HUMAN, FBI, and Partners Take Action Against BADBOX 2.0

Posted on by Gavin Reid

On June 5th, 2025, the Federal Bureau of Investigation issued Public Service Announcement I-060525, detailing how cybercriminals are exploiting compromised Internet-of-Things devices to expand the BADBOX 2.0 botnet and residential-proxy infrastructure.

The goal of this announcement is consumer education: if you buy one of these bargain devices, you may be handing criminals the keys to your home network. You wouldn’t help someone rob a store—are you willing to let bad actors steal bandwidth, launder traffic, and commit fraud in your name?

HUMAN is honored to have contributed intelligence to this alert alongside Google, Trend Micro, and the Shadowserver Foundation, further validating the findings our Satori Threat Intelligence & Research Team published in March 2025.

Collaboration is the decisive advantage in modern cyber defense. From the first indicators uncovered in our labs, we worked shoulder-to-shoulder with platform operators, cloud providers, and law enforcement partners, sharing data in real time and coordinating disruption actions. Google’s enforcement across Google Play Protect has already blocked malicious apps and cut off monetization avenues for the actors behind BADBOX 2.0.

I also want to extend a special thank you to The Shadowserver Foundation for sinkholing key BADBOX 2.0 command-and-control domains. As a result of their swift action, over a million infected devices now beacon to Shadowserver-managed infrastructure instead of criminal servers, stripping the threat actor of a substantial portion of its botnet. A live view of that global neutralization is available on Shadowserver’s public dashboard.

This investigation is very much ongoing. The adversaries responsible for BADBOX 2.0 have shown they will iterate quickly, shifting infrastructure and re-seeding supply chains when pressured. HUMAN researchers will continue to hunt for new variants, share indicators with the FBI and our industry peers, and deploy fresh detections across the Human Defense Platform to protect customers worldwide.

In the meantime, we urge manufacturers, retailers, and consumers to follow the mitigation guidance in the FBI PSA: purchase devices from reputable vendors, keep firmware up to date, monitor network traffic for anomalies, and avoid unofficial app stores. If you suspect a device on your network is compromised, disconnect it immediately and file a report at ic3.gov.

I want to personally thank every partner who leaned in—especially our colleagues at Google—for the openness, speed, and determination that made this collective defense possible. Together we are raising the cost of fraud and making the internet safer for everyone.

To learn more about securing your network and data against bad actors and malware strategies like BADBOX 2.0, visit HUMAN Security’s brief on human defense in the Public Sector.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Comprehensive Identity Security: 1Kosmos Achieves FedRAMP High Authorization and Kantara Certification

Posted on by Christine Owen

As cybersecurity demands increase across all levels of Government, 1Kosmos’s credential service provider (CSP) platform represents a shift in how agencies approach identity verification and authentication. Rather than forcing agencies into rigid, one-size-fits-all solutions, the platform offers unprecedented flexibility through its modular architecture. Organizations can deploy everything from simple document capture for in-person verification to comprehensive digital identity wallets that put end-users in complete control of their personal information.

This adaptability proves crucial for Government agencies with diverse operational requirements. Some organizations need only Identity Assurance Level 2 (IL2) workflow integration with existing identity providers like Okta or Microsoft, while others require the full spectrum of identity verification, digital wallet creation and Authenticator Assurance Level 2 (AL2) authentication capabilities. The platform’s ability to scale from basic document verification to complete identity lifecycle management ensures agencies can start with their immediate needs and expand functionality as requirements evolve.

The Power of Dual Certification

As the only CSP to achieve both FedRAMP High authorization and Kantara certification, 1Kosmos has established itself as the definitive solution for Government agencies seeking uncompromising identity security. This dual certification creates a security foundation unmatched in the identity verification space and works in concert to address both the “what” and “how” of secure digital identity management. Kantara certification, based on National Institute of Standards and Technology (NIST) 800-63-3 digital identity guidelines, validates that the platform operates according to the gold standard for identity verification processes and procedures.

FedRAMP High authorization takes security to the next level, implementing over 400 security controls based on NIST 800-53 standards. This represents the most stringent civilian agency security requirements available, with only 20 additional controls separating High from IL4 defense-level certification. The comprehensive nature of these controls means agencies receive verified, not just claimed, security hardening that has undergone rigorous third-party assessment.

This dual certification approach provides Government buyers with unprecedented assurance. While other solutions may meet basic compliance requirements, 1Kosmos offers the most verified hardening available in the market. For agencies navigating complex procurement requirements across Federal, State and Local levels, this certification combination simplifies vendor evaluation and reduces compliance risk. The FedRAMP High baseline ensures smooth flow-down compliance for State and Local implementations, eliminating the complexity of multiple security assessments.

Security and Privacy by Design

True security extends far beyond meeting regulatory checkboxes, and 1Kosmos has embedded privacy and security principles into every aspect of the platform’s architecture. The decision to pursue FedRAMP High from the outset reflects a commitment to protecting what 1Kosmos considers the highest-value data in existence: end-user personally identifiable information (PII).

1Kosmos, 1Kosmos Achieves FedRAMP High Authorization and Kantara Certification, blog, embedded image, 2025

Every piece of data within the 1Kosmos environment undergoes Federal Information Processing Standards (FIPS) 140-3 encryption both in transit and at rest. This is not merely a compliance requirement—it is a recognition that Government agencies entrust identity platforms with irreplaceable citizen information. The platform employs a unique double-encryption approach for digital wallets, where identity evidence receives initial encryption before being secured again within the user’s wallet, with encryption keys remaining under end-user control exclusively.

The platform operates on a privacy-first data retention philosophy. By default, the system processes identity data, stores only what is necessary for wallet creation and immediately deletes excess information. This approach ensures that data remains in the system only as long as operationally required, with automatic deletion on specified retention dates. The platform’s architecture makes it impossible for 1Kosmos or their customers to access end-user wallet data without explicit user consent, creating true user sovereignty over personal information.

What is More Valuable Than Identity?

The question of data value reveals why identity security demands such rigorous protection. In commercial contexts, student records command higher dark web prices than credit card or healthcare information due to the extended window before detection—students typically do not monitor credit for years after graduation. This extended vulnerability period makes educational identity data particularly attractive to cybercriminals and highlights why robust identity verification is essential across all Government sectors.

