Page 22 - FCW, September/October 2019
P. 22
Cybersecurity and Modernization
The power of
visibility and threat intelligence
Knowing where to focus cybersecurity efforts requires continuous insight into your organization and your adversaries
Tom Topping
Senior Director of Strategic Programs, FireEye
Breaches will continue until agencies have better insight and are able to catch attackers not just at the perimeter, but
also after they get inside. Cyberthreat intelligence can be used to catch adversaries that have slipped past the agency’s defenses. In other words, the cybersecurity team should be hunting inside their network for the indicators left behind by their most likely attackers.
Identifying where and
how to patch
Furthermore, good cyberthreat intelligence helps organizations prioritize vulnerability patching. That process becomes more complex and potentially disruptive the larger the organization gets. Agencies
AUTOMATION PLAYS
a vital role in all aspects of
cybersecurity, and it is particularly helpful for continuously validating that existing security controls are working as intended. Even if agencies do that, however, environments change. Systems get patched, updated or refreshed, and sometimes those changes cause holes to open in the security infrastructure that the enterprise isn’t aware of. Threat actors change their tactics all the time as well, which can also open holes that didn’t exist before.
A key security best practice is being aware of new technologies, and security instrumentation platforms are among the most transformative and fastest-growing new technologies. Identifying security holes has traditionally been the realm of red team exercises, but that approach is a point-in-time solution, whereas security instrumentation platforms continuously validate whether network, email and cloud controls are operating as expected. As a result, they provide continuous validation and insight into how security controls are operating in production.
Additionally, those types of tools help
IT administrators find redundancies
and streamline their security stacks. For example, if an agency has three tools that all intercept the same type of attack, it might be able to get rid of one or two of them
and save money while simplifying the IT environment.
Protecting against the most likely attacks
No organization can protect itself from every threat, although many have tried.
It’s simply too expensive. Instead, good cyberthreat intelligence can help an organization focus on the threat actors that are most likely to attack them.
For example, a Russian group called APT28 attacked our election infrastructure in 2016. Consequently, it makes sense for state election officials to focus on that threat actor and not on those actors that target banks, hospitals or telecommunications networks.
Regardless of how much money they have to spend on cybersecurity, agencies should allocate their resources to the metaphorical window that’s most likely to break by using cyber intelligence to focus scarce resources against the threat actors that target their organizations.
davooda/Shutterstock/FCW Staff
S-22 SPONSORED CONTENT