The following blog post is an excerpt from a recent GovLoop guide: Your Cybersecurity Crash Course. We solicited the GovLoop community to learn their top cyber challenges. In the report, we answer 12 of their most pressing cyber questions.
In a rapidly expanding cyber landscape, agencies must ensure they have deployed the right IT solutions to spot common abnormalities, automate alerts and conduct role-based monitoring to proactively stop attacks and protect information.
“Government has definitely been talking about cybersecurity and cyberattacks as the next battle ground for the last few years,” said Eric Chiu, president and founder of HyTrust, in an interview with GovLoop. But the problem for many is that intruders are already inside the network, and the stakes are higher than ever before.
To prevent attacks, organizations are aggressively seeking solutions to improve the visibility and control of internal networks. This means understanding how data moves across networks and securing cloud environments, while providing the proper access to information that empower decision makers.
At HyTrust, the company is looking at ways to ensure security, compliance and availability. One way it does this is by enforcing policy over every action that is attempted in a cloud environment. For instance, if an administrator should not be permitted to copy or delete virtual machines, they should be restricted from those capabilities. If they skirt around security protocols, the action should be denied and other administrators should be alerted of the unwarranted access. Chiu also noted that for sensitive operations, organizations should consider implementing the “two-man rule,” which requires a second person to authorize sensitive or dangerous operations like copying or deleting virtual machines with sensitive or critical data.
“A lot of people talk about continuous monitoring and it’s a great initiative. However, you need to monitor the right activities, and the world is moving past the traditional perimeter-based security approach,” said Chiu.
With more people using the cloud and mobile devices, the idea of having a “perimeter” in which your data is neatly stored and hosted, has disappeared. With changes to how data flows across networks, public sector organizations need to take a new approach.
This is why role-based monitoring is so important. “Role-based monitoring means that you are monitoring specific actions of users and administrators within your environment, especially when they are managing systems that house sensitive data,” said Chiu. “You can then compare what they are doing versus what their role is, what they should be doing, and what they typically do in your environment. Once you gain this kind of awareness, you can recognize when things are essentially out of place.”
If an attempt is made to access data, the only way to know if it is legitimate or not is to be able to monitor actions and compare them to what that individual should be doing on a network. This is why role-based monitoring is an imperative piece to your cyber defense programs.
“We have built-in alerts that not only send email alerts to higher teams of people, which say this activity is happening that looks suspicious and is triggering your alerts, but we can proactively stop the action as well. So let’s say this person doesn’t have the role to make copies of virtual machines or make copies of classified virtual machines. We can stop the action before it ever happens,” said Chiu.
To get started with improving network resilience, Chiu offered a few suggestions that organizations can take to increase security. “In this day and age you have to assume the bad guys are already in your network,” said Chiu. “That one simple assumption would dramatically change how agencies secure critical systems and data.”
This is because by acknowledging that people are already in their networks seeking to compromise data, cyber officials can start taking proactive steps to minimize impact, and reduce or eliminate the threat. Organizations could then deploy access control, the two man rule, role-based monitoring, or encrypt data for additional security. “Those initiatives come about because you have shifted your thinking, and recognize that perimeter security is no longer adequate,” said Chiu.
Another step to take is to be sure to be monitoring the normal course of business for security and compliance purposes. This will help you develop the right controls, and not just monitor activity, but also prevent incidents from occurring.
With emerging technologies and solutions, organizations can have the confidence that they have taken the proper steps to secure their data and networks.
To learn more about cybersecurity, be sure to check out the report: Your Cybersecurity Crash Course