Tag Archives: SentinelOne

A New Era in Government Cybersecurity

Posted on by
Reply

Securing government systems was a complex undertaking even before the pandemic. In response to that crisis, agencies rapidly deployed cloud technology, mobile devices and collaboration tools for remote employees — and added new vulnerabilities and IT management challenges to an already long list of cybersecurity priorities. Malicious actors have taken note of the new opportunities and continue to mount increasingly sophisticated attacks on government systems and critical infrastructure. To keep pace with those risks, government teams need multifaceted yet holistic strategies that address a wide range of threats to network endpoints, identity and access management, and data. In addition, agencies must strike the right balance of productivity and security for a mix of on-site and remote employees — a key concern of 75% of the respondents to a recent FCW reader survey. Fortunately, zero trust has been gaining traction because of its ability to address key challenges related to identity management, endpoint security and data protection. Interest in zero trust has skyrocketed thanks to a mandate in the Biden administration’s 2021 Executive Order on Improving the Nation’s Cybersecurity. But although zero trust can play a key role in ensuring that only authorized users have access to IT systems and data, it doesn’t always protect against human mistakes. In addition, security responsibilities have crossed traditional internal boundaries, and agencies are finding that they need to unify the priorities of security teams and mission owners. Learn how agencies can continue to evolve cybersecurity architecture and strategy, given the increased attack rate and creativity of malicious actors in Carahsoft’s Innovation in Government® report.

 

The Power of Real-Time Cyber Intelligence  

“Government agencies are realizing that if they are going to mitigate cybersecurity risks and respond to breaches more quickly, they need access to real-time operational intelligence. However, they also recognize that their security products and intelligence sources must be readily integrated. A security operations center (SOC) can’t function when it has 50 products that don’t talk to one another and whose data can’t be easily fused and normalized. Many organizations try to manually corroborate a notable  security event with other data, such as external threat intelligence, feedback from an endpoint detection and response platform, or information from the Department of Homeland Security. A manual process is slow, inefficient and ultimately doomed to failure.”

Read more insights from Splunk’s chief cybersecurity advisor for public sector, Paul Kurtz.

 

Treating Identity as Critical Infrastructure  

“Agencies can assess the state of their identity infrastructure by continually asking whether they are delivering the right capabilities to their employees, the public and other customers and whether they are doing so in a way that matches how people live and work today. We all have high expectations for capabilities and usability because of our daily interactions with smartphones. We’re used to conducting our business quickly and efficiently, and agencies should likewise be building enterprise systems that support the fast and efficient delivery of government services. Furthermore, agencies should build those systems with a line of sight to the future.”

Read more insights from Okta’s federal chief security officer, Sean Frazier.

 

IIG FCW Cybersecurity September Blog Embedded Image 2022The Importance of Future-Proofing Cybersecurity  

“Access control through multifactor authentication is an important aspect of both directives. The combination of username and password is not sufficient to secure access to IT systems. Agencies also need to deploy strong multifactor authentication that relies on some type of hardware- or software-based token for granting access to the environment and then to the data. Furthermore, the White House executive order mandates the protection of data through encryption not only when it is at rest but also when it is moving to and from the network edge and beyond.”

Read more insights from Thales TCT’s deputy CTO, Gina Scinta.

 

The Game-Changing Nature of Cyber Resiliency

“The COVID-19 pandemic prompted the largest modernization effort the government has ever seen. However, in addition to the many benefits of that modernization, hybrid work environments have added an ever-growing number of endpoints and created new identity-based vulnerabilities for attackers to exploit. Agencies can be more strategic in their approach to endpoint security by focusing on cyber resiliency. Although the term has been around for several years, it has been emphasized recently by the National Institute of Standards and Technology (NIST).”

Read more insights from SentinelOne’s vice president of federal sales, Todd Helfrich.

 

 Galvanizing Agencies into Action on Cybersecurity

“The Executive Order on Improving the Nation’s Cybersecurity has spurred agencies to modernize the way they protect IT systems and data. Now there is a shared commitment to the steps that IT leaders should take, and agencies have been galvanized into action. For example, zero trust was mostly just a buzzword for agencies prior to the executive order, and now it is something that federal agencies are seriously exploring. They’re going beyond reading whitepapers to asking for vendor demos and testing ideas.”

Read more insights from Cribl’s senior director of market strategy, Nick Heudecker.

