Achieving Holistic Cybersecurity

No longer can security programs rely on an "if it's not broke, don't fix it" approach -- adversaries could already be inside systems, stealing data or probing for weaknesses. Too many CIOs and CISOs have thought their systems and data were secure when in fact they were anything but.

Security programs need effective protection of valuable information and systems to prevent data breaches, and to comply with the ever-increasing federal compliance requirements. Among others, there are the Federal Information Security Management Act (FISMA), the Privacy Act, policy and guidance from the Office of Management and Budget and the National Institute for Standards and Technology, the General Services Administration's Federal Risk Authorization and Management (FedRAMP) program, and the Federal Acquisition Regulation to be considered.

To be effective, CIOs and CISOs need timely cyber security insights to take proactive actions, because today's security challenges are greater than ever.

With massive increases in data, mobile devices and connections, security challenges are increasing in number and scope. The aftermath of a breach can be devastating to an organization in terms of both reputational and monetary damages, and can be experienced through three major categories of security challenges: external threats, internal threats and compliance requirements.

External threats

The nation faces a proliferation of external attacks against major companies and government organizations. In the past, these threats have largely come from individuals working independently. However, these attacks have become increasingly more coordinated, and are being launched by groups ranging from criminal enterprises to organized collections of hackers to state-sponsored entities. Attackers' motivations can include profit, prestige, or espionage.

These attacks target ever-more critical organizational assets, including customer databases, intellectual property and even physical assets that are driven by information systems. They have significant consequences, resulting in IT, legal and regulatory costs, not to mention loss of reputation. Many of these attacks take place slowly over time, masked as normal activity. The vector known as Advanced Persistent Threat requires specialized continuous monitoring methods to detect threats and vulnerabilities prior to breaches or loss of sensitive data.

Internal threats

In many situations, breaches come not from external parties, but from insiders. Insiders today can be employees, contractors, consultants and even partners and service providers. The causes range from careless behavior and administrative mistakes (such as giving away passwords to others, losing back-up tapes or laptops, or inadvertently releasing sensitive information) to deliberate actions taken by disgruntled employees. The resulting dangers can easily equal or surpass those from external attacks.

A strong security program must include capabilities to predict both external and internal threats and assess their mission impacts, validated by cognitive technology and cybersecurity experts serving mission operators.

Compliance Requirements and Effective Protection

Public sector enterprises face a steadily increasing number of federal, industry and local mandates related to security, each of which have their own standards and reporting requirements. In addition to the federal requirements noted above, there are sector-specific requirements like the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act (HIPAA/HITECH) for health information and Sarbanes-Oxley for financial information. And then there are state privacy/data breach laws, Control Objectives for Information and Related Technology (COBIT), and various international standards and privacy directives. Complying with these and other requirements often takes a significant amount of time and effort to prioritize issues, develop appropriate policies and controls, and monitor compliance.

To address external, internal, and compliance challenges through a proactive approach, mission-oriented cognitive cybersecurity capability is needed. To achieve such capability, four key areas must be addressed:

Security architecture effectiveness. Agencies must focus on rapidly accessing vulnerabilities in the security architecture and developing a prioritized road map to strengthen cyber protection that plugs security gaps and meets policy expectations. Ensuring the identity of users and their access rights, and reducing the number of privileged users, is critically important to effective security architecture.

Critical data protection. Agencies must focus on rapidly accessing the data architecture, and shortfalls in tracking and protecting critical data. Prioritized action plans can reshape data architecture for more focused security protection and improved continuous monitoring.

Security compliance. Agencies must focus on rapidly accessing compliance gaps and establishing a roadmap to prioritize issues, develop appropriate policies and controls, and achieve compliance.

A holistic security program. Effectively implementing the first three areas above enables agencies to lay the foundation of a program that addresses risk management and IT governance at the enterprise level. Organizations can then identify risks to critical business processes that are most important to mission success, as well as threats and vulnerabilities that can impact critical business processes. They can also craft appropriate IT governance, which is a key enabler of successful cybersecurity protection. IT governance provides the "tone at the top," emphasizing that ensuring security and privacy is the responsibility of all staff. In addition, consistent and standardized security protocols, privacy processes and technology configurations support protection at a lower cost.

