1. Addressing Cyber Fundamentals

Improving Detection, Remediation, and Investigation Capabilities

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting, remediating or investigating incidents, especially at scale. New solutions are needed that enable IT operations and incident response teams to move quicker and act smarter across distributed networks, distributed clouds, and OS platforms while maintaining scalable performance.

 

The government would also benefit from reexamining the thinking behind how it approaches cybersecurity. A reevaluation of the efficacy of siloed efforts could help the government move from a layered approach to a more holistic approach. Siloed tools—which collect fragmented and outdated data—create a disconnect between the detection and remediation of security issues, making it much more difficult to boost the cybersecurity posture of the government as a whole.

 

Verizon’s recent data breach study shows that 99.9% of the vulnerabilities that were exploited targeted associated Common Vulnerabilities and Exposures (CVEs) that had been known for more than a year prior to the compromise. In 71% of these cases, a patch addressing the exploited vulnerabilities had been available for more than a year at the time of compromise. These striking statistics illustrate that organizations at every level remain highly vulnerable to cyber attacks and are struggling to implement even basic protections. Global organizations are constantly under siege from malicious attacks, but only a relatively small percentage of these attacks are highly sophisticated or zero-day in nature. One of the fundamental principles of cybersecurity is to work effectively with operations teams to shrink an organization’s attack surface, and the key to this is to be able to issue critical patches rapidly throughout the entire network infrastructure as needed, as well as enforce ongoing security hygiene at scale to ensure the status of every connected device is known and available at all times. Cybersecurity fails when organizations rely on manual and unreliable processes to gather data. When such processes take weeks, rather than seconds or minutes, it cripples an organization’s ability to conduct breach investigations, remediate intrusions completely and maintain desired security configurations to ensure a high-level of cybersecurity readiness.

Add tags and help us assess and classify your idea. Pick from the list below or type in a new tag.

Voting

0 votes
Public Input
Idea No. 139