 

Aligning Your Digital Collaboration to Zero Trust

“Guest access provides people outside your organization access to content inside your M365 workspaces (i.e., Teams, SharePoint and Groups). A health care-focused agency could use guest accounts to collaborate with grantees and their site staff or academic researchers. A defense-focused agency could use guest access to coordinate with local law enforcement to plan incident response or correspond about special event planning. Despite the benefits, agencies need policies and reporting when using features like guest access to ensure your information stays protected.”

Read more insights from AvePoint’s director of federal strategy for public sector, Jay Leask.

 

Download the full Innovation in Government® report for more insights from these digital transformation thought leaders and additional industry research from FCW.

The Ongoing Quest for Cybersecurity

Posted on by
Reply

 

Government agencies were already under pressure to modernize their cybersecurity strategies before the pandemic hit, and as workplaces closed and government employees struggled to access data and systems from makeshift home offices, the cybersecurity risks grew. The use of virtual private networks in the U.S. increased to match the early spike in COVID-19 cases, rising 124% in the two weeks from March 8 to March 22, 2020, according to Statista. Around the same time, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert titled “Enterprise VPN Security,” which offered both warnings and guidance on how to handle the surge in usage. With so many employees logging in remotely, agencies found that they had to shift their focus from securing a well-defined perimeter to securing the data that fuels government operations. In a recent survey of FCW readers, protecting data topped the list of cybersecurity priorities, with 75% of respondents citing it. In response to such concerns, CISA released its Ransomware Guide in September 2020. And in May, President Joe Biden mandated that agencies adopt zero trust in his Executive Order on Improving the Nation’s Cybersecurity, and the National Security Agency released a paper a few months ahead of that mandate titled “Embracing a Zero Trust Security Model.” Read the latest insights from industry thought leaders in Carahsoft’s Innovation in Government® report on cybersecurity.

 

The Future of Cybersecurity is Autonomous

“Analysts have too much atomic data and not enough context about that data. When they don’t have the full picture, they can’t take appropriate action. Re-creating each attack by hand takes painstaking care. And though analysts often relish this challenge, there’s simply not the time to do so for every presented case. Forward-thinking organizations are using artificial intelligence/machine learning (AI/ML) capabilities to fortify user endpoints and server workloads across an array of operating systems. These automations are designed to monitor the growing number of attack vectors in real time and present the full context of an attack in an easy-to-understand view that’s modeled after a kill chain.”

Read more insights from SentinelOne’s COO, Nick Warner.

 

Tailoring Zero Trust to Individual Users

“Zero trust is an important construct for helping agencies protect their infrastructure in today’s cybersecurity landscape. It focuses on accrediting individuals and their access to government resources. Agencies should make those decisions about access based on a comprehensive understanding of users. Security policies that treat all users as equally risky can be restrictive. Such policies set the bar high and hamper employees’ ability to work, or they set the bar low, which defeats the purpose of having security. Instead, agencies should evaluate users on an individual basis by taking the time to understand what employees do and how they do it — what’s normal behavior and what’s not. Then they can assess the risk of an individual based on that context.”

Read more insights from Forcepoint’s President of Global Governments and Critical Infrastructure, Sean Berg.

 

Modernizing Security for a Mobile Workforce

“Securing data and apps begins with positively identifying the user. In government, agencies have used multifactor authentication and all kinds of certificates, but those are simple pass/fail security checks. Once users are allowed to cross the security barrier, they often have wide-ranging access to government resources. This means adversaries and malicious (or careless) insiders passing the security checks receive free rein as well. Government needs to move to a continuous authentication model, which leads to better security and a better user experience. It involves seamlessly authenticating users every step of the way — when they touch the keyboard or scroll through an app on a screen. That activity, down to the microscopic vibrations in a person’s fingertip, can be sensed and understood so that IT administrators can answer the question: Is this really the authenticated user, or is it somebody else?”

Read more insights from BlackBerry’s Chief Evangelist, Brian Robison.

 

The Dangers that Lurk in Mobile Apps

“Government employees are increasingly reliant on mobile applications to do their jobs. But without formal monitoring programs in place, agencies might be unaware of the risks inherent in commercial and government-built apps. As a result, few agencies are investing resources and time to address a serious problem. The average mobile device has 60 to 80 apps, representing a huge potential for vulnerabilities at agencies whose employees are using those devices for work. Thousands of apps could be tracking employees or intercepting data. NowSecure founder Andrew Hoog has said mobile apps are the ultimate surveillance tool, given the mix of personal and mission activities in one space.”

Read more insights from NowSecure’s Chief Mobility Officer, Brian Reed.

