Next in our lineup of post Cyber Playbook interviews is Rob Roy, Public Sector CTO of Hewlett Packard Enterprise Security. He shared his thoughts on compliance and other hurdles agencies face in building strong cyber security strategies.
Federal CIO Tony Scott recently released a new Cyber Security Implementation Plan; one of its top initiatives includes Identification/Protection of high value data and detection and rapid response to cyber incidents. Can you describe how HPE can help meet these mandates?
Insiders, or those mimicking insiders through the use of spear phishing and other techniques, often travel unencumbered through a network, accessing systems and data that they don’t require to do their job. This is a simple example, but it is found all too often in the forensics phase of a breach. User Behavior Analytics enables a focused analysis of anomalous behavior on an organization’s network in near real time. By targeting or grouping individuals and monitoring their behavior online, it is now possible to detect when a user is doing something outside of their daily routine or job requirements and increase their risk level automatically for further analysis.
DNS Malware Analytics is a recently announced offering that allows an organization to detect malware without deploying costly agents or using bandwidth to deploy signatures. It works by analyzing high volumes of DNS traffic, eliminating 99% of the traffic that is known to be good, and then using proprietary algorithms to detect malware attempting to make contact with a command and control server outside of the organization.
The latest technology in use by major retailers and financial institutions to protect both stored and data in transit is HPE’s Secure Data, which protects sensitive data using patented Format Preserving Encryption that enables cross-application functionality without having to unencrypt data to use it. It is currently undergoing NIST standardization for FIPS 140-2 certification.
ArcSight is the automation engine behind many of the largest security operations centers in government. It enables organizations to automate the collection, correlation and analysis of large volumes of security events and instrument rules for action. This automation enables more pro-active defense using the latest threat intelligence and reputation feeds to detect and prevent the evolving threats.
In your opinion, what is the government’s biggest hurdle in implementing a successful cyber security plan? What technologies should cybersecurity leaders consider moving forward?
The government faces many hurdles in implementing a successful cyber security plan. Compliance is just one of them. There needs to be a comprehensive strategy led by a single accountable agency with authority to apply principles and budget throughout the government and based on priorities established and acknowledged by the legislature. In addition to this, budgets need to be expanded in a “moonshot” effort to encompass education, research and application of the latest cybersecurity capabilities. Ruthless execution of a well-funded plan that can evolve with a daily threat landscape is the only way to maintain parity with the adversary.
To hear more from Hewlett Packard Enterprise about government cybersecurity and learn from leaders in both government and industry, check out the recording of the event or check out the hashtag at #CyberDC.