Data and tool integration is now what agencies need to combat rising cyber threats

Over the past two years, agencies have realized that traditional cyber protections simply won’t withstand more sophisticated attacks and a workforce that is not behind the agency perimeter.

The Biden administration’s executive order and zero-trust implementation strategy has become the accelerator for agencies to change their approach to securing their apps, data, and networks.

Agencies need to think about how best to use tools like continuous monitoring and how to integrate…

READ MORE

Digital transformation and evolution of cybersecurity

In the world of technology, it’s usually about finding the best technology to solve a problem. The turn is stitched for the turn is held. But in the risk-based approach, it all depends on how you optimize a collection of tools and intelligence. I think of it as a diversified stock portfolio, for example.

A platform that can receive streams, whether from a vendor that owns that platform or from another vendor’s product running in the environment, but who should contribute to this platform. So somewhere where we can collect all the threat information and metadata, and make sense of it all because a human can’t understand that, right. It requires the security abstraction layer to take feeds from its own environment, from third parties, no vendor will provide a one-size-fits-all solution to everything, especially zero trust.

Over the past two years, agencies have realized that traditional cyber protections simply won’t withstand more sophisticated attacks and a workforce that is not behind the agency perimeter.

The Biden administration’s executive order and zero-trust implementation strategy has become the accelerator for agencies to change their approach to securing their apps, data, and networks.

Agencies need to think about how best to use tools like continuous monitoring and how to integrate threat intelligence into their protections. These capabilities are part of how agencies are moving toward a highly adaptive approach to cybersecurity.

Of course, all of these efforts are important for agencies as they digitally transform their services and processes and move more workloads to the cloud.

David Abramowitz, chief technologist at Trend Micro Federal, said a recent interaction with a customer put these challenges and opportunities into perspective.

The customer asked how best to strengthen their security posture given their current hybrid cloud environment.

“I was sitting in a meeting with a customer, and a comment was made about a competing product he had. The customer said, ‘Whoa, let’s stop here. I don’t care if you don’t get along with that other seller. It’s not my concern, it’s up to you to understand. But if you don’t know how to play together and how to strengthen my security posture, so the investments I made me pay more because I have the best of both of you, so I don’t want either of you,” Abramowitz said on the Innovation in government show sponsored by Carahsoft. “It’s a real revelation. In the world of technology, it’s usually about finding the best technology to solve a problem. The turn is stitched for the turn is held. But in the risk-based approach, it all depends on how you optimize a collection of tools and intelligence. I think of it as a diversified stock portfolio, for example.

This diverse portfolio approach to security, if you will, comes from the fact that the hybrid cloud approach increases the complexity of an agency’s attack surface.

Aggregate, correlate cyber data

Abramowitz said managing system or data risk is about understanding which security tools have what capabilities and what data they give you to deal with threats in real time.

“Agencies want a place where they can aggregate and correlate all security information in one place. A concentration of information to correlate and deploy and make risk-based decisions on what should be the next step,” he said. “Organizations are very limited in their resources, so they appreciate these collaborative efforts. Going forward, in the new risk-based world, a collaboration of tools and intelligence becomes more important.

A trend on the business side that is beginning to gain traction in the federal sector is the protection of intellectual property, financial transactions, and assets and similar threats to an organization. Abramowitz said agencies also have the next level of systems to protect that are critical to protecting and saving lives, such as water, electricity or transportation services.

“Among the big challenges, IT systems are touching operational technology (OT) systems and so we need to make sure we have the right hygiene and the right approach as IT and OT systems increasingly interface to limit this single-protocol attack surface running on an OT system,” he said.

The need to consolidate data and threat intelligence from multiple products is another reason to move to a Zero Trust architecture. The ability to use automation and orchestration to collect and analyze data will help information security managers make better decisions faster.

Cyber ​​risk scores

“A platform that can receive streams, whether they come from a vendor who owns that platform or whether it’s another vendor’s product that runs in the environment, but must contribute to this platform. So somewhere where we can collect all the threat information and metadata, and make sense of it all because a human can’t understand that, right. It requires the security abstraction layer to take flows from its own environment, from third parties, no vendor will provide a one-size-fits-all solution, especially zero trust,” Abramowitz said. “We have a number of other vendors that offer third-party integration into our platform because we can’t do it all. But we depend on these different technologies to tell a more complete story about users, devices, applications, risk and attack surface.

A single platform to collect and analyze information also helps CISOs understand the risk score of a system or database. Abramowitz said the risk score helps answer questions like: How do I compare to other organizations? Where are my weaknesses that I need to consolidate? What should I focus my resources on now?

“Those are the table stakes that you even have to start putting in place in a rule for a zero-trust policy to understand that the user is allowed to access that in-house or cloud-based application over the internet by this moment through this device. And that constantly has to be monitored in real time,” he said. “We’re starting to see the beginnings of agencies dealing with the environment because there’s no a lot of policies in place right now that go to that level that really control a user at a specific time and a device at a specific time. specific time. Generally what happens now is that if I logged into a system, I would have internal access to all applications and there would be no re-evaluation. Okay, no one necessarily thinks about that. But it is a critical element. Every time I switch to a new app, or every time I try to access different data, I have to be authenticated again. Things like this are starting to enter our clients’ thinking and strategizing. I think they are taking small steps now.

Listen to the full show: