The Four Pillars of Cybersecurity - cisco.com

1 Ask three people what Cybersecurity means and you re likely to get five answers. Is it protecting against malware that sneaks onto employee desktops when employees are tricked into clicking legitimate-seeming hyperlinks? Is it controlling access to applications based on the person s role? Preventing information leakage? Thwarting hackers in other countries masquerading as video surveillance cameras or printers? Developing a comprehensive Cybersecurity strategy becomes simpler when you focus on four Pillars , according to Kevin Manwiller, cisco s manager of federal security solutions.

2 To protect information and keep networks running, governments need to address achievable goals: identity and access control, secure remote access, data center and cloud security measures, and advanced threat defense throughout the enterprise, he says. These four Pillars of Cybersecurity not only prevent information leakage and network damage, but also support government cost-saving initiatives such as cloud computing, telework, and citizen Access Based on Who and What Is Connecting Knowing who is connecting enables agencies to grant the appropriate level of access to users without the expense of building and maintaining separate networks for employees, contractors, and citizens.

3 And knowing the type of device attempting to connect allows the agency to apply different access policies, depending on whether the device is, say, a laptop, smartphone, printer, or surveillance camera, and depending on whether or not the device is government-owned. The ability to control who and what devices connect to the network is the core of a good security posture, says Dave Klein, team lead for cisco s consulting systems engineers in security. An old hacker trick was to disguise a laptop to seem like a printer, to get onto the network without entering a username and password.

4 Government networks need to recognize the type of device, be it a laptop or video surveillance camera, so that they can apply the right kind of protections. Create a Borderless Network by Providing Secure Remote Access The government workforce increasingly connects from outside government walls, over wired, Wi-Fi, and cellular networks. Agencies were reminded of the importance of secure remote access in February 2010, when 30 inches of snowfall shut down federal government offices for a allow unmanaged devices like employee laptops and smartphones and public computers onto the network, agencies need very strict security measures, including wiping the device clean of cookies, passwords, and deleted files after the user has logged off.

5 Government should be able to enforce the same access policies and privileges for a soldier deployed in Europe as for someone working from a public hotspot in , says cisco Secure Remote Access solution meets this need with a firewall and web security appliance at agency headquarters, and either a VPN client (such as an IP Security [IPSec] or Secure Sockets Layer [SSL] client) for the employee s device, whether the device is a laptop, an Apple iPhone, or a smartphone running Windows Mobile. The cisco SSL VPN solution, which meets Department of Defense standards, does not need to be preinstalled, so agency employees can use it even from a public Security and Data Center Security Government organizations, including , , and the Library of Congress Experience, have begun using cloud service providers instead of hosting their own servers, motivated by cost savings and reduced energy usage.

6 Cloud services require the same security measures as locally hosted services, such as access control and malware prevention, according to Manwiller. The difference is that cloud services also need very strict administrative separation, he says. The cisco TrustSec solution addresses this requirement by providing policy-based access control, role-based network access, and data confidentiality and Threat Detection and Defense Government networks are prime targets for malware and botnets, which malicious websites surreptitiously deposit on desktops when employees click links in legitimate-seeming emails.

7 Most web-based attacks now arrive in encrypted form, making them harder to stop. Before, agency IT groups could only clean up infections after the fact. Now government can stop bad email traffic even before it arrives at agency servers, by checking the sender s reputation. cisco SenderBase , for example, provides real-time reputation scores for email senders, based on ongoing inspections of more than Newsletter ArticleThe four Pillars of CybersecurityAll contents are Copyright 2010 cisco Systems, Inc. All rights reserved. This document is cisco Public contents are Copyright 2010 cisco Systems, Inc.

8 All rights reserved. This document is cisco Public Article2 cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the cisco Website at , CCENT, CCSI, cisco Eos, cisco Explorer, cisco HealthPresence, cisco IronPort, the cisco logo, cisco Nurse Connect, cisco Pulse, cisco SensorBase, cisco StackPower, cisco StadiumVision, cisco TelePresence, cisco TrustSec, cisco Unified Computing System, cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks.

9 Changing the Way We Work, Live, Play, and Learn, cisco Capital, cisco Capital (Design), cisco :Financed (Stylized), cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, cisco , the cisco Certified Internetwork Expert logo, cisco IOS, cisco Lumin, cisco Nexus, cisco Press, cisco Systems, cisco Systems Capital, the cisco Systems logo, cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound.

10 MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of cisco and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between cisco and any other company. (1002R) cisco has more than 200 offices worldwide.