Vendor Innovations in Cybersecurity: From Browsers to IoT to Mobile

By Tim Larkins, Senior Director, Market Intelligence and Corporate Development

Threats to network security have evolved and vulnerable attack vectors have expanded – from browsers to mobile devices to the increasingly interconnected appliances that are part of the Internet of Things (IoT). Vendors of cybersecurity solutions are now branching out beyond their initial niches to embrace wider aspects of security.

In immixGroup’s recent panel discussion during Cyber Ops Demo Day held earlier this month, six of industry’s most prominent vendors each described what they were doing to help prevent security breaches in this era of multiple security attack vectors.

Marlin McFate, federal CTO, Riverbed Technology, said his company has broadened its reach beyond network monitoring, application monitoring and user monitoring to security issues ranging from insider threat to exfiltration. Riverbed’s acquisition of FlowTraq has integrated that capability into its visibility solution. The technology allows for security problems to be analyzed from a behavioral perspective, to identify devices that are no longer acting like normal appliances or system users that are not actually part of the organization.

Read more of this post

Government Needs to Shore Up Security Readiness – Before the Next Shutdown

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

Whether it’s through government shutdowns or cyber threats, the possibility of government having to unexpectedly operate at reduced capacity is greater than ever. While it appears that the recent partial shutdown had minimal impact on security readiness, we should count ourselves lucky instead of expecting such an outcome to be the norm.

With the resumption of full government operations, all agencies, not just those affected, should take stock and partner with industry to shore up their posture in two areas, risk management and AI.

Risk Management

Government agency risk management strategies have traditionally emphasized the threat landscape and vulnerability of attack surfaces. Expect agencies to take a hard look at their risk posture to determine whether they’ve adequately factored in the impact of government shutdowns. This is an area where industry can play a role – helping agencies adjust their security readiness in an environment where reduced operations may become more of a norm.

Work with your government customer or prospect to ensure that proper backup and recovery capabilities are in place, that their systems and networks have the right kind of resiliency and segmentation solutions in place, and that the security personnel are equipped with the right tools to “put out fires” when workforce and capacity levels are compromised.

Read more of this post

Changes to DHA Will Impact Cybersecurity Needs

Lloyd McCoy Jr.By Lloyd McCoy, Market Intelligence Manager

The mandates in the National Defense Authorization Acts of 2017 and 2019 called for greater centralization of the military health system. We are now seeing these initiatives being set in motion. One prime example is the migration of the Army, Navy and Air Force’s more than 400 military hospitals and clinics under the umbrella of the Defense Health Agency. I recently attended an AFCEA luncheon where Dr. Barclay Butler, the Component Acquisition Executive for DHA, and Pat Flanders, DHA CIO, spoke extensively on the ongoing consolidation, as well as other initiatives which promise to impact how those selling IT should approach defense health IT leaders.

Measurability and efficiency are driving the trend toward centralization and standardization across the Defense Health establishment. This is particularly applicable for security vendors since DHA wants to instill commonality in cybersecurity services and tools — from the largest military hospitals to the widely dispersed clinics. The two leaders urged industry that when engaging with Army, Navy and Air Force hospitals and clinics, think of the big picture. How can your solution work and be applicable across the entire military health enterprise?

Measurability

Butler and Flanders spoke at length about the need to measure outcomes. For security solutions, that means being able to better monitor threats and speed of remediation. Nothing new on the surface, but this requirement becomes more complicated as more and more military facilities get subsumed under DHA, with all the network architecture and migration challenges that come with the transition. Having a steady dialogue with DHA or one of the service medical commands is critical to ensure that safety and security aren’t negatively impacted by these changes – while ensuring that the hospitals and clinics have robust capabilities for measuring and auditing their security posture.

Read more of this post

Behold the New Cybersecurity and Infrastructure Security Agency

By Kevin Shaker, Consultant

For a long time now, we have been talking about a change in the mission scope and organizational structure of the National Protection and Programs Directorate, the agency largely responsible for securing federal networks and protecting critical infrastructure. But now, it seems that the 2017 bill to rename, reorganize and solidify its role at the department has finally happened.

The agency has officially been renamed the Cyber and Infrastructure Security Agency or CISA. The president signed into law the CISA Act of 2018 on November 16, 2018. The bill had been looming over Congress for some time.

Here are a few things industry will want to know about the agency’s new facelift:

Read more of this post

FY19 Advice From DISA Industry Day

By Ryan Granato, Analyst

At their recent forecast to industry, DISA outlined a future built around mobility, cybersecurity, small businesses and the importance of targeted industry pitches. Here are key insights from DISA leaders for securing FY19 business:

Selling to DISA
When selling to DISA, it is paramount for industry to tailor their pitch to how their solutions can work specifically for outlined requirements and referenced pain points. According to Dave Bennett, director of DISA’s operations center, nine out of ten times what worked for industry commercially will not work for DISA. Even more so, he says that any pitches that reference past performance for industry will not be met with open arms. Bennett goes so far as to say, “I will zero my mind out. I will be singing la la la in the back of my head.” For best practices, Bennett says that industry must come armed with knowledge directly associated to the area they are looking to support.

Read more of this post

The Return of Space Command – The Space Force for Now

By Mark Wisinger, Senior Analyst

Space Force? Not exactly. The new FY19 NDAA features the requirement to re-establish Space Command – which is high-priority focus area for department policy makers in FY19.

DOD policy makers like John Rood, Under Secretary of Defense for Policy, have been developing a plan to meet the Congressional mandate to re-establish US Space Command, which was originally de-established back in 2002. In the short term, we are likely to see Space Command spun out of STRATCOM as a subordinate command, considering Space Command was originally folded into STRATCOM back in 2002. It’ll primarily be staffed with Air Force Personnel as it is stood up, sourcing from STRATCOM and Air Force Space Command.

Read more of this post

Key Highlights From the FY19 Cybersecurity Budget

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

The newly minted FY19 budget stands out because the federal government passed it on time and for the first time in nine years, government agencies begin the new year equipped to fund new and ongoing IT investments. In what is welcome, albeit not surprising news for security providers, cybersecurity remains the highest priority in the IT budget.

When it comes to security-specific spending, all signs point to the recently passed budget largely aligning to the initial agency wish lists.

Below are some of the key takeaways to help you map out your targeting strategy. Note that these figures don’t wholly encompass security spending as a substantial (though unknown) level of security spending isn’t formally recognized as such.

Read more of this post

Yes, the Public Sector Is Embracing IoT!

By Tim Larkins, director, market intelligence

Most analysts agree that by 2021, over 20 billion Internet-connected devices worldwide will make up a market for the Internet of Things (IoT) worth over $2.5 trillion. That means a huge market opportunity for vendors providing technology at every point — from the user device to the platform itself.

In a nutshell, IoT allows devices to link and exchange data. It’s not a discrete technology like business applications or infrastructure or even cybersecurity. It’s more like a wrapper around all other technologies and is comprised of five major elements:

  • The Edge: The devices, nodes and sensors actually collecting data
  • The Gateway: Either a physical device or software that allows data to flow from the edge to the platform
  • The IoT Platform: The operating environment, storage, computing power and development tools that receive data from the gateway
  • Software Applications: Programs that let users solve business problems, working with data stored in the IoT platform
  • Cybersecurity: The tools that protect all the nodes/sensors/devices at the edge and data transmitted through the gateway, platform, all the way to the user

Read more of this post

New DOE Office to Focus on Cyber Threats to Energy Sector

Tom O'Keefe

By Tom O’Keefe, consultant

Facing mounting cybersecurity challenges, the Department of Energy recently created a new office, the Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Karen Evans, a long-term fixture in cybersecurity in the federal government, was confirmed to lead the office on September 4, 2018. Dedicated to shoring up the cybersecurity of the U.S. energy grid, as well as protecting its own IT assets, the formation of CESER yet again demonstrates the government’s focus on protecting critical infrastructure from foreign attacks.

There are opportunities for industry within CESER, although it’s not your typical cyber play, like protecting against malware and viruses; it’s more about threat intelligence, information sharing and cyber situational awareness. Read more of this post

National Cyber Strategy – What Does It Mean for Those Selling Security Tools to the Government?

Lloyd McCoy Jr.

By Lloyd McCoy, Market Intelligence Manager

You’ve probably heard of the release last week of both the National Cyber Strategy and the Department of Defense (DOD) Cyber Strategy. Some of the priorities highlighted are robust information sharing, greater resilience, encryption, cyber scalability and hardening of IT systems. In fact, we’ve seen demand for these capabilities reflected in recent cyber budgets which have hovered between $13 and$15 billion over the last couple of years. While the documents bring together much of the cyber policies heard from the administration over the past year, there are some important key takeaways you should be aware of as we head into FY19.

Offensive Cyber
One of the most notable developments is a more overt embrace of offensive cyber operations. The DOD Cyber Strategy especially, hones in on this “defending forward” strategy, where the U.S. will confront threats before they reach U.S. networks.

By giving the government more latitude to conduct proactive and offensive cybersecurity, we could see more funding and resources allocated to these operations as early as next year. Expect more demand for network mapping and reconnaissance, data extraction, firewall tunneling and encryption/decryption tools, just to name a few. I expect most of the funding and demand for offensive cyber tools will be generally confined to U.S. Cyber Command and the intelligence agencies.

Read more of this post

%d bloggers like this: