Beyond Cyber Hygiene

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

Helping agencies lock the door to keep external threat actors out of IT networks, combined with education and training, can only go so far in protecting government assets. There will always be vulnerability.

Public sector networks, with their treasure trove of sensitive information, face vigorous targeting by nation states and cyber criminals looking to steal anything they can get their hands on. Cyber-attacks remain one of the clear and present threats of our time with an intensity that shows little signs of abating.

So, how can those selling security solutions to government help mitigate threats when good cyber hygiene isn’t enough?

Preemptive Hunting
Protecting agency networks from cyber criminals requires thinking like the adversary. Putting oneself in that mindset to consider where they would go next, identify what trails they would lead, what you would do at each stage of a cyber-attack, etc. This approach can be more effective at preemptively isolating vulnerabilities than simply reviewing alerts after the fact.

Figuring Out What You Can Interrupt
A follow on from thinking like an adversary is figuring out what can be interrupted. What are the steps an adversary will take to get to administrative privileges within a government network for example, and how can it best be interrupted? How would they get to the point where they are masked and how can those attempts be stopped? Here speed matters, as detection and investigation need to occur in minutes before the adversary can cause lasting damage.

Embracing the Cloud
While security concerns related to cloud adoption persist, they are evaporating. In fact, government agencies should be educated on how cloud can augment security. The ability to aggregate threat data, while leveraging cloud-scale AI, will advance vulnerability analysis. The end result will be fewer “unknowns” as it’s likely that the malware or vulnerability identified by an agency, another has already seen. One thing to note, this will require a far greater level of information sharing among government agencies to really see the benefits of crowdsourcing as a method for early detection and proactive patching.

Knowing your Network
One of the biggest challenges government agencies face, and where industry can help, is helping them know what’s on their network. You can’t defend what you don’t know and so understanding the network topology are table stakes when it comes to defending a network.  This is a task made more complex with the growing prevalence of cloud, mobility, IoT and Shadow IT.

Planning for Compromise
Help your government customers maintain a plan for when they are breached. It’s a matter of when, not if, for many of them. I use the word maintain because what it means to be resilient will evolve as the threat evolves. As mentioned above, an important step is an evaluation of what they have in their network but also, they need to think through scenarios like what happens to the survivability of a network if a phishing link is clicked, what is our backup plan, etc.

Those overseeing the $15 billion a year in federal security spend know that their IT environments will never achieve zero vulnerability or zero threat. In your conversations with C-level executives and program managers, show how you can help their office, branch or agency be better postured to handle the inevitable. Demonstrate you can utilize your visibility, analytics or cloud-based solutions to better understand threats and bad actors and be more proactive in defending your network and determining next steps after a breach.

Keep up with government IT trends. Subscribe to immixGroup’s Government Sales Insider blog.

The 2019 Government IT Sales Summit will be held November 21 in Reston, Virginia. Learn more.

This article was originally published in Washington Technology online magazine.

About Lloyd McCoy Jr.
Lloyd McCoy is a manager on immixGroup’s Market Intelligence organization. He has a M.S. in Strategic Intelligence from the National Intelligence University, a M.A. in Public Policy and a B.A. in Political Science, both from the University of Maryland. Lloyd leads the commercial arm of the Market Intelligence team, leveraging market analysis and purchasing trends to help Arrow’s suppliers and partners shorten their sales cycles. Prior to joining immixGroup, Lloyd was a senior analyst in the Intelligence Community for eight years, serving in a variety of senior analytic and project management positions in the U.S. and abroad.

One Response to Beyond Cyber Hygiene

  1. Todd S says:

    There is also something else I would add:

    → Data Sharing Amongst agencies, they are unlikely to share information with the private sector but there should be a way where agencies can share on the problem and how they fixed the problem
    → Cloud computing – there needs to be more training and automation to reduce the number of errors, configure templates and design VMs or EC2 instances that are consistent across the board
    → Create a security dashboard where agencies can see fixes, this will help with the oversight and compliance aspect of ensuring assets are protected
    → Work with Dept. of Energy, Dept. of Commerce (Nist in particular) to come up with better scenarios because the existing protection mechanisms are not working
    → Invoke the use of tools like SELinux, ML (Sophos, Deep Learning, BluVector) among others to help address the thousands of attacks, we don’t have the level of personnel to address all of them, we need a better way that will thwart the attack before it happens
    → Capture metrics that are indicative of an attack and develop scaling/priority mechanisms to determine the level and severity of the attack

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: