacks, but a rise of hacktivist activity is of the most immediate concern. Hacktivist groups have been responsible for waves of DDoS attacks, bringing down the CIA website and the site of the Serious Organized Crime Agency, the British counterpart to the FBI.

Another series of DDoS attacks took down several federal government sites, including the Federal Trade Commission and the Department of Transportation.

And there have been many DDoS attacks against foreign government sites in a wide range of nations, including Malaysia, Turkey, South Korea, U.K., Iran, Estonia and Chechnya. There is ample precedent for cyber attack on various national interests.

FISMA

U.S. government agencies are subject to the Federal Information Security Management Act (FISMA), which defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. The act requires federal agencies to conduct annual reviews of information security programs. The National Institute of Standards and Technology (NIST) outlines nine steps toward compliance:

  1. Categorize the information to be protected.
  2. Select minimum baseline controls.
  3. Refine controls using a risk assessment procedure.
  4. Document the controls in the system security plan.
  5. Implement security controls in appropriate information systems.
  6. Assess the effectiveness of the security controls once they have been implemented.
  7. Determine agency-level risk to the mission or business case.
  8. Authorize the information system for processing.
  9. Monitor the security controls on a continuous basis.

Corero's Security Solutions

Corero's Intrusion Prevention System (IPS) and DDoS Defense System (DDS) lines of products provide highly effective network security for federal departments and agencies against:

  • Malicious content attacks aimed at stealing vital and sensitive information and/or disrupting critical systems.
  • DDoS attacks that can disrupt access to vital agency services
  • Unauthorized access to sensitive, privileged and/or classified information.

Corero's unique protocol behavior analysis enables its IPS to detect and block malicious content, even previously unidentified zero-day exploits.

Intrusion Prevention System

Corero's Intrusion Prevention System (IPS) solution provides continuous, comprehensive protection against external attack, leveraging unique technology that discerns between legitimate and malicious traffic, providing more accurate detection and fewer false positives than other IPS products. Corero uses stateful protocol inspection and inspection of payload data files to determine if suspect traffic is behaving correctly or represents a threat.

Corero's IPS has received Common Criteria validation at Evaluation Assurance Level (EAL) 4, the highest level of assurance available in the IPS market, from Cyngacom Security Evaluation Lab.

Corero IPS features bidirectional traffic inspection, enabling detection of infected computers communicating with their command-and-control servers or participating in botnet attacks. The ability to monitor and analyze outbound traffic helps identify computers that may be part of an APT attack, whether they have been compromised by a zero-day exploit or exploited by a known attack through an unpatched vulnerability.

Corero solutions provide a high level of visibility into network activity, and help meet internal audit and regulatory compliance requirements critical in the financial sector through Network Security Analyzer (NSA), a security information and event management tool. NSA provides robust and highly flexible logging, reporting and forensics capabilities.

Corero's IPS enables regulatory compliance through protection of confidential data. And, Corero's IPS provides proper auditing, monitoring, logging and reporting of security events for rapid identification and response to a material event, and forensic analysis.

Corero's 3 Dimensional Protection (3DP) technology's triumvirate of security functions - DDoS defense, stateful firewall filtering, and stateful packet analysis - provides the capabilities that power Corero solutions effectiveness.

DDoS Defense System

Corero's DDoS Defense System (DDS), leveraging Corero's award-winning DDoS defense technology, delivers nondisruptive protection from attack against the networks and servers that support federal department and agency websites and online services. It provides maximum protection for critical IT assets, detecting and blocking malicious traffic while allowing full access to legitimate users and applications. The DDS can keep federal sites up and available at full service levels.

Corero's DDS delivers unmatched DDoS attack detection and mitigation against both the well-known network layer flooding attacks and the more insidious application layer attacks that are nearly impossible to detect without patented Corero technology. The DDS delivers on-premises protection that traditional network security technologies, such as firewalls and other vendors' IPS's cannot. And Corero provides a level of security that goes beyond dealing with DDoS by simply buying more bandwidth, which is expensive and useless against application level attacks. "Clean pipe" and "black hole routing" techniques that may be used by your ISP or cloud anti-DDoS provider are not as effective as dedicated Corero on-premises solutions and are blind to insidious application layer attacks.

In concert with the DDS, SecureWatch PLUS DDoS defense configuration/implementation, 24/7 monitoring and incident response services provide the most comprehensive DDoS defense available on the market.

Federal departments and agencies can deploy both the Corero DDS and IPS solutions inline in full confidence that they will maintain full levels of performance and service, which are absolutely critical to successful online business operations. Corero appliances offer the lowest latency and highest reliability of any security products available on the market today. Corero's Core Platform, built on the purpose-built Tilera multicore processor architecture and CoreOS, provides real-world protection at real-world performance levels.