Making a holistic program actionable

A holistic security program focuses on protection through continuous monitoring of systems and data. This involves moving from the traditional defensive-reactive approach to a defensive-proactive (predictive) approach, using cyber analytics to foster "security intelligence" that also protects privacy.

Continuous monitoring is now required by OMB and NIST mandates, and it can be supplemented using cyber analytics to proactively highlight risks and identify, monitor and address threats. As enterprises bolster their security defenses, predictive analytics plays an increasingly important role. Enterprises can conduct sophisticated correlations to detect advanced persistent threats, while implementing IT governance and automated enterprise risk processes– critical building blocks for enabling security intelligence.

This includes the ability to:

  • identify previous breach patterns and outside threats to predict potential areas of attack.
  • analyze insider behavior to identify patterns of potential misuse.
  • monitor the external environment for potential security threats.

Continuous monitoring, when combined with cyber analytics via security intelligence, can provide key cybersecurity capabilities. Along with analysis of cyber-threat related data sources (e.g., through DNS, Netflow, or query results), continuous monitoring provides the needed context for fusion of data -- data that can be analyzed using tools that produce actionable, meaningful and timely information for CISOs and CIOs to address the most important issues affecting their agency and deter and prevent cyber threats.

Even basic cyber analytics can be used to proactively highlight risks, and to identify, monitor, and address threats and vulnerabilities, helping agencies achieve predictive and preventive cybersecurity capabilities. However, cyber analytics can be greatly enhanced by cognitive-based systems -- which can build knowledge and learn, understand natural language and reason and interact more naturally with human beings. Cognitive-based systems can also put content into context with confidence-weighted responses and supporting evidence, and can quickly identify new patterns and insights.

Specifically, cognitive solutions have three critical capabilities that are needed to achieve security intelligence:

Engagement: These systems provide expert assistance by developing deep domain insights and presenting the information in a timely, natural and usable way.

Decision: These systems have decision-making capabilities. Decisions made by cognitive systems are evidence-based and continually evolve based on new information, outcomes and actions.

Discovery: These systems can discover insights that could not be discovered otherwise. Discovery involves finding insights and connections and understanding the vast amounts of information available.

Achieving cybersecurity protection preserves mission success while achieving key objectives for agencies' security program. By developing true security intelligence, government can move from a basic (manual and reactive) to an optimized (automated and proactive) posture to secure critical systems and the valuable information they house.

Achieving cybersecurity protection preserves mission success while achieving key objectives for agencies' security program. By developing true security intelligence, government can move from a basic (manual and reactive) to an optimized (automated and proactive) posture to secure critical systems and the valuable information they house.

FCW:

« Data Analytics Governance Gets More Important
Open Source Data Reveals Police Blunders »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Synovum

Synovum

Synovum was formed with the intention to provide high quality advice, consultancy, training and project management services to clients in all sectors of industry.

QTS

QTS

QTS Realty Trust, Inc. is a leading provider of secure, compliant data center, hybrid cloud and managed services.

Thinklogical

Thinklogical

Thinklogical manufactures secure, KVM, video, audio, and computer peripheral signal switching solutions for defence C4ISR applications.

Canadian Institute for Cybersecurity (CIC)

Canadian Institute for Cybersecurity (CIC)

The Canadian Institute for Cybersecurity (CIC) is a comprehensive multidisciplinary training, research and development, and entrepreneurial unit.

Eperi

Eperi

Eperi is a leading provider of Cloud Data Protection (CDP) solutions with 15 years of experience in data encryption for databases, (SaaS) applications and files.

Infinite Ranges

Infinite Ranges

Infinite Ranges delivers secure, comprehensive digital solutions by connecting experts with the best products and services for the digital age.

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

SEEDS conducts research and develops innovative cybersecurity technologies, tools, and methodologies that advance the energy sector’s ability to survive cyber incidents.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies offer an advanced innovation for AI security. The Bosch AIShield is the definite answer to safeguard your business against model extraction attacks.

eCloudvalley Digital Technology

eCloudvalley Digital Technology

eCloudvalley Digital Technology is a born-in-the-cloud partner focused entirely on AWS services across APAC region.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency of Thailand is responsible for coordinating and implementing national cybersecurity policies, strategies, and initiatives.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.