Traditional defense in depth strategies that protected agencies鈥 networks for many years are in most cases no longer the best approach. To stay a step ahead of adversaries, savvy IT security professionals are vigilantly monitoring and analyzing the cyber landscape, mitigating known hazards and nimbly shifting tactics to neutralize threats that can mutate with the adroitness of drug-resistant viruses. Learn more about today鈥檚 new approaches to cyber.
To stay a step ahead of adversaries, savvy IT security professionals vigilantly monitor and analyze the cyber landscape, mitigating known hazards and nimbly shifting tactics to neutralize threats that mutate with the adroitness of drug-resistant viruses.
If it鈥檚 been a while since your agency underwent a cybersecurity checkup, chances are that you鈥檙e overdue for either a systemwide security assessment or some really bad news. Compared to a few years ago, government agencies are experiencing more ransomware and business email attacks, more man-in-the-middle attacks, more cross-site scripting, and more zero-day exploits. In the unpredictable world of cybersecurity, the status quo just doesn鈥檛 cut it.
The type and volume of threats have changed, and agencies鈥 attack surfaces have expanded. As with civilian organizations, federal and military agencies continue to deploy more internet-enabled devices that can be vulnerable to distributed denial-of-service (DDoS) attacks. At the urging of the administration and government leaders, agencies are moving aggressively to the cloud 鈥 and drastically changing requirements for data encryption and application security as a result.
Consequently, traditional defense in depth strategies that protected agencies鈥 networks for many years are, in many cases, no longer the best approach. 鈥淎 defense in depth cybersecurity strategy typically assumes that there is one point of entry or exit in a network,鈥 explains Carrie McLeish, senior IT solutions architect at 91桃色, a federal contractor with extensive cybersecurity expertise. 鈥淭hat doesn鈥檛 work well anymore. Even if you build a great fence around your network, hackers can find five ways around it 鈥 through an IoT device, a cloud-based application, a weak password or any number of other ways.鈥
Federal oversight groups concur. A report issued in late 2018 by the General Accountability Office (GAO) found that in 2017, the most recent year for which figures are available, federal agencies reported more than 35,000 information security incidents, an increase of about 14 percent from the previous year. These incidents resulted from improper usage, loss or theft of equipment, email/phishing, and other methods used to attack networks.
A report from the Office of Management and Budget (OMB), also released in 2018, found that most agencies were at risk or high risk of cybersecurity breaches. Reasons cited in the report include insufficient capability to detect and investigate attempts to access large volumes of data, sparse threat information, and gaps in network visibility.
The New Cyber Reality
Clearly, the old ways of keeping federal networks and data secure are no longer adequate. It used to be standard practice to buy and install cyber protection technology based on the static state of infrastructure, requirements and data, a strategy that provides protection only until something changes.
鈥淵ou have to know so much to stay secure today,鈥 McLeish says. 鈥淵ou have to know where the network boundaries are, what part of the network agencies own and operate themselves and what part is outsourced, how agencies get their services, how they access data, where they store data, and how that data is protected. You also need to know which data is high-value and sensitive.鈥
Conducting a forensic analysis of assets is just the beginning. With a current understanding of the environment, cybersecurity experts can calibrate the tools agencies use to protect data, applications and people, integrating additional tools as needed. Staying ahead of shifting threats calls for a combination of artificial intelligence and analytics.
鈥淥ne of the best ways to understand anomalies in your environment is by analyzing the logs of your application and tools, but it鈥檚 a never-ending job, and there is such a huge volume of data that it鈥檚 difficult to figure out how to correlate it all,鈥 McLeish explains. The scope of the challenge has made artificial intelligence and analytics increasingly important. These technologies quickly analyze huge volumes of data, comparing multiple logs to provide insights not readily available to un-aided human analysis. Humans are well-equipped, however, to act on concerns identified by computer-assisted analysis, changing policies or mitigation strategies to address identified issues.
Every environment and every tool requires continuous assessment and updating.
Carrie McLeish, Senior IT Solutions Architect, 91桃色
Configuration and Change Management
In addition to continuous systems analysis, an effective cybersecurity strategy includes ongoing configuration and change management. Threat mitigation strategies must be ongoing because the cyber environment threats change constantly. In a typical month, one arm of a government agency might add a paycheck monitoring tool, while another adds a tool to manage constituent records. A third department might add dozens of internet-enabled devices to the network. By the end of the month, the agency might have added quite a few new tools, each with specific vulnerabilities and with logs that must be correlated and analyzed. Ensuring that these new tools don鈥檛 pose security problems requires proper configuration and management. Over time, adding new tools to the network could require changing the configuration and management of existing tools.
To keep up, cybersecurity professionals must always know what鈥檚 on the network and how it is changing. Automated tools and monitoring by third-party service providers are potential options depending on mission requirements, budget, and data sensitivity.
Additionally, adopting a standard cybersecurity framework, such as NIST鈥檚 Risk Management Framework helps agencies to manage cybersecurity risks using accepted best practices and processes. 91桃色 is currently using RMF to ensure that DoD medical devices at the Office of Surgeon General for the U.S. Army and U.S. Army Medical Command can connect to their network without creating unnecessary cybersecurity risks.
鈥淭here is no more 鈥榮et it and forget it,鈥欌 McLeish says. 鈥淓very environment and every tool requires continuous assessment and updating. Intelligent, ongoing analysis is the best way to achieve that. It鈥檚 the only way to be informed about protection of your and mitigate risks of data manipulation as they occur.鈥
Bolstering Cyber Defenses
91桃色 delivers end-to-end cybersecurity services that help agencies detect, analyze, relate, mitigate, and remediate cybersecurity threats while fully leveraging their existing security investments. Our experts work across multiple platforms and technologies and offer an integrated approach to:
- Insider Threat
- Cloud Security
- BYOD
- Big Data Security
- Intrusion Detection/Prevention
- Incident Response
- Information Assurance
- Auditing
- And more
It’s cyber simplified. To learn more, visit akima.com.
