FireEye Archives - | Carahsoft| Carahsoft

Nationwide, many government agencies are realizing that traditional approaches to cybersecurity are no longer enough to protect against increasingly sophisticated adversaries and navigate a complex threat landscape. For example, cybersecurity strategies have historically focused on the perimeter, ignoring the risk of internal threats and failing to account for mobile devices or teleworking employees. In an era of tightening budgets and rising citizen expectations, government must adapt to these modern realities. Cyber intelligence uses behavior analytics, network visibility, and operational and threat intelligence to make agencies smarter about today’s threats. If your agency is in need of a forward-looking cybersecurity approach, get up to date with “Raising Agencies’ Cyber Intelligence,” a guide created by GovLoop and Carahsoft featuring insights from the following technology and government cyber intelligence thought leaders.

Storytelling with Intelligence-Led Security

“Too often, agency leaders and cybersecurity analysts seem like they’re speaking separate languages. With both sides communicating about cyberthreats differently, getting everyone on the same page is one of contemporary government’s greatest challenges. The wider the gulf between an agency’s teams, the more vulnerable it is to external danger. Today’s security landscape contains dangers everywhere, and cyberthreats won’t wait for agency workforces to unite against them. Agencies that don’t speak the same language as their employees and employees that don’t speak the same language as their agency leaders will find themselves constantly fighting cybersecurity fires.”

Read more insights from Recorded Future’s Threat Intelligence Analyst, Allan Liska.

Leveraging Zero Trust Against Cyberattacks

“Agencies aren’t looking just at the “north-south” of traffic moving inside their network perimeters for threats. Lateral cyberattacks occur when perpetrators breach agencies’ defenses and then move freely “sideways” or “east-west” on their networks. The modus-operandi of cybercriminals today is to seek a weakly defended element, and then access sensitive data by moving laterally to avoid stronger safeguards. This protection against lateral movement is what zero trust cybersecurity is all about. By automatically distrusting everything on and off their networks, agencies can enhance their IT security.”

Read more insights from Trend Micro’s Vice President of Cybersecurity, Greg Young.

Threat Intelligence: The Context Agencies Crave

“Basic cybersecurity knowledge — such as which attacks are most common — won’t always keep agencies’ data safe. For scores of agencies, today’s threat landscape can change too fast for their workforces. Fortunately, threat intelligence can prepare agencies for cutting-edge dangers. Threat intelligence adds the context agencies need by focusing on the latest threats in realtime. […] The worst cyber attacks are the ones agencies never see coming. But with quality threat intelligence, agencies can stay alert to where cyberthreats might strike next.”

Read more insights from Fire Eye’s Principal Analyst, Luke McNamara.

Pairing Man and Machine on Zero Trust

“Since the COVID-19 pandemic began, the number of endpoints to defend has exploded as government employees started working remotely. These endpoints include devices such as laptops, smartphones and tablets, and they are leaving agencies more vulnerable than before. Going forward, the more endpoints agencies have, the more targets they will present to cyberthreats. […] Zero trust cybersecurity addresses de-perimeterization, or the gradual erosion of network boundaries. With zero trust, users must be capable of securely accessing data from anywhere no matter where it resides.”

Read more insights from Blackberry Limited’s Vice President of Global Sales Engineering, Rich Thompson.

Prioritizing Cyber Intelligence at the Defense Logistics Agency

“One of the things I would tell you is more of a concern than it has been in the past is the large number of endpoints that are seated on our networks today, especially with mass telework becoming the norm over the last few months. Identifying and confirming anomalies and positive, adverse actions has become more difficult. It has amped up our attention on automation, machine learning and robotic process automation and bringing that into the fold to a greater degree across the cybersecurity spectrum. It is almost a must now because of the massive amounts of data to sift through to get to what you’re seeking.”

Read more insights from DLA’s CIO, George Duchak, and Director of Cybersecurity, Linus Baker.

Minnesota Chief Information Security Officer Explains Zero Trust Cybersecurity

“Unlike other types of attacks where weapons require certain tactical research, there is a low effort in the cyberthreat domain. The global threat landscape will continue to have new entrants as actors build strengths and develop talent. There’s this model of a cyber kill chain. It talks about how attackers move from discovery all the way to mission completion, whatever the mission might be. If we build layers of defenses that look at that cyber kill chain, can we identify the mission actions through that cycle before the mission completes?”

Read more insights from Minnesota Chief Information Security Officer (CISO) and Minnesota IT Services’ (MNIT) Assistant Commissioner, Rohit Tandon.

Understanding DoD’s Cyber Hotline

“Picture the Vulnerability Disclosure Program (VDP) as the hotline for reporting DoD’s cybersecurity shortcomings. Nestled in DoD’s Cyber Crime Center (DC3), the program makes the philosophy of “see something, say something” digital. At any time, ethical hackers can alert DoD to issues ranging from insecure networks to noncompliance with cybersecurity standards such as FISMA.”