Government agencies face even higher stakes. Beyond financial fraud, identity compromise can affect national security, citizen services and public trust. The 1Kosmos platform addresses these concerns through continuous security monitoring and automated threat detection capabilities that immediately alert administrators to potential security issues. This proactive approach, combined with comprehensive logging and audit capabilities, ensures agencies maintain complete visibility into their identity security posture.

The platform’s global deployment success stories demonstrate scalability and reliability under real-world conditions. One global business process outsourcing company successfully transitioned half their worldwide user base to 1Kosmos authentication within just two months, showcasing the platform’s ability to handle massive-scale implementations without compromising security or performance.

Building the Future of Government Identity Security

As Government agencies accelerate digital transformation initiatives, the need for trustworthy, scalable identity solutions becomes increasingly critical. The 1Kosmos platform provides the security foundation necessary for agencies to confidently expand digital services while maintaining the highest protection standards for citizen data. With plans to extend certification to IL4 levels for defense customers, 1Kosmos continues pushing the boundaries of what is possible in Government identity security.

Learn more about how 1Kosmos can transform your agency’s identity security posture by exploring their comprehensive platform capabilities and certification achievements.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including 1Kosmos we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

7 Reasons Why Trustwave’s FedRAMP Status is Key for U.S. Vendors

Posted on by Bill Rucker

While selling technology or services to the U.S. Federal Government offers a tremendous opportunity, it also involves navigating complex requirements—especially in the area of cybersecurity.

Federal agencies handle sensitive data and demand the highest levels of security assurance.

This is where the Federal Risk and Authorization Management Program (FedRAMP) comes in, acting as the crucial gatekeeper for cloud services used by the Government.

For vendors looking to succeed in the Federal marketplace, partnering with or building upon services from a FedRAMP-authorized provider isn’t just helpful—it’s often essential.

Trustwave has achieved FedRAMP Authorization for its Government Fusion platform (delivering Managed Detection and Response (MDR) and Co-Managed SIEM/SOC services) which makes Trustwave an ideal partner for any U.S. Government vendor, and here’s why:

1. Instant Credibility: The FedRAMP Stamp of Approval

FedRAMP is the standardized, rigorous security framework mandatory for Federal agency cloud deployments. Achieving FedRAMP Authorization is a lengthy, complex and resource-intensive process, demonstrating an exceptional commitment to security.

Leveraging Trustwave’s FedRAMP-authorized platform instantly elevates your offering’s credibility. It signals to agencies that the underlying security meets the Government’s stringent standards and is vetted through an exhaustive process. Trustwave is notably the first pure-play MDR provider to achieve this status, adding further weight to its credentials.

2. Enhanced Trust and Credibility

Achieving FedRAMP authorization is no small feat. It involves a rigorous evaluation process that includes detailed security assessments and continuous monitoring. Trustwave’s compliance with these standards enhances its credibility and trustworthiness, making it a reliable partner for Government vendors who must adhere to strict security protocols.

Trustwave, 7 Reasons Why Trustwave's FedRAMP Status is Key for US Vendors, blog, embedded image, 2025

3. Meeting Rigorous Federal Security Mandates

FedRAMP isn’t just a checkbox; it ensures robust, ongoing security. Authorization requires continuous monitoring, regular assessments and adherence to strict controls based on NIST standards.

Partnering with Trustwave assures agencies that your solution’s security components adhere to these high standards. Furthermore, Trustwave’s authorization, operating within AWS GovCloud and meeting “U.S. eyes only” requirements, directly supports vendors needing to comply with other critical mandates like the Cybersecurity Maturity Model Certification (CMMC) required for the Defense Industrial Base (DIB).

4. Access to a Wider Government Market

Simply put, FedRAMP authorization is often a non-negotiable requirement for Federal cloud contracts. Without it, market access is severely limited.

By partnering with Trustwave, you align your solution with a provider that has already unlocked the door to Federal agencies requiring FedRAMP compliance. This accomplishment expands your potential customer base significantly. Trustwave also holds GovRAMP authorization, potentially easing access to State and Local Government markets as well.

5. Leveraging Proven Cybersecurity Expertise

Trustwave’s FedRAMP authorization covers its Government Fusion platform, delivering critical Managed Detection and Response and Co-Managed SOC services operated by cleared U.S. personnel.

This means you’re not just getting compliance; you’re gaining the backing of a recognized leader in threat detection, response and managed security. Access to Trustwave’s expertise, including insights from their elite SpiderLabs team, strengthens your overall security posture and value proposition.

6. Continuous Monitoring and Improvement

FedRAMP requires continuous monitoring of security controls and regular updates to address emerging threats. Trustwave’s commitment to ongoing security improvements ensures that Government vendors benefit from the latest advancements in cybersecurity. This proactive approach helps mitigate risks and enhances the overall security posture of Government operations.

7. Support for Cloud Adoption

As Government agencies increasingly adopt cloud technologies, having a FedRAMP-authorized partner like Trustwave is invaluable. Trustwave’s expertise in cloud security helps Government vendors transition to the cloud securely, ensuring compliance with Federal regulations while leveraging the benefits of cloud computing.

In the competitive and security-conscious Federal marketplace, alignment with FedRAMP is critical. Trustwave’s FedRAMP Authorization achievement provides U.S. Government vendors with a powerful advantage.

Partnering with Trustwave offers enhanced credibility, accelerates procurement cycles, ensures compliance with stringent security mandates like FedRAMP and CMMC, broadens market access and leverages world-class cybersecurity services.

For vendors serious about succeeding in the U.S. Public Sector, Trustwave’s FedRAMP status makes them a perfect fit.

To learn more about why partnering with a FedRAMP authorized vendor like Trustwave Government Solutions can help your organization succeed in the Federal marketplace, please visit TGS.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Trustwave we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Preparing Federal Systems for Post-Quantum Security: A Strategic Approach

Posted on by Gina Scinta

Federal agencies face an urgent timeline to protect their most sensitive data from quantum computing threats. Quantum computers leverage physics principles like superposition and entanglement to perform calculations faster than classical computers, posing a significant threat to current encryption standards. Adversaries employ “harvest now, decrypt later” tactics, collecting encrypted data to store until there is a quantum computer powerful enough to break the encryption. The National Institute of Standards and Technology (NIST) released standardized Post-Quantum Cryptography (PQC) algorithms designed to withstand quantum attacks, ensuring long-term data security. The U.S. Federal Government has also issued guidance urging Federal agencies to update their IT infrastructure and deploy crypto-agile solutions that utilize today’s classical encryption algorithms and provide the ability to upgrade to PQC algorithms to combat this threat.

