This interview with Pamela Warren, Director of Government and Industry Initiatives at Palo Alto Networks is an excerpt from GovLoop’s recent guide, Securing Government: Lessons from the Cyber Frontlines. In this guide, we review five tactics government organizations are using to enhance their cybersecurity.
Attackers use a multitude of tactics and applications to penetrate networks today – from sophisticated techniques to age-old cybercrime tactics such as drive-by downloads. In response, government agencies deploy a myriad of solutions, each serving a different security function. Yet even with these investments, organizations continue to experience breaches. Why?
To better understand the current cybersecurity landscape, we spoke with Pamela Warren of Palo Alto Networks, a provider of enterprise-level, next generation platforms. Warren explained that agencies often risk cybersecurity with piecemeal solutions for today’s problems. She also described how a platform approach to security reduces risk, while adding value to an agency.
Common Mistakes Hinder Security
Warren explained that government organizations make four common mistakes when trying to secure their information systems. The most basic error, she said, is failing to have visibility to what is happening on your network: “What we’re seeing is that many organizations are unaware of what applications they are even running on their network.” This ends up being a major barrier to effective cybersecurity because it leaves unseen gaps in security for attackers to target.
But even for those applications that administrators do approve, Warren said they often don’t contextualize their use. “Administrators aren’t tying applications to users or user groups. They may whitelist certain applications to be used on their networks, but it’s really the Wild West once the attacker is inside. So in the case of credential theft, if effective virtual segmentation by user or user group is not established, the attacker has unfettered access with that account.”
Moreover, Warren explained, “Organizations believe that web and email are the only way attackers are getting in, and invest in security for just those vectors. But the next threat may use another application to get onto the network. One recent attack in critical infrastructure used an old token ring application within TCP/IP to launch the attack, for instance.”
Agencies also often rely on disparate security solutions that don’t work together to improve the overall security of the network. “[Agencies] apply a lot of security, but they’re still coming up short,” said Warren. “They acquire malware detection, firewalls, URL filtering, and advanced threat detection, but each one of those capabilities on their network is running almost virtually in standalone mode, even if they’re using unified threat management.”
Instead, security functions must be integrated and share insights in real time, to prevent zero-days and other attacks. “If one function is not informing the other, they’re not necessarily any more secure,” said Warren.
Similarly, intra-agency cohorts must work together. “We should be aggressive about security and feel like it’s a responsibility we take seriously across the organization, regardless of whether it’s the network team, the security team, the data center team, or the endpoint team,” said Warren. But instead, “Groups are arguing over who has security, budget, and responsibility.”
A Platform Approach Streamlines Security
In order to address these issues, Warren said organizations should assume a platform approach to security and employ a cohesive security strategy with distinct roles and responsibilities across all teams. This approach is in direct contrast to the disparate security products approach that some agencies take.
“[With a platform approach], you can simplify cross-departmental administration,” said Warren. “You can centrally manage all security appliances and key security functions and unify your security policies, deploying your configurations and policies across all security functions. You can unify your enforcement capabilities across every aspect of your network and simplify the collection and analysis of logs from multiple locations. You can cover your internet edge, your data center, your mobile devices, and any other endpoints, regardless of how far-reaching your network is.”
Furthermore, a platform approach to security simplifies network management and reduces product footprint. For example, one government customer had 80 different devices managing their network security. Palo Alto Networks was able to perform every function with just 8 platforms. In fact, Warren said the new devices actually stopped more threats than the systems they replaced.
A final benefit of the platform approach is its ability to break down barriers between security, network, and other IT teams. As security is coordinated and correlated across the network, Warren said departments can work more closely to ensure that the integration of security functions and visibility overcomes previous organizational siloes.
Ultimately, by organizing and monitoring an entire network through a platform approach, rather than a collection of individual security products, an agency can achieve more holistic and effective cybersecurity.