Security Intelligence Imperative for Government Information Systems

By Elevate posted 10-31-2014 11:57


Cowritten by Mark Belk, National Government Chief Architect and

Rebecca Lawson, Senior Director Security 



The pace of change seen in the adoption of new methods and technology deployed by nefarious characters in cyberspace continues to place new demands on government information systems. There are multiple persistent cybersecurity threats targeting governments, critical infrastructure, economic institutions and commercial property. The government has recognized these threats. In fact, the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program increases network defense through the modernization of information system infrastructure.





Firewall technology in particular has evolved to meet the demands of today’s cyber threats and is an important piece of technology for CDM. Firewalls need to help system administrators know more and better adapt to the changing threat environment.


With this always-on threat environment, now is the time to deploy next-generation firewall technology (NGFW). Traditional firewalls can understand only a certain amount of data, but NGFW capabilities are able to “see,” detect and control layer 4-7 information, and take prescribed actions based on that visibility.


Now, products such as Juniper’s SRX Firewall raise the bar on NGFW to offer an added level of defense and control to protect investment in IT infrastructures. With a direct means by which near real-time threat information can be associated with firewall policies, firewall efficacy is much better than ever before. Emerging access to many new sources of intelligence, along with the ability to apply policies in a more adaptive fashion based on this intelligence gives security operations a boost in terms of reducing risk.


Seven characteristics of a security intelligence platform — those we see in High-IQ networks — that enable an adaptive intelligent firewall are:


  1. Openness of the platform as opposed to one that can only handle feeds specified by a particular vendor;
  2. Scale is important to ensure customers can deploy the security intelligence across a distributed enterprise or service provider deployment;
  3. Automation to allow rapid service provisioning based on actionable intelligence
  4. Capacity is essential because feeds can run into large numbers of entries and the firewall must be able to handle the volume and process it for effective enforcement;
  5. Efficacy is expected — the feeds should be usable and fine-tunable based on customer-use cases and business requirements;
  6. Adaptive, meaning that the data feed is up-to-date, relevant and actionable between the time it is consumed into the security intelligence platform, through the normalization and “cleanup” process, and at the point of enforcement on the firewall;
  7. Agility is being able to provide support for the threats that we do not yet know, as Gartner has noted. Often today’s security supports only those threats that we know; the ability to adapt and evolve is key.

Surprisingly, as of early 2014, only 20 percent of customers were using NGFW capabilities. There has been a lot of talk, but only by early adopters who were using these types of services. Now we are seeing movement towards mass adoption. By the end of 2014, it is predicated that 75 percent of new firewall purchases will be NGFW. Now is the time for enterprises, especially public sector organizations, to realize the benefits of NGFW.


Do you know how to improve your defenses against advanced cybersecurity threats? Juniper has worked with customers to improve vulnerabilities that they didn’t even know they were exposed to visit, Juniper Security

1 comment



11-03-2014 06:26

This is good work, and I like the direction!


In my interactions with many firms globally, these have come to realize that the most talked about NGFW capabilities aren't enough to keep them secure (that is application visibility and control, and directory services integration). 


In other words, knowing what applications and who the users of those applications are in the network is great for aspects of compliance, fine tunning of resources (capacity planning), and forensics in case that they have to go back and see who was using nefarious application "X" at the time of a security bridge. However the higher level of of application visibility did not necessarily make them more secure. 


Instead, companies are demanding actionable information when they are undergoing an active attack. Being able to cripple C&C communication for malware, process chain traffic from certain geo-ip locations in a timely manner, or integrating and uniformly applying internally generated threat intelligence across communities of interest, those are all more relevant use cases that talk directly to some of the most prevalent attack vectors at this time.


/Barny Sanchez