 

Why Data is a Critical Cybersecurity Tool

“Once agencies have gathered their data in a scalable, flexible platform, they can apply artificial intelligence to derive insights from the data. AI speeds analysis and is particularly effective when agencies move from signature-based to behavior-based threat detection. A signature-based approach is good for detecting threats we already know about, but a behavior-based AI approach can adapt to new threats by looking for anomalies such as changes in the behavior of a server or endpoint device. AI also helps with investigations by reconstructing the sequence of events that happened during an intrusion, which fuels agencies’ ability to prevent future attacks. With AI, agencies can start to apply more sophisticated algorithms in their hunt for vulnerabilities and cyber threats.”

Read more insights from Cloudera’s Principal Solutions Engineer and Cybersecurity SME Lead, Carolyn Duby.

 

IIG FCW Cybersecurity Blog Embedded Image 2021Zero Trust Data Management Foils Ransomware Attacks

“Agencies must ensure recoverability because none of these protections matter if they can’t recover data and systems that run their critical missions and operations. Agencies need to gather and protect data at the edges of their networks, in their data centers and across different clouds. And regardless of where agencies decide to store that data, they need to be able to access it instantly. Recoverability service-level agreements of minutes and hours are possible and delivered today across the whole of government and the Defense Department. Gone are the days of weeks and months to get back online.”

Read more insights from Rubrik’s Public-Sector CTO, Jeffrey Phelan.

 

Reclaiming Control over Complex IT Environments

“When employees were sitting in a government office behind a firewall, IT administrators had a clearly defined perimeter to protect. Now IT administrators are still focused on protecting the agency’s mission and assets, but the responsibility has become more difficult because they’ve lost some visibility and control over the infrastructure. In response, many organizations are moving toward strategies based on zero trust, which requires validating users and devices before they connect to government systems, or least privilege, which involves only giving employees access to the resources and applications they need to perform their jobs. Zero trust and least privilege require continuous monitoring and a risk-based approach to adding or removing authorizations.”

Read more insights from SolarWind’s Group Vice President of Product, Brandon Shopp.

 

The Role of Authentication in Data Protection

“Users who need to access low-risk applications and data — for example, publicly available product information — can use an authentication method such as one-time password tokens. But if that same user wants to access higher-value data such as corporate finance records, the required level of authentication should increase, perhaps requiring public-key infrastructure (PKI) authentication with a smartcard. The key is to manage those activities via one pane of glass or one platform that supports the entire risk-based and continuous authentication process. In the past, we’ve been able to base decisions on where users are located — for example, whether they’re accessing data from within the network or remotely via VPN — but that is no longer enough. New technology tools enable agencies to gain a deeper understanding of users’ online behavior so they can make more informed decisions about authentication.”

Read more insights from Thales TCT’s Vice President of Product Management, Bill Becker.

 

Verification and Validation to Enhance Zero Trust

“Networking teams rely on standard configurations to maintain the security policy. These standard configurations dictate connectivity and traffic flows to ensure users can access appropriate resources while preventing unauthorized access. The idea of a standard configuration seems simple, but maintaining it is extremely difficult. Validating configurations is clearly mission critical, but monitoring and validating network behavior are even more telling and help ensure that policies are not inadvertently being circumvented and that there is no unintended connectivity.”

Read more insights from Forward Networks’s Technical Solutions Architect, Kevin Kuhls.

 

Extending Zero Trust Down to the File Level

“A software-defined perimeter integrates proven, standards-based security tools to create the ideal foundation for zero trust. When used together, those two approaches give agencies the granularity to customize their security protocols. For example, the IT team could allow USB mice but not USB thumb drives that can store data, and they could block potentially unwanted applications that anti-malware engines might not identify as malicious, such as bitcoin-mining or file-sharing apps. Zero trust is a mindset rather than a specific group of tools. The National Institute of Standards and Technology’s Special Publication 800-207 on zero trust architecture advocates taking a holistic approach to authenticating devices and users and extending that attitude to agency assets, services and workflows.”

Read more insights from OPSWAT’s Senior Director of Government Sales, Michael Hylton.

 

Download the full Innovation in Government® report for more insights from these government cybersecurity leaders and additional industry research from FCW.

