Palo Alto Networks Unit 42 threat research team released its 2015 Application Usage and Threat Report (AUTR) analyzing and correlating data from more than 7,000 organizations over a 12-month period gaining broad visibility into critical trends. Findings show SaaS- based applications grew 46% in three years, 79 unique remote access applications were found with more than 4,400 organizations using five or more. Over 40% of email attachments and nearly 50% of all executables were malicious while over 10% of all malware activity is macro-based. The average time to weaponization of a world event – creation of cyber threats exploiting things everyone is talking about – was 6 hours. According to Security Planet., on average the government fends off 60,000 cyber- attacks a day.
To better understand how state and local gov- ernments can create a stronger security posture, GovLoop spoke with Kenny Holmes, Public Sector Security Evangelist at Palo Alto Networks, pioneer of the enterprise-level next generation platform.
Holmes stated that attackers use all different tactics and applications to gain entry to networks – from sophisticated techniques to simple phishing attacks. Government agencies attempt to thwart these attacks by deploying a myriad of solutions, but these solutions are often released in a vacuum without thought to the agencies overall security posture.
Holmes explained that agencies often try to solve cybersecurity issues with piecemeal, siloed solutions because in part they don’t have visibility across their networks. “We realized that governments faced a major challenge in getting proper visibility into their networks, desktops, and increasingly the cloud. They need to have that foundation to move into an automated prevention-based approach.”
In order to improve visibility for agencies, Palo Alto Networks decided to stop focusing on ports and protocols and instead looks at security from the applications, users and content perspective. Organizations believed that web and email are the only way attackers are getting in, and invested in security for just those vectors. But many threats use legitimate applications to get onto the network. “Agencies need to be able to connect applications, users and content together, as this gives them the ability to shrink the attack surface,” explained Holmes.
Shrinking the attack surface can go a long way in helping state, city, and county CISO’s feel a little more secure. “From a CIO perspective a breach can decimate your budget, personnel, and the public’s faith,” said Holmes. “Citizens are legally obligated to continue doing things like paying their taxes, so it’s our job to make sure that information is safe – and just as importantly that the public trusts that the information is safe.”
One of the ways state and local governments can gain the public trust is to use a cybersecurity framework like the to help create a stronger security structure. “If you understand the effort behind how the NIST security framework was developed, you should recognize why it should be used pervasively,” said Holmes. While states are not mandated to follow the framework, many are adopting its best practices, as the framework allows them to put proper gap analysis in place to measure effectiveness. “Ultimately a security platform and framework allows agencies to change from a detection posture to a prevention posture. We cannot sit back and just wait for the bad guys to come. We have to make it cost so much to breach the infrastructure that they’re going to move on. Meanwhile we share this threat data with the global community called the Cyber Threat Alliance allowing every participant to secure and defend itself against these same attacks”, said Holmes.
In order to ensure that infrastructure is as secure as possible, Palo Alto Networks recommends a platform approach due to its visibility and automated defenses. “We built a platform that looks at networks, endpoints, and the cloud as one,” said Holmes. “ A platform its highly-automated and natively integrated.” He added that, “every time additional capabilities are added, they requiring little to no intervention providing full visibility across the entire platform. “
One state that has taken advantage of Palo Alto Networks approach to security is Wisconsin. The Badger State’s security plan emphasizes visibility across the network, endpoint, and the cloud from a software-as-a-service perspective. “In Wisconsin, they were able to implement these security measures while lowering operational spend, or operational activity,” said Holmes. “It was a tremendous example of how security can be improved with little or no additional operational costs by eliminating other point solutions and previously manual or home-grown processes.
Ultimately, by organizing and monitoring an entire network through an integrated platform approach, rather than a collection of individual security products, an agency can be much more secure and efficient.