With the Cloud Security Alliance projecting cryptographically relevant quantum computers by 2030, agencies must implement these quantum-resistant algorithms before current security measures become obsolete.

The Quantum Threat Landscape

Current public key infrastructure (PKI), which underpins the internet, code signing and authentication, faces an existential threat from quantum computing. This vulnerability extends beyond theoretical concerns to three specific risk areas affecting Federal systems:

Harvest Now, Decrypt Later: Attackers intercept communications and data today, storing them until quantum computers can break the encryption—potentially exposing Government secrets and sensitive information.
Forged Signatures: Quantum capabilities could enable impersonation of trusted entities, allowing attackers to load malicious software to long-life devices or create fraudulent financial transactions that impact both commercial and Federal Government systems.
Man-in-the-Middle Attacks: Advanced quantum computing could facilitate access to secure systems, potentially compromising military command and control (C2) environments, disrupting critical infrastructure and interfering with elections.

The most vulnerable assets are those containing long-lived data, including decades of trade secrets, classified information and lifetime healthcare and personal identifiable information. Short-lived data that exists for hours or months faces considerably less risk from quantum-enabled decryption.

Post-Quantum Cryptography Standards and Timeline

The standardization of quantum-resistant algorithms represents the culmination of an eight-year process spearheaded by NIST. In August 2024, NIST published its final standards for three critical algorithms:

ML-KEM (formerly Crystals-Kyber) | FIPS 203 | Key Encapsulation
ML-DSA (formerly Crystals-Dilithium) | FIPS 204 | Digital Signature
SLH-DSA (formerly HSS/LMS) | FIPS 205 | Stateless Hash-Based Signature

A fourth algorithm, FND-DSA (formerly Falcon), is still pending finalization. Simultaneously, NIST has released Internal Report (IR) 8547, providing comprehensive guidelines for transitioning from quantum-vulnerable cryptographic algorithms to PQC.

The National Security Agency’s (NSA) Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), released in September 2022 with an FAQ update in April 2024, outlines specific PQC requirements for National Security Systems. These standards have become reference points for Federal agencies beyond classified environments, establishing a staggered implementation timeline:

2025-2030: Software/firmware signing
2025-2033: Browsers, servers and cloud services
2026-2030: Traditional networking equipment
2027: Begin implementation of operating systems

Crypto Agility and Transition Strategy

It is essential for Federal agencies to deploy crypto-agile solutions that provide the ability to quickly modify underlying cryptographic primitives with flexible, upgradable technology. This capability allows organizations to support both current algorithms and future quantum-resistant ones without hardware replacement.

A comprehensive transition strategy includes seven critical steps:

Awareness: Understand the challenges, risks and necessary actions to prepare for quantum threats.
Inventory and Prioritize: Catalog cryptographic technologies and identify high-risk systems—a process the Cybersecurity and Infrastructure Security Agency (CISA) mandated via spreadsheet submission last year.
Automate Discovery: Implement tools that continuously identify and inventory cryptographic assets, recognizing that manual inventories quickly become outdated.
Set Up a PQC Test Environment: Establish testing platforms to evaluate how quantum-resistant algorithms affect performance, as these algorithms generate larger keys that may impact systems differently.
Practice Crypto Agility: Ensure systems can support both classical algorithms and quantum-resistant alternatives, which may require modernizing end-of-life hardware security modules.
Quantum Key Generation: Leverage quantum random number generation to create quantum-capable keys.
Implement Quantum-Resistant Algorithms: Deploy PQC solutions across systems, beginning with high-risk assets while preparing for a multi-year process.

Practical Implementation of PQC

Thales, Preparing Federal Systems for Post Quantum Security, blog, embedded image, 2025

Federal agencies should look beyond algorithms to consider the full scope of implementation requirements. The quantum threat extends to communication protocols including Transport Layer Security (TLS), Internet Protocol Security (IPSec) and Secure Shell (SSH). It also affects certificates like X.509 for identities and code signing, as well as key management protocols.

Hardware security modules (HSMs) and high-speed network encryptors serve as critical components in quantum-resistant infrastructure. These devices must support hybrid approaches that combine classical encryption with PQC to maintain backward compatibility while adding quantum protection.

The National Cybersecurity Center of Excellence (NCCoE) is coordinating a major post-quantum crypto migration project involving more than 40 collaborators, including industry, academia, financial sectors and Government partners. This initiative has already produced testing artifacts and integration frameworks available through NIST Special Publication (SP) 1800-38.

Crypto Discovery and Inventory Management

Automated discovery tools represent a crucial capability for maintaining an accurate and current inventory of cryptographic assets. Unlike the one-time manual inventories many agencies completed in 2022-2023, these tools enable continuous monitoring of cryptographic implementations across the enterprise.

Several vendors offer specialized solutions for cryptographic discovery, including InfoSec Global, Sandbox AQ and IBM. These tools can:

Discover and classify cryptographic material across environments
Identify which assets are managed or unmanaged
Determine vulnerability to quantum attacks
Support centralized crypto management and policies

The Cloud Security Alliance has coined the term “Y2Q” (Years to Quantum) as an analogy to the “Y2K bug,” highlighting the need for systematic preparation. However, the quantum threat represents a potentially more significant risk than Y2K, with a projected timeline that places a cryptographically relevant quantum computer capable of breaking current cryptography by April 14, 2030.

Moving Forward with Quantum-Resistant Security

The transition to post-quantum cryptography is not optional for Federal agencies—it is an imperative. While the process requires significant investment in time and resources, the alternative—leaving sensitive Government data vulnerable to decryption—poses an unacceptable risk to national security.

Agencies should begin by evaluating their existing cryptographic inventory, prioritizing systems with long-lived sensitive data and developing implementation roadmaps aligned with NIST and NSA timelines. By taking incremental steps today toward quantum-resistant infrastructure, Federal organizations can ensure their critical information remains secure in the quantum computing era.