Current Cybersecurity Trends: The Next Wave of Cybersecurity

Posted on by
Reply

The coronavirus pandemic escalated government adoption of technologies like artificial intelligence, cloud, and the internet of things, as entire workforces shifted to telework. But just as agencies have adopted modern tech at record speeds, so too have cyber adversaries – and the rapid adoption of new solutions may create exploitable blind spots and gaps in security. Perimeter-less cloud-based systems present unique cybersecurity challenges, including maintaining visibility into a complex mix of cloud and on-premises systems. Grappling with the new reality of cloud-based environments requires government agencies to explore new strategies and best practices – including adopting a zero trust mindset, monitoring employee cyber hygiene, and investing in cybersecurity tools capable of simplifying complex tasks. Read the latest insights from industry thought leaders in cybersecurity in Carahsoft’s Innovation in Government® report.

 

IIG FCW August 2020 Blog ImageHow Employees Can Boost Cybersecurity

“Security controls are even more important in a world of perimeterless IT environments and expanding cloud adoption. Agencies need to appropriately budget for cybersecurity and apply the basic hygiene of security patching and vulnerability assessment. Those steps can cover about 80% of basic threats, and the security team can focus its energy on more complex threats. Having a strong team is the foundation of those efforts, but it’s not easy to recruit private-sector cybersecurity professionals for government jobs. An alternative is to recruit from within. The government should consider creating programs to train IT team members to take on higher-level cybersecurity roles, which helps agencies build effective teams and helps employees progress on a career path. Whether they bring in new talent or train existing employees, agencies must offer competitive salaries and benefits to keep cybersecurity professionals satisfied and engaged.”

Read more insights from SolarWinds’s Vice President of Products and Application Management, Jim Hansen.

 

A Better Approach to Telework Security

“This large-scale shift to working from home introduces interesting challenges for government agencies. How do they secure a growing number of remote devices while keeping employees productive? How do they enforce least privilege while allowing end users to perform necessary tasks? How do agencies secure devices, access and systems when the network perimeter has been stretched to support large numbers of remote workers? Some IT leaders have committed to VPNs or remote desktop access, both of which can be difficult to secure and scale. Devices are still at risk when they’re not connected to the VPN or remote access technology because of vulnerabilities in the home network. For example, agencies can’t protect against a family member or housemate using an employee’s home computer. They may also not be able to enforce whether or not basic software, such as antivirus or OS, is up-to-date on a personal device. The situation fundamentally requires a shift to the cloud.”

Read more insights from BeyondTrust’s CTO and CISO, Morey J. Haber.

 

Rethinking Security in the Age of COVID-19

“Although agencies are focused on telework security, they also need to think about what’s over the next hill. They should be aware that sequestration is likely just around the corner. Given the mounting deficit due to the pandemic-related stimulus package, I believe flat will be the new up for agency budgets, and when IT allocations shrink, security is often deprioritized. Now is the time to find smart ways to spend money. Agencies should look for multifunctional solutions, such as software-defined networking, and choose options that are intrinsically secure. Fortunately, we are on the cusp of a revolution driven by the intersection between the platform-based approach to cybersecurity and increasingly mature artificial intelligence. That convergence will tip the balance from attacker to defender.”

Read more insights from Fortinet’s Public-Sector Field CISO, Jim Richberg.

 

Visibility and the Quest for Zero Trust

“For the foreseeable future, agencies will use a blend of on-premises data centers, virtual environments, and public and private clouds. To better manage and protect those resources, agencies must have maximum visibility into all their data, including data in transit and encrypted data. A unified solution that provides pervasive visibility and manages information from a single pane of glass is increasingly important. That visibility enhances the security tools agencies are already using to defend their networks and improves the way they detect, investigate and respond to cybersecurity threats. In addition, zero trust architecture has gained a lot of momentum in the federal government. However, although agencies report that 80% or more of their network traffic is encrypted, we have seen that only about 30% is actually inspected. It’s a significant blind spot that must be addressed. Without pervasive visibility into data in motion — whether it’s in a physical or cloud-based environment — agencies can’t implement a zero trust architecture.”

Read more insights from Gigamon’s Vice President of Public Sector, Dennis Reilly.

 

The Growing Need for Asset Management

“More people are acting in decentralized ways right now, but that decentralization is part of a larger trend. Multi-month strategic plans are becoming a thing of the past, and fewer IT purchases go through the CIO’s office. According to researchers, over half of IT spending is now done by line-of-business leaders, not by a central function such as a CIO. Therefore, agencies must have a simple, comprehensive process for gaining insight into technologies as they’re added to the network. Otherwise, more security gaps will invariably occur. Those gaps are exacerbated by the pandemic because agencies cannot easily add secure data center capacity to support large-scale telework. It’s much easier to use a government purchase card to address a pressing need for videoconferencing, for example. But even approved cloud products and services are not secure by default. They need to be continuously monitored.”

