Most government agencies know the importance of cybersecurity but many of these organizations lack best practices surrounding processes to secure their systems and infrastructure. Fortunately, the private sector offers a variety of solutions for many of the cybersecurity problems government face.
In order to better understand the government solutions the private sector offers, Kevin Brownstein, General Manger of Federal Systems Engineering Practice at RSA; Faisal Iqbal, Chief Technology Officer at Citrix, U.S. Public Sector; and Anto Tossounian, Director of Federal Solution Consulting at ServiceNow gave some industry insights during GovLoop's recent “What’s on Fire in Government Cybersecurity” training.
From the discussion three trends became clear:
The approach to security must change. Cyberattacks typically begin with an initial compromise that leads to a breach or exfiltration of data. “Almost all breaches happen within days of the compromise however, most breaches are not discovered until months after they are perpetrated,” Brownstein explained. Remedying this discrepancy is what RSA focuses their cybersecurity solutions on.
Currently, most agencies are approaching security by focusing almost solely on prevention and neglecting monitoring of and responses to attacks. Brownstein emphasized that this approach is problematic because, “agencies cannot stop every attacker from entering a network but they can increase monitoring and response efforts to decrease infiltration and diminish the adverse effects of an attack when a network is infiltrated.”
In order to move towards a more holistic approach to cybersecurity, the importance of the three main capabilities have to be equally weighted. Visibility and analytics, identity and access assurance, and risk intelligence are all crucial to securing networks. Brownstein underscored, “we must abandon failed, prevention based approaches and begin focusing on monitoring and response efforts in order to most effectively secure networks.”
Virtualization is the next big thing in security. The common convention that data is only as secure as the device it is on is becoming less true as virtualization becomes more common. Iqbal explained, “virtualization adds an inherent security element to devices by separating the potentially sensitive information from the device itself.” Two main benefits of virtualization are compliance-as-a-service and the ability to isolate application entry-points.
Compliance-as-as-service enables the device to separate from the application. This promotes data integrity by allowing the data to be stored in a central location and not on the device. As a result, devices are no longer a security risk when the data that used to be housed on them is virtualized. For example, if a laptop is stolen, sensitive information is still safe because it is located in a cloud based application rather than on the device itself. Additionally, Iqbal emphasized that the platform is incredibly easy to roll out and allows for controlled access to applications across devices.
A critical source of network vulnerability is URL intrusion, as an intrusion can easily occur if a government employee checks their personal email or Facebook on a government server. This issue can be solved by virtualizing and removing browsers from endpoints. Iqbal explained, “by putting the browser in the cloud security can be controlled and even if the browser is infected, it does not compromise the end point device.”
Security operations and IT infrastructure have to unify. The cybersecurity attack spectrum typically flows from preventing attacks, to detecting attacks when they occur and analyzing attacks once they take place. ServiceNow continues the process by offering response perspectives and solutions after the analysis phase. “The response stage aligns security incidents with critical business services so an agency can prioritize business services and ultimately what incidents are the biggest threat to the agencies mission,” Tossounian explained.
ServiceNow operates on a single platform and is able to quickly identify new vulnerabilities and assign individuals to incidents, ultimately mitigating the risk as quick as possible. “Automating processes and unifying the platform significantly reduces the amount of time it takes to identify incidents and resolve the attack on the infrastructure,” Tossounian emphasized. Breaking out of silos and taking a unified approach to incident response bridges the gap between security and operations, increasing organizational security and risk posture.