To learn more about implementing quantum-resistant security in Federal environments, watch Thales Trusted Cyber Technologies’ (TCT) webinar, “CTO Sessions: Best Practices for Implementing Quantum-Resistant Security.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Thales TCT we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Hidden Threat: Why Ignoring Non-Human and Third-Party Identities is a Risk You Cannot Afford

Posted on by Frank Briguglio

I had the opportunity to present and discuss the threat of Non-Human and Third-party Identities at AFCEA TechNet Cyber with the Department of Defense (DoD) community. It is obvious that the maturity of Identity, Credential and Access Management (ICAM) and all identities is top of mind. The Industry, the National Institute of Standards and Technology (NIST), Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (DHS CISA) and the DoD are all starting to focus on the problem, as it is recognized that identity is no longer just an IT problem—it is the front line of defense. We have been deep in digital transformation and the adoption of Zero Trust frameworks and have discovered an inconvenient truth: most organizations are flying blind when it comes to managing the very identities that power their operations—non-human and third-party users.

And that is a problem.

The New Cyber Perimeter: Identity

The old perimeter—firewalls and virtual private networks (VPNs)—is dead. What stands between you and the next breach is your ability to govern who or what has access to your systems. Yet many agencies remain fixated on credentials and authentication, while ignoring vast swaths of non-human actors (bots, robotic process automations (RPAs), service accounts) and external partners (vendors, contractors, mission partners).

This is not just a gap. It is a canyon.

According to Deloitte, 63% of organizations lack visibility into third-party access. Even more troubling, most have no way to list or audit all machine identities operating in the background. These invisible accounts often have persistent, high-level access and no formal governance, making them prime targets for threat actors.

Real-World Breaches, Real-World Consequences

Look no further than the SolarWinds and Okta breaches. In both cases, attackers exploited unmanaged service accounts or contractor credentials to move laterally and escalate privileges. These were not arcane zero-days—they were lapses in identity governance. And they cost credibility, customer trust and in some cases, national security.

The lesson? You cannot protect what you cannot see. And you definitely cannot secure what you do not control.

Why Automation and Governance Are Non-Negotiable

In a Zero Trust architecture, access is no longer assumed—it is continuously verified. But that verification breaks down when service accounts are created ad hoc, with no expiration dates, no ownership and no audit trail. The same goes for third-party users who are onboarded through spreadsheets or informal emails, then forgotten once their project ends—yet their access lives on.

This is how breaches happen.

Governance gaps like these leave organizations exposed to avoidable risks: policy drift, compliance violations, excessive access rights and a lack of accountability. Without automation and lifecycle management, identities multiply faster than security teams can manage them—leading to sprawl, privilege creep and ultimately attack surface expansion.

The Case for Identity-Centric Security

Modern enterprises need identity security platforms that extend beyond the traditional workforce. That means treating machine and third-party identities with the same level of scrutiny, controls and lifecycle management as full-time employees.

SailPoint’s approach offers a compelling blueprint:

Non-Employee Risk Management (NERM): Centralized, auditable workflows for third-party access, including onboarding, offboarding and access reviews.
Machine Identity Security (MIS): AI-driven discovery, classification, ownership assignment and access certification for bots, RPAs and service accounts.

Together, these capabilities provide visibility and governance across all identities, regardless of origin. They also support Zero Trust mandates like least privilege, just-in-time access and continuous verification.

Business Benefits Beyond Security

This is not just about reducing risk. It is about enabling speed and scale without sacrificing control.

With strong identity governance:

Mission partners and contractors get the access they need faster—without creating long-term exposure.
Audit preparation becomes easier, with clear logs of who had access to what, when and why.
Compliance improves, especially in regulated industries, based on NIST and other frameworks.
Security teams can shift from reactive firefighting to proactive risk management.

And perhaps most importantly: organizations become more resilient in the face of evolving threats.

The Bottom Line

Cybersecurity is no longer just about protecting data—it is about protecting trust. And trust starts with visibility and control over every identity that touches your systems.

If your organization is still relying on outdated processes to manage non-human and third-party users, now is the time to act. Inaction is not neutral—it is a strategic liability. As attack surfaces expand and adversaries grow more sophisticated, unmanaged identities will remain the soft underbelly of your defenses.

Zero Trust is not just a framework—it is a mindset. And in that mindset, every identity matters.

It is time to see what has been hiding in plain sight.

Ready to reinforce your identity perimeter? Discover how SailPoint’s ICAM solutions empower organizations to manage digital identities with precision. Explore Now.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Snyk for Government Achieves FedRAMP Moderate Authorization: A Milestone for Secure Government Software

Posted on by Danny Allen

Today marks a significant milestone for Snyk and, more importantly, for the security posture of the U.S. Government. I’m thrilled to introduce Snyk for Government, our FedRAMP Moderate authorized solution for the Public Sector.

This authorization underscores our unwavering commitment to providing secure development solutions that meet the rigorous standards of the Federal Risk and Authorization Management Program (FedRAMP). It means that U.S. Government agencies can now confidently leverage Snyk’s comprehensive platform to identify and remediate vulnerabilities throughout their software development lifecycle, knowing it meets the stringent security and compliance requirements mandated by the Federal Government.

This achievement is not just a certification; it’s a testament to our dedication to building trust and ensuring the integrity of the software that powers critical Government functions. It allows agencies to embrace modern development practices, including the use of open source software and cloud-native technologies, with the assurance that security is baked in from the start.

The Power of Proactive Security

At Snyk, we believe that security shouldn’t be an afterthought. It needs to be an integral part of the development process. Our platform empowers developers to find and fix vulnerabilities in their code, dependencies, containers and infrastructure as code – early and often. This proactive approach not only reduces risk but also accelerates development cycles by preventing security issues from becoming costly roadblocks later on.

Snyk for Government offers the same powerful capabilities that our enterprise customers rely on, tailored to the specific needs and compliance requirements of Government agencies based on NIST 800-53v5 security controls. This includes:

Comprehensive Vulnerability Detection: Identifying security flaws in open source libraries, proprietary code, containers and infrastructure configurations.
Actionable Remediation Advice: Providing clear guidance and automated fixes to address vulnerabilities quickly and efficiently.
Policy Enforcement: Enabling organizations to define and enforce security policies across their development teams.
Integration with Developer Tools: Seamlessly integrating with popular IDEs, build tools and CI/CD pipelines.
Detailed Reporting and Compliance Features: Providing the visibility and documentation needed to meet FedRAMP requirements.

