This blog post is an excerpt from a recent GovLoop resource: A Holistic Approach to Cybersecurity in Government.
To keep pace with the frequency and sophistication of evolving cyberthreats, agencies can’t rely on reactive security defenses and techniques. They need security solutions that enable them to be nimble and adapt to their changing IT and business environments.
What agencies need is a layered security defense that ensures they’re prepared to quickly detect and thwart malicious actors before they wreak havoc on government networks.
“The term layered security describes a defensive strategy featuring multiple defensive layers that are designed to slow down an attacker,” according to SANS Institute, a nonprofit that specializes in cybersecurity training. “The military calls this deep defense or defense in depth.”
This type of defense is not dependent on tools alone or solely human expertise, but rather a combination of tools and sound insight to ensure agencies are equipped to defend against a range of cyberthreats.
“The solutions we’re building are very adaptive for this type of environment,” Usman Choudhary, Chief Product Officer for ThreatTrack, said. “We account for the fact that you’re going to be in this hybrid or mixed environment with cloud-based services and internal services, as well as a more amorphous notion of a network because the network is not only something that’s in your building but it transcends your enterprise.”
Agencies must also consider the explosion of devices connecting to their network — both government-issued and personal devices. That’s why ThreatTrack’s solutions provide complete coverage, including Web, email and bring-your-own-device (BYOD) environments, all the way to the endpoint. Its comprehensive suite accounts for all facets of agencies’ hybrid environments.
“We’re not only providing agencies with tools that are doing detection and prevention, but we’re also creating and have solutions that are proactive in nature,” Choudhary said. “Our solutions help agencies to simulate attacks and predict what type of risk they have before they’re exploited.”
The main priority for agencies is to clearly and quickly determine when an attack is taking place. But the issue they face is that many solutions stop at the detection phase. Instead, ThreatTrack examines the attack progression of what’s taking place, so that agencies aren’t blindsided if malicious activity isn’t completely rooted out of the network and later resurfaces in another form.
“We show the attack progression in a way where it really reduces the time you otherwise would’ve spent chasing after false positives,” Choudhary said.
If you consider the nature of most targeted attacks, they usually don’t involve a bad actor sending a single piece of malware to an individual. In many cases, attackers mount broad spear phishing campaigns by sending seemingly legitimate emails to a host of people in an organization. The attackers cast a wide net, but they often use a specific type of malware that’s trying to find the path of least resistance to penetrate the network. Or they may use various types of malware and direct that malicious code at a particular role within an organization, such as a system administrator or chief financial officer.
ThreatTrack aggregates data on these types of attacks as they’re unfolding and shows the correlation between the current attack and previous attacks with similar characteristics.
“We give you that historical view, but in a real-time context,” Choudhary said. “It’s important to have that data at your fingertips because that is the critical time when you can stop the attack from spreading.”
“We want to make sure that whoever’s analyzing this doesn’t miss the forest for the trees,” Choudhary added. “A lot of other solutions focus too much on the trees, and we’re trying to raise that bar to look at the forest – the holistic view of the environment.”
ThreatTrack’s deep knowledge in the cybersecurity space — particularly in responding to advanced persistent threats and malware — spans decades, and that knowledge is infused into the company’s solutions. The benefit for agencies is they don’t have to invest heavily in services to supplement those solutions. To help agencies see the big picture when it comes to network security, ThreatTrack solutions provide automated warnings of future events and immediate issues that should be addressed.
But timely and accurate information is only valuable when the people who need it the most can understand it and use it to make better decisions. ThreatTrack developed its solutions with two primary user groups in mind: security analysts and IT network staff. Data is tailored to fit the needs of these and other user groups or personas.
For example, ThreatTrack can provide security analysts with analytics, specifically insights showing them what happened leading up to a cyberattack and whether that type of attack has ever been used against the organization. The ability to view aggregated data in a format that’s appropriate to an employee’s role can save time that is vital to subverting an attack.
“We built a framework that services data about what else is happening on the host besides the malware attempting to attack or infiltrate that host, and the data is in business terms that you can understand,” Choudhary said.
But ThreatTrack’s efforts to empower and equip government security personnel don’t stop there. The company’s team of cyber experts are constantly innovating to provide greater insights and visibility to those charged with securing the network.