Sometimes a huge vision and fantastic goal is what is required to cause the dramatic change required in enterprises. Our vision for enterprise security: We believe enterprises, including the entire Federal IT Enterprise, can achieve an improvement in both security and functionality by two orders of magnitude in a 24 month period. How will you measure that? Functionality must be measured by baseline surveys of users now and surveys with similar methodologies later. Security has many metrics. One of critical importance is unauthorized intrusions. If there were 70,000 unauthorized intrusions into the federal IT fabric in 2010, then by 2012 the goal is to have that reduced by two orders of magnitude, to around 700.
Setting the goal is one of the most important components of this project since that is what will drive all other actions.
But there are technological components of this framework as well. Components can be selected based on their ability to secure the network, their ability to block malware, their ability to understand the enterprise and an ability to enhance collaboration throughout the enterprise. Capabilities can also be selected that ca enhance the ability of analysts to interact with and draw conclusions from information.
Some key capabilities in this thrust include:
Cloudshield – For deep packet inspection and an ability to take action based on results.
Endeca- For giving analysts an ability to interact with cyber data using discovery engines.
Jive- For providing collaborative and social networking environments for analysts.
Symantec- Leader in automating for security.
Invincea- Malware blocker
Triumfant- Ensures PC’s return to known policy state.
Collabnet – Great way to help developers field faster.