Investing in the Future of Security: The Snyk AI Advantage

At Snyk we recognize the transformative potential of AI in cybersecurity. By leveraging machine learning and advanced algorithms, we are building intelligent capabilities into our platform that will provide even more accurate vulnerability detection, smarter remediation recommendations and enhanced threat intelligence.

AI is accelerating development faster than ever with Snyk you can ensure the code flooding your systems is secure and, beyond development, verify AI-powered apps aren’t creating unmanaged security risks. Ensure your organization stays secure our AI enabled agentic solution:

Keep Pace with Development: Learn how to scale security to match AI-generated code’s unprecedented speed and volume.
Staying Ahead of New Threat Vectors: Tackle emerging AI threats as apps increasingly leverage LLMs.
Adapting Developer Workflows: Explore the evolving role of developers and the skills needed for a new era of AI-assisted coding and building AI-powered apps.
Build Upon ApSec Governance: Leverage AppSec governance towards secure AI adoption and risk management.

For U.S. Government agencies, these AI-driven advancements will translate into a more resilient and secure digital infrastructure. For the enterprises that service the Government, integrating Snyk’s AI-powered platform into their development processes will not only help them meet stringent security requirements but also provide a competitive edge by building more secure and reliable solutions.

The FedRAMP Moderate authorization for Snyk for Government is a significant step forward in our mission to empower organizations to build securely. Combined with our ongoing investment in cutting-edge technologies like AI, we are confident that Snyk will continue to be a trusted partner for the U.S. Government and its partners in navigating the evolving landscape of software security.

We are excited about this milestone and look forward to helping Government agencies and their partners build a more secure digital future, together.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Torq we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

From Concept to Implementation: Operationalizing Zero Trust Architecture in Government Environments

Posted on by Norman Wong

Zero Trust has evolved over the last 15 years into a cornerstone of Federal cybersecurity strategy, influencing enterprises as well as State and Local Governments. While the principles of continuous authentication and least privilege are widely accepted, many organizations still need the industry’s support with implementation.

The National Institute of Standards and Technology’s (NIST) National Cyber Center of Excellence (NCCoE) has bridged this gap by offering practical guidance for applying Zero Trust concepts in real-world solutions.

Understanding Zero Trust Principles

Zero Trust is a cybersecurity strategy built on the assumption that networks are already compromised, making it the most resilient approach for securing today’s hybrid environments. Rather than relying on network perimeters, Zero Trust focuses on continuous authentication and verification of every access request, regardless of where those resources are located.

This approach requires organizations to secure all communications through encryption and authentication, grant access on a per-session basis with least privileges, implement dynamic policies, continuously monitor resource integrity and authenticate before allowing access. The objective is to reduce implicit trust between enterprise systems to minimize lateral movement by potential attackers.

Organizations must also collect and analyze as much contextual information as possible to create more granular access policies and strengthen current controls for an enhanced Zero Trust Architecture (ZTA).

NIST’s Role and Guidance

NIST has been instrumental in defining and operationalizing Zero Trust through guidance documents and practical demonstrations like Special Publication (SP) 800-207, published in 2020, which established the foundation for ZTA. Building on this framework, NIST’s NCCoE worked with industry, Government and academia to launch a project to show how these concepts could be implemented in real-world environments.

Initially focused on three example implementations, the project expanded to 19 different ZTA implementations using technologies from 24 industry collaborators, including Palo Alto Networks.

These implementations were built around three primary deployment approaches:

Enhanced Identity Governance: Emphasizes identity and attribute-based access control, ensuring access decisions are linked to user identity, roles and context.
Microsegmentation: Uses smart devices such as firewalls, smart switches or specialized gateways to isolate and protect specific resources.
Software-Defined Perimeter (SDP): Creates a software overlay to protect infrastructure—like servers and routers—by concealing it from unauthorized users.

Although not included in SP 800-207, the project also recognized Secure Access Service Edge (SASE) as an emerging deployment model that integrates network and security functions into a unified, cloud-delivered service.

Practical Implementation Strategies

Palo Alto Networks - Operationalizing Zero Trust - Blog - Embedded Image - 2025

The NCCoE project tackled the critical question: where should organizations start on their Zero Trust journey? By adopting an agile, incremental approach with “crawl, walk and run” stages, the project phased its implementation based on deployment approaches. This allowed gradual, manageable builds while addressing real-world complexities.

Technologies such as firewalls, SASE with Software-Defined Wide Area Network (SD-WAN) and Endpoint Detection and Response (EDR) using Palo Alto Networks Cortex XDR® were utilized, with remote worker scenarios reflecting modern hybrid environments. NIST SP 1800-35 outlines the phased approach and provides a practice guide, including technologies, reference architectures, use cases, tested scenarios and security controls built into each implementation.

One of the most significant challenges addressed was interoperability between different security solutions. Rather than overhauling infrastructure, organizations can leverage existing technologies while gradually introducing new solutions to enhance security and move toward a mature ZTA.

Integrating Technology Solutions

The NCCoE highlighted how comprehensive security platforms enable Zero Trust principles across hybrid environments. Palo Alto Networks presented a comprehensive ZTA built with artificial intelligence (AI) and machine learning (ML), leveraging capabilities including Cloud Identity Engine for federated identity management, next-generation firewalls for microsegmentation, cloud-delivered security services and SASE for remote access and EDR.

The approach focused on three key objectives:

Continuous trust verification and threat prevention
Single policy enforcement across all environments
Interoperability with other security solutions

AI was embedded throughout the platform—from policy creation to user and device analysis—ensuring that Zero Trust policies are enforced consistently and adapted automatically in response to evolving threats. This intelligent strategy provides a scalable and resilient foundation for securing modern, hybrid environments.

Community Collaboration and A Holistic Approach

The success of the NCCoE project underscored the importance of collaboration between Government and industry to develop practical Zero Trust solutions. This partnership enabled the development of a holistic security monitoring system that can track user behavior across on-premises, cloud and remote environments. The integration of AI and ML streamlined incident response, reducing mean time to detection and resolution.

