VIEW OF THE INDUSTRY
Reduce noise to strengthen agencies ’cybersecurity defenses
Technological advances have given cybercriminals and hostile nation-states more tools to break networks and access sensitive data, relegating standard perimeter security tools and firewalls to a purely top-tier state. Attacks are becoming more sophisticated, more devastating, and much harder to identify and mitigate, especially in vast networks of government agencies with countless entry points. Even with aggressive defenses, breaches of the perimeter of the network are inevitable.
Federal agencies must have robust tools and technologies in place to help administrators identify and contain irregular activities. The ability to detect, resolve, and protect quickly and reliably from threats by reducing noise is critical.
This noise, the huge volume of network traffic, is the problem. Noise can make it almost impossible for a security analyst to tell the difference between legitimate data exchanges and security risks. A broad cybersecurity framework helps reduce noise, making anomalies easier to spot.
There are five crucial elements of a cybersecurity framework that eliminates noise:
1. Maintain a security-focused development approach
Not all networks are built with security as the main goal. DevSecOps provides a security-focused approach throughout the development process by implementing new tools, resulting in a more secure end product.
For many years, a DevOps approach was the traditional way to implement new software across government, as it prioritizes business functions to facilitate organizational decision-making. Security was important, but it was not a fundamental consideration during development.
DevOps is effective, however, as it does not incorporate security into the process from the beginning, it can leave developers with vulnerabilities that are too costly or time-consuming to fix after the fact. DevSecOps helps change the underlying business culture for one that takes security and takes into account the impacts of security decisions. By doing so, organizations can choose secure solutions and processes and help close many cybersecurity vulnerabilities before the development process.
2. Use layered protection tools
With a security-focused development approach, agencies start from a position of strength to defend themselves from infringements. Adding protection tools helps strengthen an organization’s defenses.
Organizational data security is the primary goal of any cybersecurity framework. To do this effectively, agencies should employ security at various levels. The security of the network and all underlying systems and devices that access it neutralizes most threats. This makes it easier to spot harmful activities.
There are several types of layered security approaches. Perimeter and endpoint security acts as an initial barrier, protecting against the most common non-compliance methods implemented by hackers. Perimeter security filters out the most obvious network threats, reducing the amount of data traffic and making threats that make it easier to target.
Endpoint security allows agencies to understand the behavior of devices on the network and can help identify anomalous requests that may indicate that someone has entered the network. Endpoint security policies, which define what capabilities employees ‘devices must have and link devices only to their required functionality, can prevent hackers from accessing and using employees’ devices to penetrate more into the network. .
Null-trusted authentication protocols can help ensure that hackers who have stolen devices from employees or breached the external network are not free to access sensitive data. Zero trust assumes that every attempt to access the system comes from an unknown entity and requires appropriate credentials each time before granting access.
2. Participate in effective real-time threat monitoring
Real-time threat monitoring is only effective with security tools that filter out most rudimentary attacks and ensure that devices and systems behave as they should. Because these tools understand the intended function of each system, they can detect and alert administrators more quickly about suspicious activity. As such, security teams can focus less on controlling network traffic and more on anomalies that require quick resolution.
Advanced approaches to real-time threat control allow agencies to be proactive in combating cybersecurity threats. One such approach is a security operations center, which establishes a specific centralized function within an organization designed to continuously monitor and improve the cybersecurity stance. With excess filtered data and a team specifically dedicated to analyzing cyber threats, an organization’s administrators can become threat hunters.
4. Provide comprehensive training and education on cybersecurity
Even the most robust cybersecurity tools work best together with a strong and comprehensive cybersecurity training and education program.
Agencies should constantly educate their workforce about current cybersecurity threats. Social engineering schemes used by hackers, designed to steal login information and install malware on systems, are much less likely to be effective when employees are aware of the methods they are likely to use. cybercriminals. A 2020 study found that privileged risk infractions have increased by 47% since 2018. In addition, approximately 62% of privileged risk infractions were due to employee negligence or inadequate training. Emphasizing the importance of threat surveillance and making staff training a priority throughout the agency reduces the noise of the organization’s cybersecurity, allowing administrators to maintain the number of threats that are manageable face.
5. Choose the right strategic partner
With a combination of smart tools and an educated and committed cybersecurity staff, an agency has the basics of a strong cybersecurity stance. However, bringing them all together to form a strong defense against cyberattacks requires a vendor guide that provides or helps implement the tools.
A strategic partner provides insight into what has worked for other agencies and what problems others have encountered, and can prevent agencies from repeating the mistakes others have made. In addition, working with a provider who can provide solutions, tools, and services that keep agencies secure creates a closed development process that leads to more secure data exchanges between systems. There is also an inherent compatibility between systems designed to work together. Choosing the right strategic partner provides the context and experience agencies need to bring together all the pieces of a solid cybersecurity framework.
Preparing for new cybersecurity threats
By following the steps outlined above, agencies can effectively protect sensitive data and ensure that underlying systems prevent threats from penetrating other key areas. However, the battle does not end once an effective cybersecurity framework has been established. As threats and risks evolve, cybersecurity prevention tools and processes quickly become obsolete. Agencies need to keep thinking about the future, trying to continually adapt to evolving risks and threats, educating their staff, and updating outdated tools and processes. With up-to-date solid tools, detailed processes and policies, and an involved cybersecurity staff, agencies can reduce noise and detect hidden and more complex risks and threats.
John Nemoto is vice president of CGI Federal.
Chris Lavergne is the head of systems integration for the Department of Homeland Security’s CDM DEFEND Group C, which is part of DHS’s ongoing diagnosis and mitigation program.