For government agencies, the harsh reality is that cyberthreats never stop evolving. New dangers emerge daily, ranging from hostile foreign nations to cybercriminals. The tactics used by these bad actors are constantly shifting. Whether agencies like it or not, their networks are permanently under siege.
New advances in people, processes and technology are transforming agencies’ cybersecurity. Fresh approaches – like behavior analysis and endpoint security – are making agencies’ cyber defenses stronger than before.
To learn more, GovLoop recently spoke with Bob Palmer, Senior Director, Software Solution Strategy at SAP National Security Services (NS2), an enterprise software provider. Palmer explained how agencies can reinvent their cybersecurity in three steps.
1. Put policy first
Agencies need sound direction and training on cybersecurity best practices, or their workers will end up in treacherous waters. Palmer recommended agency leaders establish clear guidelines for their employees’ cyber hygiene. For example, good policies often include warnings about the latest phishing attempts. Phishing involves imitating trustworthy sources online to obtain sensitive information from users.
“Bad actors know all it takes is one employee to not follow good security practices,” Palmer said.“Network users are security’s weakest link.”
2. Adopt behavior analysis
Behavior analysis measures the actions happening on an agency’s network. According to Palmer, agencies derive the most benefit from it by determining how their networks “normally” operate. Next, agencies can continuously monitor their networks for abnormal behaviors that might indicate attacks. This approach goes beyond traditional anti-virus protection; it can identify new malware for which no digital signature is yet known.
Palmer listed suspicious IP addresses, lateral movement of systems’ data, phishing email messages, and anomalous user activities as potential risks agencies encounter. “The whole system’s behavior can be analyzed in context,” he said. “Then, anomalous actions can be stopped, and the affected equipment quarantined before massive damage is done or data is stolen.”
3. Embrace emerging technology
New technologies such as machine learning (ML) can be game changers. ML tools automatically learn from experience and can operate far more quickly with less human involvement. The results are dramatic savings in energy, money and time.
Endpoint detection and response (EDR) gives agencies another set of valuable capabilities. EDR monitors personal computers, servers and mobile devices for suspicious behavior, so agencies fully understand the events unfolding on their networks in real-time.
Inbox detection response (IDR) provides an additional layer of cyber defense. IDR mixes human and machine analysis to continuously monitor email inboxes for potential cyberthreats. For instance, users can conveniently flag suspicious messages for cybersecurity personnel and machine learning scans to examine. “To the extent this process can be automated, it can help organizations keep up with the volume of emails they receive,” Palmer said. “It makes the employee part of the solution rather than part of the problem.”
Ultimately, cyberdefenses aren’t one-size-fits-all. Any agency can embrace the same innovative spirit driving robust cybersecurity, and SAP NS2 can help.
This article is an excerpt from GovLoop’s recent report, “Innovations in State and Local Cybersecurity.” Download the full report to explore the ways technology can make cybersecurity cheaper, stronger and more efficient, as well as groundbreaking tools and techniques for healthy cybersecurity here.