Experts recommend that organizations begin their Zero Trust journey with fundamental capabilities such as identity and access management (ICAM), endpoint security and compliance and data security. Implementing multi-factor authentication (MFA), integrated with existing Active Directory (AD) systems or identity providers, is an effective first step in strengthening access security. Monitoring network traffic and endpoint behavior using threat intelligence, user behavior analytics and AI allows organizations to proactively detect and respond to threats, providing a solid foundation for a resilient ZTA.

The journey to operationalizing Zero Trust continues to evolve, with NIST planning updates to their guidance documents to address emerging technologies like SASE and special considerations for operational technology (OT) environments. By adopting the principles, frameworks and practical implementation approaches demonstrated through the NCCoE project, Government agencies can develop more resilient security architectures that protect resources across diverse environments.

To learn more about implementing ZTAs in Government environments, watch the full webinar “Operationalizing Zero Trust: NIST and End-to-End Zero Trust Architectures,” presented by Palo Alto Networks, NIST and Carahsoft.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Palo Alto Networks, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Why Cloud, Why Now? Modernizing federal IT: Why the cloud is becoming the new standard

Posted on by Arham Dowla

The shift to Atlassian Government Cloud unlocks new potential for federal agencies

Modernization has been a Federal priority for over a decade, but the realities of legacy systems, compliance mandates and limited resources have forced IT leaders to make hard tradeoffs. The pandemic accelerated digital transformation, proving just how critical resilient, cloud-based systems are to mission continuity and citizen services.

Yet many agencies have remained tethered to on-premises tools not by choice, but by compliance constraints.

Now that Atlassian Government Cloud is FedRAMP Moderate authorized, agencies can confidently shift core collaboration and service delivery workloads to the cloud with security and compliance in place.

The opportunity to modernize is clearer than ever. With compliance barriers removed, cloud adoption becomes not just feasible, but foundational to moving missions forward.

FedRAMP Moderate removes the guesswork

Atlassian Government Cloud is a dedicated environment built specifically for public sector teams and limited to U.S. Government agency and contractor usage. It delivers the performance Federal agencies need, with the security and compliance they require.

This includes:

FedRAMP Moderate Authorization for Jira, Confluence and Jira Service Management
Dual-region hosting on AWS commercial US East/West regions
Continuous monitoring aligned to FedRAMP Moderate standards

Atlassian’s Government cloud platform is built on the same architecture that powers Cloud Enterprise, offering the scale, reliability and control public sector teams need. It’s designed to reduce friction and deliver continuous innovation while maintaining trust and transparency.

From patching systems to powering missions

Agencies that remain on legacy infrastructure are fighting a battle on two fronts: maintaining outdated systems while trying to meet new mission demands. That approach is no longer sustainable.

Modernizing with Atlassian Government Cloud eliminates the distractions of infrastructure maintenance and opens the door to high-impact work. Instead of managing update cycles or responding to fire drills, IT teams can shift their focus to scaling digital services, working with disparate teams and improving citizen-facing outcomes.

For IT administrators, this shift is transformational. Cloud offloads the operational burden they’ve carried for years—manual upgrades, weekend patching, surprise outages. With that weight lifted, teams can focus on enabling smarter service delivery across the agency.

As Jeff Garrett, Technical Product Manager at the California Department of Health Care Services shared, “I’ve had to maintain server infrastructure in the past. It’s not pleasant. Being on Atlassian Cloud Enterprise means we don’t have to do that anymore. Plus, we can add and remove applications quickly.”

This is how mission work moves forward with greater speed, clarity and alignment.

Built-in collaboration, automation, and insight

Atlassian Government Cloud offers more than security and compliance. It enables new ways of working across teams and departments, aligning your entire agency and harnessing your data.

Consider this scenario: A Federal program team launches a new initiative to expand community outreach. Rather than waiting weeks for a custom workflow, they spin up a new Jira project using a pre-built template with no administrator required. HR and legal teams contribute to project planning in Confluence, while real-time insights track progress across departments. No tickets. No silos. Just forward momentum.

The scenario above shows how teams can move faster using features like team-managed projects and templates in Jira, along with native incident management in Jira Service Management.

In addition to streamlining work, Atlassian Government Cloud will soon include Atlassian Analytics, bringing cross-product visibility and supporting data-driven decision-making across teams.

Beyond what’s available in Atlassian Government Cloud today, we’re also committed to delivering the same innovative features you’ll find in our commercial products, like Confluence Whiteboards and Goals. We’re actively developing our roadmap for Atlassian Government Cloud and will share more information soon.

Migration isn’t a barrier. It’s a supported journey

Atlassian has helped thousands of organizations transition to the cloud, including some of the world’s largest enterprises and Government agencies. We have reliable tooling for migrating data from Data Center to Atlassian Government Cloud that has been hardened through years of supporting migrations to commercial cloud. And for those migrating from commercial cloud to AGC, we’re releasing tooling for this soon.

Federal teams benefit from specialized migration support designed to streamline the process and minimize risk. That includes:

A Cloud Migration Manager assigned to each Atlassian Government Cloud project
Migration guides, training resources and toolkits to support end-user adoption
The choice to engage with a network of experienced solution partners if your agency wants even more support.

Agencies already using Atlassian Cloud are seeing measurable results that support faster delivery, smarter governance and stronger collaboration:

Utah Department of Technology Services cut Jira project setup time by 90%, enabling faster response to internal and citizen needs
California Department of Health Care Services standardized on Atlassian Cloud and reduced one project’s delivery time from 18 months to 6 months, cutting costs from $2.8M to $600K

With Atlassian, cloud migration becomes a guided path to modernization — not an obstacle.

The results are measurable

The shift to Atlassian Government Cloud delivers tangible results. Early adopters, including public sector agencies and private sector enterprises, are already seeing gains in performance, collaboration, and insight.

In a recent customer impact survey, organizations migrating to Atlassian Cloud reported:

Up to a 53% increase in productivity
47% improvement in cross-functional collaboration
44% gain in insight-driven decision-making

These outcomes directly support the goals of Federal agencies: improved cross-team collaboration, greater agility and faster progress on mission priorities. In a time when agencies are under pressure to do more with less, results like these make a big impact.

