The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting, remediating or investigating incidents, especially at scale. New solutions are needed that enable IT operations and incident response teams to move quicker and act smarter across distributed networks, distributed clouds, and OS platforms while maintaining scalable performance.
The government would also benefit from reexamining the thinking behind how it approaches cybersecurity. A reevaluation of the efficacy of siloed efforts could help the government move from a layered approach to a more holistic approach. Siloed tools—which collect fragmented and outdated data—create a disconnect between the detection and remediation of security issues, making it much more difficult to boost the cybersecurity posture of the government as a whole.
During the course of day-to-day business, certain risks must be accepted in order to ensure productivity and operational continuity. These risks are sometimes obvious but can be very difficult to identify and track in order to monitor and remediate accordingly. Examples include unapproved software usage, network connections, privilege escalations, data transfers, and the disabling of controls. Each of these issues can lead to serious risk or long-term impact in terms of both increased risk of outside intrusions and data leakage from insider threats. Organizations need to carefully adopt technologies that are capable of accurately producing a complete inventory and audit of every globally distributed asset at any scale and within seconds. This agility through speed at scale is of the utmost importance in order to effectively monitor and rapidly respond to unforeseen business-initiated vulnerabilities, which can come in virtually any form at any time, including users installing malicious applications, disabling host-based security controls and copying sensitive data to external drives. Finally, platforms need to be flexible to adapt to changes as methods, approaches, technologies and behavior evolve over time. These adaptations help prevent well-versed bad actors from being able to develop bypass strategies.