In the federal government, the security landscape is ever-changing. Threats have evolved beyond standard random viruses and bored teenagers launching denial of service attacks. The current threat landscape is riddled with highly sophisticated, targeted tactics. Consequently, agencies are being forced to look at security specific to their risk profiles, rather than in general. Of course, all organizations need firewalls, intrusion detection & prevention and virus scanning. However, the real threats are always going to be unique to each environment, because every enterprise, whether it’s a corporation or a government entity, has its own targets of value.
“Everyone has a network, but not everything on it has the same value. Federal agencies need to identify their high value targets—those that need to be defended and scrutinized more than other assets.”
-Erika Horton, Splunk Architect at August Schell
As a result of the federal government threat landscape, risk assessments have to be sophisticated and specific because you can’t guard all things at all times; you need to know the areas in which you must be on high alert. Agency security teams need to be aware of where threats are most likely to come from. For example, when it comes to the federal government, Russia, China and North Korea are common sources of state-sponsored attacks, thus traffic from those areas is of primary concern. It’s key to visualize both what’s attempting to come into the network and where it’s coming from. Additionally, extra emphasis must be placed on active monitoring and threat hunting.
As the federal cyberthreat backdrop evolves, agencies are increasingly looking to climb the maturity model for security. Moving from passive monitoring into active monitoring and active threat hunting will be key to defensive success. Pattern recognition, machine learning and behavioral analytics can help identify typical and atypical patterns of behavior, which can identify internal and external threats—these tools are becoming a regular part of security programs throughout the federal government. Pattern recognition simultaneously protects against insider and outsider threats. It’s effective in instances where a user is actively working to access things they shouldn’t, as well as in a standard outsider threat scenario in which a user account is compromised and used to launch or escalate attacks. Overall, security technology is evolving, getting smarter and more specific, and it’s integrating features like machine learning and AI with increasing frequency. These kinds of capabilities are becoming indispensable to cybersecurity in the federal government.
As security moves to the forefront of operations, there’s broader awareness. In the past, in an agency setting, some people got advanced security training. Now, everyone gets some pretty solid security training when they first come on board. There’s a bigger push to meet compliance standards, increased focus on utilizing frameworks, and more attention being given to best practices, whether from vendors or agencies. As security has gotten smarter, operations teams are resisting the urge to put so much security in place that average workers can’t get their jobs done. There’s been an understanding within the government and its evolution of thinking where organizations realize that if standards are too strict, then people bypass security completely. There’s been considerable progress toward making sure that availability and accessibility is less impacted by security than it was a decade ago.
Everyone realizes that cyberthreats are real and you have to be on guard against them. It’s not that people are less concerned, but rather, cyberthreats have become more frequent and targeted. Thus, there’s a better understanding of what a security threat really is and how to guard against it. This hasn’t necessarily led to a more relaxed posture, but there’s not the same fear of the unknown.
“I think in the past, people used to love to play up the mythical magical hacker. But today, people who work in the field realize and understand how unrealistic that is, and they know what’s actually going to secure you against a threat, especially in the federal government. As a result, they’re less terrified as opposed to more terrified.”
-Erika Horton, Splunk Architect at August Schell
If you’re a federal agency, you know how rapidly government cybersecurity has changed, and how it continues to change. Don’t forget that advanced persistent threats are a primary concern—those are the attacks with the biggest consequences. Recall Equifax: the hackers broke into a system and siphoned out data over the course of months; they didn’t steal it in ten minutes. Breaches are going to happen, you just have to catch them in a timely manner.
If you’re looking to improve your security posture, or would like to know which emerging security technologies would be best to integrate into your agency, August Schell can help you. Let’s talk about your security goals today, or feel free to give us a call at (301)-838-9470.