Take the next step

With FedRAMP Moderate authorization in place, Federal agencies can now adopt Atlassian Government Cloud with confidence. It’s time to move from maintaining systems to empowering missions.

Curious about your agency’s migration path to Atlassian Government Cloud? You can become a part of our Early Access Program. Join the waitlist here!

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Atlassian we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

SOC of the Future: Advanced Strategies for Modern Cybersecurity Challenges

Posted on by John McCann

Carahsoft-Innovative Care for Shadow Warriors-blog-embedded image-2025

In today’s fast-paced digital world, security teams are under immense pressure to defend against a surge in sophisticated cyber threats. Expanding attack surfaces, driven by new technologies, cloud adoption, remote work and interconnected devices, create countless entry points for attackers. Security Operations Centers (SOCs) must evolve by leveraging automation, AI and machine learning (ML) to stay ahead—cutting through the noise, accelerating threat detection and streamlining responses to provide scalable, real-time defense against ever-evolving risks.

Modern SOC Challenges

As cyber threats continue to rise in both frequency and sophistication, SOCs are coping with an overwhelming volume of security incidents. Check Point Software’s 2025 Security Report reveals a staggering 44% year-over-year increase in cyberattacks, highlighting the urgent need for stronger, more scalable defenses.

Organizations are no longer operating within clearly defined perimeters. Today’s digital environments are sprawling and dynamic, spanning on-premises infrastructure, multi-cloud deployments, software as a service (SaaS) platforms, Internet of Things (IoT) devices and a remote workforce. Each layer adds complexity—and with it, new vulnerabilities. The expanding attack surface increases not only the number of potential entry points but also the volume of activity that must be monitored.

This leads to another major challenge: organizations are now generating unprecedented volumes of security data. SOCs are tasked with analyzing vast, continuous streams of telemetry to detect threats in real time but extracting meaningful insights from this flood of data has become increasingly difficult.

While traditional Security Information and Event Management (SIEM) systems remain a core component of enterprise security, they are struggling to keep up. Many SIEM platforms are constrained by schema designs, database capacity and a limit on the number of detection rules that can be ingested.

As a result, SOCs are often forced to make difficult trade-offs, choosing which data to collect and analyze based on storage and processing limitations. This selective approach creates blind spots, potentially allowing critical threats to go undetected. In fact, 56% of organizations report coverage gaps directly linked to the limitations of legacy SIEM systems, underscoring the need for modernization.

Alert fatigue is compounding the issue. Even well-configured SOCs can generate thousands of alerts daily, overwhelming analysts and increasing the risk of real threats being missed. According to a 2023 RSA survey by Gurucul, 61.37% of security teams report receiving more than 1,000 alerts per day, while 4.29% deal with over 100,000. Alarmingly, 19.74% say the volume is so high they cannot even quantify it.

SOC Prime-SOC of the Future-blog-embedded image-2025

Beyond the operational strain, cost is another major barrier. A medium-sized organization can produce terabytes of log data every day, and storing and processing this information—especially at the scale required for comprehensive threat detection—can cost hundreds of thousands annually. SOC leaders are under constant pressure to strike a balance between broad visibility and tight budget constraints.

In this high-volume, high-velocity environment, traditional manual analysis simply cannot keep up. To close visibility gaps, reduce alert overload and operate efficiently at scale, organizations must adopt intelligent automation. Advanced analytics, ML and AI-driven detection can dramatically reduce noise, prioritize critical alerts and help SOC teams focus on what matters most—responding to real threats in real time.

The Role of Automation in SOC

Automation is a key force multiplier for SOC teams, enhancing threat response speed and accuracy. Over the past decade, security orchestration, automation and response (SOAR) solutions have had mixed success. While these solutions streamline workflows and incident response, they require significant maintenance, including scripting, playbook development and continuous security stack integration. The high total cost of ownership often outweighs initial investments, making long-term sustainability a challenge.

To address these limitations, SOCs are adopting telemetry pipelines, which intercept and filter traffic before SIEM processing, ensuring only relevant security data is analyzed. Advanced enrichment reduces redundant data, improving efficiency while lowering cloud storage costs.

Extended detection and response (XDR) solutions are also gaining traction. XDR integrates multiple security layers, correlates alerts locally and reduces reliance on centralized SIEMs. Vendor-specific XDR stacks work best within their own ecosystems but streamline threat detection and response.

Data lakes are becoming essential for long-term threat hunting, enabling analysts to detect subtle, prolonged attacks by retaining historical data for extended periods. This allows analysts to uncover patterns that might otherwise go unnoticed.

As SOC automation evolves toward autonomous SOC models and “SOCless” SIEM architectures, ML-driven algorithms will handle much of the processing and correlation, facilitating faster threat detection and response. By automating repetitive tasks like log analysis and low-level alert triage, SOC analysts can focus on complex investigations, enhancing security while addressing the skills gap.

Still, Gartner predicts that by 2030, 75% of SOC teams will see a decline in core security analysis skills as they grow too reliant on automation and AI. Therefore, deployments aimed at both augmenting human tasks and adding precision and speed to human investigations will be more effective than single-technique AI analytics. Striking the right balance between machine-driven speed and human insight seems like a feasible solution that keeps security teams agile, informed and in control of threats.

Evolving Technologies and Solutions

AI and ML capabilities enhance predictive analytics and threat-hunting capabilities, keeping SOC teams ahead of attackers. According to Gartner, by 2026, advancements like “action transformers” and the continued evolution of Generative AI (GenAI) will power semi-autonomous platforms that can greatly enhance and support the day-to-day operations of cybersecurity teams.

As cybersecurity AI assistants evolve, they will be used as more sophisticated tools for interactive support and investigation, covering tasks like incident response, risk assessment and code reviews. These tools are expected to boost efficiency and reduce response times, whether in organizations just building their security programs or in mature teams with established processes. These innovations improve threat detection and SOC readiness to withstand modern cyber risks.

Future SOC Operations

Progressive organizations understand the real value of AI/ML-powered SOC technologies that can be reasonably used and shift their focus from single-technique tools to building integrated systems that fuse software, AI and human expertise. Achieving scalable impact means having a clear strategy that targets the most meaningful opportunities.

