CYBER RESILIENCE
INTELLIGENCE-DRIVEN SECURITY
ENABLES RESILIENCE
As more sophisticated adversaries emerge, agencies have to rethink security
management practices.Nation-states, organized crime and hacktivists have flipped the script
infrastructures that let them operate through a breach while it’s being resolved.
Resilience encompasses more than just incident response. To improve the odds of anticipating and mitigating threats, agencies need to develop a deeper understanding of the threat landscape. If somebody is trying to break in, they need to understand who it is, how they are doing it, and why. This is what military leaders call situational awareness.
In theory, situational awareness should
be simple in the cyber domain. There’s an enormous amount of data generated on a continuous basis. Unfortunately, the sheer volume only clouds the picture. Security operation centers struggle to sift out true threats from the growing number of false positives. It’s like trying to find a needle in a haystack that is growing exponentially. This often results in what’s known as alert fatigue.
Data is not enough on its own. Agencies need tools and processes to convert data into actionable intelligence. They must identify and respond to threats in real-time; develop a better understanding of their adversaries and prepare for emerging threats; and move to an adaptive defense that evolves as threats evolve. This is intelligence-driven security. This is how agencies can improve their odds of managing this new threat environment.
Intelligence-driven security is a significant change from how agencies are used to managing security. Many agencies might find they lack
the cyberexpertise to make this transformation, and may resist the push to quickly adopt new technology. The script has flipped though, whether we like it or not. We must all evolve.
Tony Cole is Vice President and Global Government CTO at FireEye.
SPONSORED CONTENT
TONY COLE
VICE PRESIDENT AND GLOBAL GOVERNMENT CTO, FIREEYE
on cybersecurity in the federal gov- ernment. The threats posed by these groups are stealthier, more sophis-
ticated and more ambitious than ever before. Agencies have to rethink how they prepare for and respond to cyberattacks.
This new reality is captured in a powerful new documentary entitled “Zero Days,” which explores the ramifications of cyberwarfare between nation- states and the emergence of cyberterrorists. The risks posed by these new players are exacerbated by the arrival of digital natives in the federal workforce. These are individuals who have
grown up in an interconnected world and whose proclivity for sharing could inadvertently provide adversaries with information needed to target government systems.
In this new environment, federal agencies can’t rely on the traditional approach of revising cybersecurity strategies on a periodic, as-needed basis. Today, “as needed” means “continuously.” Agencies must continuously evolve their cybersecurity policies, processes, systems and expertise. Their adversaries are continuously evolving as well. They will exploit any gap that they see. And they will be successful.
That hard truth—that even the best defense can and will be compromised—is why agencies must stop thinking in terms of cyberdefense
and instead focus on cyber resilience. Once you accept that breaches are inevitable, the question is whether you can detect them quickly enough to mitigate the damage. And if damage is already done, can you continue operations?
Banks are a good example of this. When banks are attacked, they don’t have the option of simply taking a server offline while they fix the problem. Banks have developed resilient
S-16