Read more insights from Expanse’s CTO and Co-Founder, Matt Kraning.

 

The Key to Securing Cloud Resources

“The recent surge in telework affects the vast majority of government employees, including IT teams. But it is a challenge to manage and secure servers and other infrastructure located inside agency data centers without being able to physically access those resources. Given the restrictions on sending employees into government offices, many agencies are accelerating their move to cloud-based infrastructures, which essentially transfers the responsibility for physically managing servers to the cloud platform providers. Moving to the cloud is a logical and essential step toward enabling remote IT employees to gain access to systems and data, but it also expands the systems an agency must manage and heightens the need to control access to them.”

Read more insights from Centrify’s Chief Strategy Officer, David McNeely.

 

Adopting a New Defensive Strategy

“Threat actors are shifting their tactics to take advantage of your now decentralized workforce, which means the nature of your enterprise defines your threat landscape. To use a sports analogy, two teams face off against each other on a football field. The offensive line’s actions are executed to make it to the defender’s end zone. The line between the two is clearly defined, and each opposing team adjusts its actions to take advantage of the other’s potential gaps. Two factors come into play: visibility into how the opposing team is lined up and what plays it usually executes in that situation. In cyber, this requires visibility into where your teammates are, what your gaps are, where the opposing force is and what plays it may execute to take advantage of those gaps.”

Read more insights from Infoblox’s Principal Security Architect, Chris Usserman.

 

Why AI Transforms Cybersecurity

“The focus of protection has long been moving to the endpoint, but now that move is more pronounced than ever. However, agencies can no longer rely on a network to gain visibility into those end-user devices and know whether they are protected and what resources users are accessing. All that insight now happens via the endpoint rather than the firewall. The distributed nature of the workforce makes it harder to control where devices are and sometimes even to provision them. Along with allowing remote work, agencies must also allow remote security. That means they need to be able to monitor all those endpoints via the cloud, and devices need to have embedded mechanisms that deliver real-time protection regardless of cloud connectivity.”

Read more insights from SentinelOne’s Co-Founder and CEO, Tomer Weingarten.

 

A Unified Approach to Visibility and Security

“In one recent example of the growing sophistication of adversaries, Trustwave conducted a threat hunt that led to the discovery of a new malware family dubbed GoldenSpy. The malware was found embedded in tax payment software required for conducting business operations in China. GoldenSpy essentially is a backdoor that allows adversaries to inject malware or spyware into the company’s network. Even if you uninstall the tax software, the backdoor remains. Countering such threats requires coordinating a complex mix of on-premises, hybrid and multi-cloud environments. Furthermore, although a cloud provider typically offers security tools for securing data on its platform, those tools often won’t work across other cloud environments or give agencies complete visibility.”

Read more insights from Trustwave Government Solutions’s President Bill Rucker.

 

How to Build Stronger Security Teams

“Based on the lessons we’ve learned during the coronavirus pandemic, government networks may permanently become virtual, remote environments. The old approaches often don’t scale well for remote users, so the focus must shift to credentials and how to protect them. As computing resources move to the cloud, the credential is what glues everything together. Network defenders need to be able to record each action associated with a credential and know whether that behavior is normal or abnormal. With agencies operating in a complex mix of cloud and on-premises environments, it can be difficult to understand what’s going on and, more important, what’s normal and what’s abnormal. Machine learning through modeling allows agencies to answer those questions more quickly, more efficiently and with a higher degree of confidence than humans can.”

Read more insights from Exabeam’s Chief Security Strategist, Steve Moore.

 

Ripple20: A Mission-Critical Risk

“Forescout worked with JSOF, which first uncovered Ripple20, to identify the devices and vendors impacted by these vulnerabilities. JSOF estimates that hundreds of millions of internet of things and operational technology (OT) devices are at risk, and they are as varied as printers, uninterruptible power supplies, medical infusion pumps and industrial control systems. In short, Ripple20 can disrupt mission-critical technology that security teams typically don’t spend much time managing and sometimes can’t manage because the embedded software is not accessible. Unfortunately, that means there is no single manufacturer with a practiced way to fix the software. Instead, the burden falls on security teams to understand and mitigate the risk.”

Read more insights from Forescout Technologies’ Director of Federal Civilian Agencies, Erik Floden.

Download the full Innovation in Government® report for more insights from these Government Cloud Security thought leaders and additional industry research from FCW.