Additionally, investment in workforce development and upskilling will be essential to bridging the cybersecurity talent gap. Organizations that invest in these areas will elevate their SOC effectiveness, better safeguard critical assets and build a resilient, future-ready cybersecurity posture.

To gain deeper insights into these strategies and hear directly from industry experts, watch SOC Prime’s webinar, “The SOC of the Future: Advanced Strategies to Evolve SOC for Modern-Day Enterprise Cybersecurity.”

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SOC Prime we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Modern Fraud Threats in Government Relief Programs: How Agencies Can Defend Against Cybercrime

Posted on by Joe Rogers

A recent investigation by CBS News’ “60 Minutes” has highlighted a significant issue: organized crime rings, often operating from overseas, are using stolen identities to steal billions of dollars from the U.S. Federal and State programs. These sophisticated fraud schemes specifically target public assistance initiatives, taking advantage of digital vulnerabilities and overwhelmed systems. The COVID-19 pandemic accelerated the delivery of relief funds, presenting new challenges for security systems still being implemented.

As these cyber-enabled crimes grow in complexity and scale, Public Sector organizations must evolve their defenses. HUMAN Security offers a modern solution that aligns with Public Sector standards and frameworks, like the NIST Cybersecurity Framework, to protect against automated fraud, account takeovers and bot-driven exploitation.

The Expanding Threat Landscape: Government Fraud at Scale

The fraud rings described in the CBS report do not fit the Hollywood stereotype of a lone hacker in a basement. These are industrial-scale operations run by criminal syndicates that:

Use stolen or synthetic identities to apply for public benefits such as unemployment insurance, COVID relief, food assistance and housing vouchers.
Leverage bots and automated scripts to rapidly test stolen credentials against Government login portals.
Host phishing websites and fake document generators to fool verification systems.
Exploit the lack of robust digital defenses in legacy Public Sector infrastructure.

At the height of the pandemic, the U.S. prioritized the rapid distribution of trillions in relief funds to support individuals and businesses in crisis. In the urgency to deliver aid quickly, some agencies adjusted standard fraud controls—creating unforeseen opportunities for bad actors. According to the CBS report, an estimated $280 billion was lost to fraud, with an additional $123 billion categorized as wasted or misused.

The tactics employed have now evolved into permanent tools of financial exploitation. Many cybercriminals continue to exploit social welfare and Government programs by leveraging automation and AI. Fraud isn’t slowing down—it’s scaling up.

Why Public Sector Agencies Are Attractive Targets

Government systems present a unique target profile for attackers due to a combination of high-value data, broad user bases and strained IT resources. Here’s why the Public Sector is particularly vulnerable:

1. High Payout Potential

Each successful fraudulent claim can yield thousands of dollars in benefits. Fraudsters often operate in bulk, submitting thousands of applications using stolen identities.

2. Legacy Infrastructure

Many State and Local agencies still operate on outdated software stacks that lack modern bot detection or behavior-based threat analysis.

3. Lack of Real-Time Monitoring

Fraudulent applications often go undetected until after funds are dispersed. Manual review processes are insufficient to handle the volume of claims.

4. Increased Script & API Vulnerabilities

Fraudsters exploit front-end vulnerabilities, such as JavaScript manipulation or misuse of APIs, to simulate real user activity, bypass verification checks and deploy fake documents.

HUMAN Security: A Modern Solution for a Modern Threat

Carahsoft, HUMAN 60 min, blog, embedded image, 2025

HUMAN Security specializes in protecting organizations from automated attacks, fraud and abuse by distinguishing between real users and malicious bots. HUMAN’s solutions are uniquely positioned to help Public Sector agencies address the specific types of fraud exposed by 60 Minutes.

1. Bot and Automation Mitigation

Fraudsters frequently use bots to submit applications at scale, probe systems for weaknesses and conduct credential stuffing attacks. The HUMAN Defense Platform analyzes over 20 trillion digital interactions weekly to identify real-time anomalies.

Through behavioral analysis, device fingerprinting, and machine learning, we can help public sector clients:

Detect non-human interaction patterns
Prevent fake accounts from being created
Block bot-driven denial-of-service or overload attempts

2. Account Takeover & Credential Abuse Defense

Many fraud schemes begin with access to a real person’s Government credentials. We prevent account takeovers by identifying compromised credentials in real time and helping clients stop unauthorized login attempts.

Our Application Protection Package also integrates into public-facing login portals to block brute-force attempts and detect unusual login behavior.

3. Fake Identity and Synthetic Account Prevention

Fraudsters use fake IDs or generated synthetic identities to bypass identity checks. Our behavior-based analytics distinguish real users from fabricated personas—stopping fake account creation before it starts.

4. Real-Time Threat Intelligence:

By continuously monitoring emerging threats, we equip Public Sector clients with up-to-date information to counteract evolving fraud tactics.

5. Integration with Public Sector Frameworks:

Leading-edge solutions that align with standards like the NIST Cybersecurity Framework, HUMAN facilitates seamless integration into existing Government infrastructures and helps public sector clients with compliance and regulatory requirements.

Real-World Benefits to Government Agencies

By adopting fraud protection solutions, public agencies can:

Minimize Fraud Risk: Real-time prevention minimizes the risk of sending funds to bad actors.
Protect Citizens: Reduce identity theft and unauthorized access to sensitive citizen data.
Build Trust: Demonstrating robust cybersecurity fosters public trust in digital Government systems.
Streamline Compliance: Meet modern standards like PCI DSS 4.0 requirements 6.4.3. & 11.6.1 and NIST CSF with confidence.
Save Taxpayer Dollars: Every fraudulent dollar blocked is money that can be returned to real beneficiaries or saved for future programs.

A Call to Action for Government Leaders

The fraud revealed in the CBS 60 Minutes report isn’t an isolated event—it’s a warning sign. Digital transformation has accelerated across public agencies, but fraud defenses haven’t always kept pace.

Government leaders must take a proactive stance by:

Modernizing fraud detection capabilities
Closing visibility gaps across digital infrastructure
Adopting behavior-based, real-time defenses like HUMAN Security
Aligning security strategy with established frameworks (NIST, PCI DSS)

Fraud is no longer just a compliance risk—it’s a national security issue. As public trust and taxpayer funds hang in the balance, Government agencies must embrace modern, intelligent and automated defense systems to keep fraudsters out.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.