Read more insights from DoD’s Director of the Vulnerability Disclosure Program, Kris Johnson.

Download the full GovLoop Guide for more insights from these cyber intelligence thought leaders and additional government interviews, historical perspectives and industry research on zero trust, the government threat landscape and the latest developments from government programs like CDM.

For security professionals, the COVID-19 pandemic represents something of a perfect storm. The risk landscape exploded in a matter of days as state and local agencies rapidly sent thousands of employees home to work remotely. At the same time, security personnel and resources were stretched exceedingly thin, with many security teams redeployed from operational tasks to urgent new projects. Now is the time to reevaluate security tools, processes and strategies in light of these massive COVID-driven changes. Immediate steps include understanding and addressing situations where users may be storing sensitive data on insecure home computing devices, as well as dialing back remote access privileges to reduce the risk of inappropriate access or stolen user credentials. Over the longer-term, agencies must develop better monitoring capabilities that help them spot threat activity and potentially risky user behaviors. Read the latest insights from industry thought leaders in Cybersecurity in Carahsoft’s Innovation in Government^® report.

Time to Reevaluate Security Practices

“The bottom line is that even the best tool or approach will not fix a bad process. All the zero-trust technology in the world won’t work if your identity and asset management processes give the system bad data. To fully utilize these approaches, agencies must look honestly at their processes and what they’re doing regarding hygiene, security practices and things like that. Organizations also need to determine what they want from these tools, whether the tools align with their best practices and overall security approach, and how these tools impact the way they perform existing processes.”

Read more insights from McAfee’s Chief Technology Strategist, U.S., Sumit Sehgal.

Building Resilience through Digital Risk Management

“Planning ahead for how you’ll address problems and putting contingency plans down on paper is an important risk management process. Organizations need good security workflows and a way to aggregate information about their networks, valuable resources and who is doing what in the organization. Then they need plans for triaging the most devastating risks first. It’s impossible to think of every threat, but organizations can start by considering what types of incidents could interfere with critical capabilities and prevent them from completing their mission. With that information, organizations can put together contingency plans, even when they’re not quite sure what potential threat might bring about that particular loss of functionality.”

Read more insights from RSA’s Federal Group Field CTO, Steve Schmalz.

Confronting a New Threat Ecosystem

“Understanding your organization and where it fits into the threat ecosystem is probably among the most effective ways to grapple with this issue. In a purely introspective sense, it’s important to understand your corporate network — you need to know which information assets, individuals and applications are likely to be targeted by attackers and then place a higher priority on security alerts and advisories that impact them. Organizations also can narrow the focus of their detection and threat-hunting efforts by understanding the specific attackers that are known to be interested in their industry and geography, and use this knowledge as a preliminary guide.”

Read more insights from FireEye’s Manager of Mandiant Threat Intelligence, Jeremy Kennelly.

Remote Work Is Here to Stay

“The secure access service edge (SASE) model lets organizations apply security no matter where their users, applications or services are located. It dictates that enterprise users need access to a variety of business resources and information. To maintain business operability and meet their missions, enterprises must figure out how to do that securely. Secure remote access — which includes secure connectivity, identity access management, access control, continuous validation of secure connectivity throughout an interaction and more — will be the mark of a functioning cybersecurity apparatus moving forward. The other component is being able to scale cybersecurity talent and resources to accommodate growth.”

Read more insights from Palo Alto Networks’ VP and Field CSO, MK Palmore.

Addressing Evolving Application Threats

“No matter who comes through the door, you have to verify everything about them and that verification must follow them through the system. Organizations can’t just check a user’s ID, give them a password and be done with it. It’s a continuous process of authentication. When a user attempts to move from one part of a system to another — for example, if a person applies for unemployment insurance, but they logged in through a parking application — the organization may want to require additional authentication or scrutinize the user more deeply. Access is not all or nothing. There’s a granular dial that you’re turning up and down based on what a user is doing within the system.”

Read more insights from F5 Labs’ Director, Raymond Pompon.

Taking Threat Detection and Response to the Next Level

“A lot of the change comes from having to support a large remote workforce. Regular system maintenance tasks like vulnerability scanning and software patching have changed dramatically. In the past, patching technologies assumed that systems were physically on the same network or would ultimately be connected via a virtual private network. As users’ machines move off the network, they get scanned less often, if at all. Remote work and increasing reliance on SaaS have really highlighted the need for zero-trust networks, where services require not only a trusted user but also protection of the data viewed and saved from these services.”

Read more insights from SecureWorks’ Chief Threat Intelligence Officer, Barry Hensley.

Download the full Innovation in Government® report for more insights from these government cybersecurity thought leaders and additional industry research from GovTech.

| Carahsoft

Tag Archives: FireEye

Raising Agencies’ Cyber Intelligence