4.Adopting a Threat-Aware Proactive Defense

How should the government expand beyond its emphasis on perimeter defense and even defense-in-depth, and instead put more relative resources toward combining actionable threat intelligence with robust response and resiliency strategies and architectures that account for the adversary’s point of view?

Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.

Question: 4.Adopting a Threat-Aware Proactive Defense

Where am I in the kill-chain and who is trying to hurt me?

i. Though the level of intelligence we have will continue to grow over time, by definition it will always be incomplete. While it’s useful to focus on external intelligence we must obtain better intelligence on internal environment, focusing on risk factors. Using the LMCO kill-chain model, we can start to map activity to phases. However taking this view from a single “observable” in a network is insufficient because ...more »

Submitted by

Voting

1 vote
Public Input

Question: 4.Adopting a Threat-Aware Proactive Defense

Unified Security Practice Manager

“Quantitative Security”, is a new big-data approach to security that has the potential to fundamentally improve an agency’s level of protection and transform the way we sell security products. The high-level idea is to collect and analyze security telemetry from tools and sensors in order to come up with “quantitative” prescriptions about how a change in sensors settings or the deployment of a new sensor or module ...more »

Submitted by

Voting

1 vote
Public Input

Question: 4.Adopting a Threat-Aware Proactive Defense

Using Threat Intelligence to Establish Proactive Defenses

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting, ...more »

Submitted by

Voting

0 votes
Public Input

Question: 4.Adopting a Threat-Aware Proactive Defense

Think Like The Adversary

By nature, defensive safeguards place the adversary in control; he need only breach one point of weakness to reach success. In contrast, the defender must attempt to cover all possible weaknesses. Shoring up these weaknesses becomes a costly enterprise and the economies of scale help ensure the attacker maintains the advantage. Current security tools independently address weaknesses; suites of tools offer more complete ...more »

Submitted by

Voting

1 vote
Public Input

Question: 4.Adopting a Threat-Aware Proactive Defense

Design defense around your mission or business Cyber Key Terrain

What is your most important line of business or function of your agency? What are your crown jewels (as another author here wrote)? What is the risk to those? What does the enemy want to achieve? This is the just the starting point of protecting your agency or business. Today, it is important to create a threat-aware proactive defense around your Cyber Key Terrain (C-KT) and manage the risk per line of business or ...more »

Submitted by

Voting

1 vote
Public Input

Question: 4.Adopting a Threat-Aware Proactive Defense

Blue Team / Red Team Requirements (SuperSIG)

Create Blue Team audits followed by Red Team operations performed by pre-qualified contractors or in-house staff using efficient contract services vehicle managed by GSA. Focus is beyond standard penetration testing and embraces “hunting” tactics largely used by DOD Red Teams to emulate adversaries. Increases resiliency and ability to enhance capability to address early indicators of APTs.

Submitted by

Voting

1 vote
Public Input

Question: 4.Adopting a Threat-Aware Proactive Defense

Threat Aware Proactive Defense

4) How should the government expand beyond its emphasis on perimeter defense and even Defense in Depth, and instead put more relative resources toward combining actionable threat intelligence with robust response and resiliency strategies and architectures that account for the adversary's point of view?

Submitted by

Voting

1 vote
Public Input

Question: 4.Adopting a Threat-Aware Proactive Defense

Start with the Crown Jewels & Stop Spreading Peanut Butter

Currently, the government is still focused on perimeter defense will only a shallow defense-in-depth strategy. The problem centers on an enterprise architecture that is designed to usually protect the entire network at the same level, thus peanut butter spreading network defense resources. Agencies fail built a network defense strategy that focus on protecting their crown jewels, vulnerability reduction, and adversary ...more »

Submitted by

Voting

2 votes
Public Input

Question: 4.Adopting a Threat-Aware Proactive Defense

Supported ITAPS recommendations

(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force) How should the government expand beyond its emphasis on perimeter defense and even defense-in-depth, and instead put more relative resources toward combining actionable ...more »

Submitted by

Voting

2 votes
Public Input

Question: 4.Adopting a Threat-Aware Proactive Defense

Adopt content-centric security of data

Adopt content-centric security of data using digital rights management techniques to protect data at the source and track exfiltrations of data that depart from pre-set boundaries.

Submitted by

Voting

3 votes
Public Input