This interview with Sean Applegate, Director of Technology Strategy & Advanced Solutions at Riverbed Federal, is an excerpt from GovLoop’s recent guide, Securing Government: Lessons from the Cyber Frontlines. In this guide, we review five tactics government organizations are using to enhance their cybersecurity.
Cyberthreats are not static – they constantly evolve to target different vulnerabilities in new ways. Therefore, cybersecurity tools and strategies cannot remain static either. Yet many agencies struggle to match their cyber defense to the speed of their attackers.
To understand how agencies can integrate adaptive capabilities into their cybersecurity strategies, we spoke with Sean Applegate of Riverbed, a planning, configuration, and continuous monitoring solutions provider for large enterprises. He explained that an integrated suite of technologies will streamline threat analysis and prepare organizations for future attacks.
Achieve Full Network Visibility
Applegate outlined the steps to identifying, combating, and ultimately deterring cyberattacks. “It starts with understanding where you’re at today and making sure that view of your infrastructure is maintained in real time. The easiest investments you can make early on are looking at ways to map your network and infrastructure, so you actually know what it looks like and how it is configured,” he said.
Applegate added that one of the biggest barriers to effective security is having a top-down monitoring strategy that doesn’t enable collaboration across organizational silos. When an agency is organized by department or technology stacks, working across teams often reduces time to detection and resolution.
“The goal of IT is to facilitate the agency mission,” said Applegate. “And to do that, we must know what our infrastructure looks like, what normal business traffic and transactions look like, and then be able to work together when unusual events occur.”
Riverbed’s SteelCentral solutions can help achieve this goal. “Our tools can actually map and monitor every part of your infrastructure to let you understand exactly what the network and applications looks like, then allow you to manage change, track compliance, analyze real-time traffic and then conduct predictive analysis against that environment,” explained Applegate.
As an added benefit, infrastructure threat and survivability modeling enables an agency to improve response plans by identifying key infrastructure weak points. “In a lot a cases, the same tools we use for network security monitoring are used for performance monitoring functionality as well. This enables agencies to extract more value from their investments,” said Applegate.
Create a Detection and Mitigation Plan
Once you've achieved full visibility of your network, The next step is to understand what’s actually transpiring from your clients to your applications or servers, or the Internet,” Applegate continued. “Learning what’s normal, how your applications communicate, how users access those, and their dependencies is critical for identifying unusual activities such as an advanced persistent threat (APT) or insider threat. Riverbed’s SteelCentral solutions help identify when unusual activity is present.”
Tightly integrated solutions and processes save time, a critical factor when combating an attack. “Riverbed’s SteelCentral monitoring portfolio includes industry-leading flow, packet capture and application transaction analysis solutions,” said Applegate. “Riverbed provides high level dashboards to use across the enterprise gain insight into both performance and security events, with the benefit of fast right-click drill-down to forensic details such as the packets or application transactions.”
Identifying what’s normal allows agencies to detect anomalies that indicate threats or intrusions. This detection should be followed by action. “The next step, in many cases, is getting to root cause analysis and containment,” said Applegate. “Knowing there’s an event is one thing, but quickly digging into the forensic details, determining scope and containment are key. Again, the right-click ability in our solutions makes it easy to analyze packets or application transactions in seconds, and if a zero-day event is present right-click to contain it by disabling the switch port it is connect to. For organizations comfortable with software-defined responses this step can even be automated for faster containment.”
Proactively Analyze Weaknesses
A continuous monitoring platform, like that offered by Riverbed, provides agencies the capability to quickly react to threats. At the same time, an integrated suite of network mapping and monitoring tools allows government to proactively enhance security – as well as network operations. Providing a nice return on investment.
“If an organization wants to mature their practices, they can use the network planning and modeling functionality from Riverbed to conduct threat analysis modeling,” said Applegate. “For example, you can use SteelCentral modeling solutions to execute threat modeling for common DDOS or amplification attacks, then analyze penetration depth, survivability based on response decisions or mission-impact on critical application performance. This enables leadership to contemplate, ‘If we are being attacked in a specific manner, what’s the specific impact on my mission and my operational capabilities?’”
By using an integrated set of visibility solutions, agencies can do more than just monitor and counter cyberattacks; they can also strengthen their defenses against future possible incidents.