Agencies need to break down silos between organizations to monitor the growing volumes of data transiting IT networks, Gigamon’s chief product officer says.
The Biden administration’s cybersecurity executive order and national cyber strategy have helped spur a wholesale modernization of federal cyber defenses.
Agencies are now moving to adopt and advance zero trust architectures. Speaking in September at the Billington Cybersecurity Summit, Federal Chief Information Officer Clare Martorana said Chief Financial Officer Act agencies are in the “high 90% range” for zero trust implementation.
Zero trust relies on moving away from perimeter-based cyber defenses, especially as organizations have become more dispersed and mobile. But Gigamon Chief Product Officer Michael Dickman said relying on the security of endpoint devices “is like a perimeter defense.”
“It’s just a new kind of smaller perimeter,” Dickman said during Federal News Network’s Cyber Leaders Exchange 2024. “How do we make sure we bring a cybersecurity mentality to data in motion, including lateral movement within an organization, within data centers and in between clouds, remote sites and users?”
Dickman pointed to how endpoint detection can fail because of social engineering, phishing and just plain old “bad technology.”
“After that moment, we can’t allow it to be open and easy, to go back and forth through the environment, moving data, et cetera,” Dickman said. “And so that’s where you need a key strategy for cybersecurity implementation that includes watching data in motion, especially lateral movement, in between all these domains.”
The Cybersecurity and Infrastructure Security Agency has been working to standardize cyber defenses across agencies. In September, CISA issued the Federal Civilian Executive Branch Operational Cybersecurity Alignment (FOCAL) Plan. The goal is to “align collective operational defense capabilities” to reduce risks to more than 100 civilian agencies, CISA said of the plan.
Dickman applauded efforts to break down silos both within and across agencies for the purposes of advancing collective cyber defense. He said that can be particularly important because hackers often take advantage of a lack of communication between different organizations.
“One thing I hope comes about is to have those centralized services and shared services within the federal government in particular to be able to have complete view of data in motion and communications between the silos,” Dickman said. “And the agencies and other groups share what’s happened within them.”
Under the cyber executive order and corresponding zero trust push, agencies have also been directed to collect more log data and take other actions to detect unauthorized access to information systems.
Dickman said artificial intelligence will be crucial to helping agencies make sense of their cybersecurity data and separate signal from noise.
“You need to have the complete data to feed the AI so it makes the right decisions because, by definition, it can’t correlate what it doesn’t see,” he added. “And so there’s a problem of too much data, but there’s also a problem of completeness. And so having more completeness of a smaller volume of data is what will allow that automation and AI itself to be effective.”
Dickman said automation is crucial amid the fast pace of cyberattacks, regardless of whether organizations are using security information management, data lakes or observability platforms.
“Different horses for different courses, if you will, but you have to bring in that automation,” he said. “In today’s complex world, manual inspection and identification and detection, it’s not possible.”
Discover more articles and videos now on Federal News Network’s Cyber Leaders Exchange 2024 event page.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Follow @jdoubledayWFED