Although hackers are typically interested in infiltrating all types of organizations, government agencies are particularly attractive targets. Not only does the sheer amount of information make protection complicated, but the type of information agencies have is often sensitive, making it especially valuable to hackers and nation-state adversaries.
To make matters worse, agency systems often lack enough cybersecurity professionals to keep things secure, and many use outdated or legacy systems. Some of these systems can’t be cloud-enabled or moved from the hardware they run on. Often, these systems are considered an “acceptable risk” because they contain mission-critical data, yet they present security risks.
The most important challenge agencies face is protecting the data itself. Whether it exists in databases or other types of data stores, that data is vulnerable — and the data stores housing vulnerable information often have undetected vulnerabilities and misconfigurations.
A recent report from Trustwave found that database vulnerabilities were on the rise. The number of vulnerabilities patched in five of the most common database products increased by about 36% in the past year. Of those patched, many allowed denial-of-service attacks and some resulted in information disclosure.
“The actual data stores that house the most sensitive and potentially damaging mission-critical data has often been overlooked, often focusing just on protecting the endpoints, like laptops and servers,” said Bill Rucker, President of Trustwave Government Solutions. “We are just now starting to see a trend where data protection for those systems and data stores is being looked at through a different lens. Given today’s environment, this is a critically important change.”
Solution: Real-Time Threat Detection and Response
Comprehensively protecting critical assets requires both advanced data protection and threat detection and response. A data protection solution should include the most advanced capabilities available, including the ability to discover, inventory and monitor all data stores across the environment, both in the cloud and on premises; identify and audit excessively privileged user accounts; detect, alert and respond to policy violations; implement controls; and run analytics and reports.
But safeguarding data is only part of the solution. It must be complemented by real-time threat detection and response driven by high-level security experts who continuously evaluate log and data sources, along with endpoints, to identify potential threats and recommend proactive actions that can stop them in their tracks.
The most effective threat-detection and response solutions incorporate advanced automation, such as machine learning (ML) and artificial intelligence (AI), and integrate with an agency’s Security Orchestration, Automation and Response capabilities. This combination of capabilities creates economies of scale that humans can never hope to replicate. According to Rucker, it allows anomalies to be analyzed in seconds, as opposed to several minutes or hours.
Then, incorporate highly skilled cybersecurity analysts to add their expertise to those results.
“In our threat hunts with organizations, we almost always find at least one instance where there was either a compromise underway they weren’t aware of or an existing vulnerability that could cause a compromise in a mission-critical system,” Rucker noted.
Although it’s technically possible to implement and manage solutions such as these internally, doing so requires skilled cybersecurity staff and continually updating those solutions to take advantage of the latest advances. That’s why so many organizations are shifting toward a managed security services approach to supplement efforts. In this setup, the provider delivers advanced cybersecurity services, working as an extension of the organization’s internal cyber team.
“Adversaries only have to be right once, where we have to be right every time, for every system for every possible vulnerability,” Rucker said. “If you don’t have automation, efficient people and processes, and leading-edge technologies in place, it is a losing battle.”
This article is an excerpt from GovLoop’s recent report, “Data Protection Takes Center Stage (And It’s About Time).” Download the full report here.