This interview is an excerpt from our recent guide, The Future of Cybersecurity, which examines 15 trends transforming the way government safeguards information and technology.
These days, getting hacked is not a matter of "if" – it is a matter of "when". It is therefore increasingly important to have tools that provide visibility into what is happening on your endpoints in real-time in order to minimize the potential damage.
To discuss how the public sector can truly protect itself, we sat down with Ralph Kahn, Vice President of Federal for Tanium. Tanium is a next generation endpoint security and management firm that gives agencies visibility and control over every endpoint in just seconds. The firm also helps improve government quickly identify indicators of compromise (IOCs) and subsequently take the appropriate actions to minimize any damage.
Kahn touched on the recent OPM hack that compromised the personal information of more than 21 million federal employees. Part of the reason this occurred, according to Kahn, is that the government is working with older legacy technologies that are unable to protect against the ever-changing threat landscape.
“The government has thousands and thousands of applications out there that have been developed without the ability to incorporate newer security controls,” he said. “Unfortunately, it would be prohibitively expensive and time-consuming to replace them all. A more effective approach would be to look at our infrastructure, make the assumption that we’re going get hacked anyway, and then focus on being able to detect and remediate threats and intrusions much more quickly than we do today.”
Kahn also noted that even agencies with the most sophisticated and effective cyber defenses are susceptible to hacking by advanced and relentless opponents.
“The U.S. government has a lot of very sophisticated enemies trying to get at its information,” he said. “If the government truly wants to prevent something like the OPM breach from happening again, the focus needs to be on remediation. Agencies must have a much faster way to see what’s going on in their environment, and a much faster way to react when they see something inappropriate happening.”
This is where Tanium can help by minimizing potential damage resulting from successful attacks. Today, many network technologies provide a lot of data about what is transpiring on your network and what data is moving across your network boundaries, Kahn explained. The problem is that hackers are aware of this, thus they encrypt their attacks or hide data in other ways to make network technologies much less effective at catching them.
What organizations really need are tools that monitor data on the endpoint in real-time, then see which databases and data files are being accessed, and then look for patterns of behavior that are inappropriate.
“What our technology can do is look for IOCs that might already exist, and then correlate that with the data that you get from the network to get a holistic view of what’s going on in your IT enterprise,” Kahn said. “Tanium allows you to do that on the endpoint, by giving you the ability to query any information you need in 15 seconds across all your endpoints at scale. It doesn’t matter if you have a thousand or a million endpoints – Tanium can give you that information.”
At one large government customer, Tanium scanned over 150,000 endpoints for the presence of IOCs in less than 3 minutes. When IOCs were found, Tanium was able to automatically respond in seconds. This ability to detect IOCs and automate a response allows agencies to fight the intruders on a more level playing field for the first time. Automated detection of known threats also frees up cyber analysts to hunt for new intruders in the enterprise, further increasing cybersecurity.
Kahn explained that Tanium’s approach gives you a 360-degree view of your network in real time. “What’s important about that,” he said, “is that it gives your smart people the ability to make really good decisions. When you have good data and good tools, you can use them to make much better decisions about how to protect yourself.”
“Tanium’s hallmarks are three things: speed, scale and simplicity.” Kahn added: “The speed? We can get any data that you need off your endpoints in less than 15 seconds. Scale? We can provide that for up to millions of endpoints. And simplicity — the people who use our tools do it with a Google-like interface. You don’t have to be a rocket scientist to participate in cyber defense. You just have to know a little bit about your subject matter, and have the right tools. If you provide the people, we’ll provide the tools, and you can protect your data.”