5. Sharing of Threat Intelligence

What does this mean in my environment and are you reliable?

Instead of mandating information sharing we should look at this issue as one of national security. For example, if there were a potential for pandemic, that information would first be thoroughly investigated by the CDC and others before being communicated to the broader public to prevent unnecessary panic. That’s a good thing. The challenge with information sharing is that it has the potential to create more noise,... more »

Voting

1 vote
Public Input

4.Adopting a Threat-Aware Proactive Defense

Where am I in the kill-chain and who is trying to hurt me?

i. Though the level of intelligence we have will continue to grow over time, by definition it will always be incomplete. While it’s useful to focus on external intelligence we must obtain better intelligence on internal environment, focusing on risk factors. Using the LMCO kill-chain model, we can start to map activity to phases. However taking this view from a single “observable” in a network is insufficient because... more »

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

Big data for the big picture

i. This is a big data for cyber security issue. It’s difficult to find a managed system that is not able to report on network and OS-level activity (e.g. Syslog, SNMP, etc.). We’re not talking about a log-manager or SIEM but rather the resulting data (structured and unstructured) being transferred securely into a data repository for link analysis, correlated with various sources of threat intelligence and end-point... more »

Voting

1 vote
Public Input

2. Business Initiated Vulnerabilities

Remember Bell-LaPadula?

Multi-level access controls such as Bell-LaPadula have been in place for government applications for a very long time with good success. Why not implement a similar model for access across the board. A well defined business environment should understand where critical data is located and the risk involved with that data and control access based on area of responsibility or job function. Users and hosts should be limited... more »

Voting

1 vote
Public Input

1. Addressing Cyber Fundamentals

Rethinking Audits into Real-time Situational Awarness

It is time to rethink the notion of an audit from something that happens periodically to some that can be continuously analyzed at will, in real-time. It is unacceptable that an organization wouldn’t have complete visibility into activities associated with all users, hosts, and applications within their network infrastructure. This becomes minimal acceptable hygiene, a starting point, inclusive of threat intelligence... more »

Voting

1 vote
Public Input

5. Sharing of Threat Intelligence

Implement a security and threat information exchange platform

A collectively stronger cybersecurity ecosystem means better protection for consumers and businesses. Alliances between incident responders across various industries and organizations are forming today, to help prevent cyber-attacks and to help reduce their damage. Microsoft Interflow, using a distributed architecture, enables sharing of security and threat information within and between communities for a collectively... more »

Voting

1 vote
Public Input

5. Sharing of Threat Intelligence

Unified Security Practice Manager

There is already a significant volume of cyber threat and vulnerability information shared, as well as numerous programs designed to assist the process. What we don’t need are new structures and new programs – government should look to improve on existing ones rather than attempt to reinvent the wheel. Timeliness is key – push out more and better information earlier. Industry still feels like the government to private... more »

Voting

1 vote
Public Input

4.Adopting a Threat-Aware Proactive Defense

Unified Security Practice Manager

“Quantitative Security”, is a new big-data approach to security that has the potential to fundamentally improve an agency’s level of protection and transform the way we sell security products. The high-level idea is to collect and analyze security telemetry from tools and sensors in order to come up with “quantitative” prescriptions about how a change in sensors settings or the deployment of a new sensor or module... more »

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

Unified Security Practice Manager

The answer may not be “innovation” but going back to basics. It starts with comprehensive asset management. An agency has to identify ALL hardware and software assets on its network. You can’t scan hardware for configuration errors or software for missing patches if you don’t know those devices exist. Every unknown asset is a potential threat vector. This will also help compress breach-to-detection-to-response times.... more »

Voting

1 vote
Public Input

1. Addressing Cyber Fundamentals

Unified Security Practice Manager

Inconsistent security controls are often a result of human error. A move to “Orchestration”, or an approach that automates control implementations can lead to more effective and relevant utilization of controls. Benefits include: Enabling the Software Defined Data Center Centrally define security policy Security policies move with VMs Reduce security as a choke point; accelerate business agility and responsiveness by... more »

Voting

1 vote
Public Input

2. Business Initiated Vulnerabilities

Adopt the Security Development Lifecycle

The Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost. The SDL is composed of proven security practices that work in development organizations regardless of their size or platform. It consists of multiple phases in which core software assurance activities are defined. Computer... more »

Voting

1 vote
Public Input

6. Solving the Talent Search

Tech Platforms Can Reduce Pressure on Overburdened Workforce

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »

Voting

0 votes
Public Input

5. Sharing of Threat Intelligence

Open Platform, Standards-Based Approach to Sharing Threat Intel

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »

Voting

0 votes
Public Input

4.Adopting a Threat-Aware Proactive Defense

Using Threat Intelligence to Establish Proactive Defenses

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »

Voting

0 votes
Public Input

3. Breach-to-Response Acceleration

Tools for Rapid Detection and Remediation

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »

Voting

0 votes
Public Input