3. Breach-to-Response Acceleration

How can agencies effectively address current time lags with detection of and response to vulnerabilities and threats that will significantly compress breach-to-detection-to-response times? Please include ideas on how government agencies can expand capabilities beyond reacting to known threats through programs like Einstein, to identify new threats and zero-day exploits in near real-time.

Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.

3. Breach-to-Response Acceleration

Big data for the big picture

i. This is a big data for cyber security issue. It’s difficult to find a managed system that is not able to report on network and OS-level activity (e.g. Syslog, SNMP, etc.). We’re not talking about a log-manager or SIEM but rather the resulting data (structured and unstructured) being transferred securely into a data repository for link analysis, correlated with various sources of threat intelligence and end-point ...more »

Submitted by

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

Unified Security Practice Manager

The answer may not be “innovation” but going back to basics. It starts with comprehensive asset management. An agency has to identify ALL hardware and software assets on its network. You can’t scan hardware for configuration errors or software for missing patches if you don’t know those devices exist. Every unknown asset is a potential threat vector. This will also help compress breach-to-detection-to-response times. ...more »

Submitted by

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

Tools for Rapid Detection and Remediation

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting, ...more »

Submitted by

Voting

0 votes
Public Input

3. Breach-to-Response Acceleration

ACT-IAC Membership Meeting Ideas

Data anomalies don’t necessarily catch the extrusion of compressed data and it must be consistently and constantly applied across government. However, the technology is there for content encryption; polices are needed that govern content distribution/risk, allowing focus on critical risks.

Submitted by

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

Cyber Battlerooms to learn to recognize adversary action

The old adage "it takes 10,000 hours of practice to become an expert" is very true in cyber defense. We can't teach people to prevent zero day exploits but we can provide an inexpensive way to show what happens when an exploit is used. Technology today is finally available to provide ubiquitous Cyber Battlerooms, like Netflix, where you log into the cloud and "play" on a Virtual Clone Network of a government agency, ...more »

Submitted by

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

Cyber Hotline (SuperSIG)

Clarify a “hotline” reporting channel for people who suspect an issue, in agency or government-wide – if a user sees a potential problem, can check with team to for tech assistance on whether it’s real and what are next steps. Sort of a help desk for cyber reporting.

Submitted by

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

Breach to Response Acceleration

3) How can agencies effectively address current time lags with the detection of and response to vulnerabilities and threats that will significantly compress breach-to-detection-to-response times? Please include ideas on how government agencies can expand capabilities beyond reacting to known threats through programs like Einstein to identify new threats and zero-day exploits in near real time?

Submitted by

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

3) How can agencies effectively address current time lags with t

: With these key recommendations, we believe that the government can better leverage commercial technologies to deploy a platform that blocks all known threats within minutes of discovery by injecting new controls into key locations down the Kill Chain. Second, this platform should also have the ability to discover new attacks automatically by statically and dynamically analyzing files passing through the networks. ...more »

Submitted by

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

Response Time--Combines Technology, Threat Knowledge, & Skills

Agencies must plan for success. Increasing response time is a combination of technology, threat knowledge, and skill sets of cybersecurity practitioners. Lag time exists because organizations unable to effectively integrate practitioner skills, threat knowledge, and technology. Although agencies are in possession of effective tools (e.g., Einstein and CDM) that collect indicators and signatures of malicious traffic crisscrossing ...more »

Submitted by

Voting

2 votes
Public Input

3. Breach-to-Response Acceleration

Supported ITAPS recommendations, part 2

Consistent with the concept that security is the responsibility of all employees, all agency employees should be educated and trained on general incident response planning concepts and any related responsibilities, including how to notify response organizations, the information to report, and other relevant activities. All incidents, exercises, and general activities offer opportunities to learn and improve planning. ...more »

Submitted by

Voting

2 votes
Public Input