Agencies need to consider how best to use tools like continuous monitoring and how to integrate threat intelligence into their protections. All of these efforts...
In the tech world, it's typically all about finding the singularly best piece of tech to solve a problem. The round is peg for the round is hold. But in the risk based approach, it's all about how you optimize a collection of tools and intelligence. I think of this as a diversified stock portfolio, for instance.
Chief Technologist, Federal, Trend Micro
A platform that can take feeds, whether they're from a vendor that has that platform or whether it's another vendor’s product that's running in the environment, but needs to contribute to that platform. So somewhere where we can collect all of the threat information and the metadata, and make sense of it all because a human can't get grips around that, right. It's got to be that security abstraction layer has got to take feeds from its own environment, third parties, no one vendor is going to provide a single solution to everything, especially zero trust.
Chief Technologist, Federal, Trend Micro
Over the last two years, agencies have come to the stark realization that traditional cyber protections just wouldn’t hold up against more sophisticated attacks and a workforce that isn’t behind the agency’s perimeter.
The Biden administration’s zero trust executive order and implementation strategy became the accelerator for agencies to change their approach to securing their applications, data and networks.
Agencies need to consider how best to use tools like continuous monitoring and how to integrate threat intelligence into their protections. These capabilities are part of how agencies are moving toward a highly adaptive approach to cybersecurity.
Of course, all of these efforts are important to agencies as they digitally transform their services and processes and move more workloads to the cloud.
David Abramowitz, the chief technologist at Trend Micro Federal, said a recent interaction with a customer put these challenges and opportunities in perspective.
The customer asked about how best to bolster their security posture given their current hybrid cloud environment.
“I was sitting in a meeting with a customer, and a comment was made about a competing product that they owned. The customer said, ‘Whoa, let’s just stop right here. I don’t really care if you don’t get along with this other vendor. That is not my concern, that’s for you to figure out. But if you can’t figure out how to play together, and how to bolster my security posture, so that the investments I’ve made I get more return on those because I’ve got the best of both of you, then I probably don’t want either of you,’” Abramowitz said on the Innovation in Government show sponsored by Carahsoft. “That’s a real eye opening thing. In the tech world, it’s typically all about finding the singularly best piece of tech to solve a problem. The round is peg for the round is hold. But in the risk-based approach, it’s all about how you optimize a collection of tools and intelligence. I think of this as a diversified stock portfolio, for instance.”
This diversified stock portfolio approach to security, if you will, comes because the hybrid cloud approach increases the complexity of an agency’s attack surface.
Abramowitz said managing system or data risk is about understanding which security tools have which capabilities and what data they are giving you to address threats in real time.
“Agencies want somewhere where they can aggregate and correlate all of the security information in one place. A concentration of information to correlate and deploy and make risk-based decisions on what the next step should be,” he said. “Organizations are very limited in their in their resources, so they appreciate those collaborative efforts. Going forward, in the new risk-based world, a collaboration of tools and intelligence becomes more important.”
One trend on the commercial side that is starting to gain traction in the federal sector is protecting intellectual property, financial transactions and assets and similar threats to an organization. Abramowitz said agencies also have the next level of systems to protect, which are critical to protecting and saving lives, such water or electricity or transportation services.
“Among the big challenges are IT systems touching operational technology (OT) systems and so we need to make sure we have the right hygiene and approach as the IT and OT systems interface more and more to limit that attack surface down to one single protocol running on an OT system,” he said.
The need to consolidate data and information about cyber threats from multiple products is another reason to move toward a zero trust architecture. The ability to use automation and orchestration to collect and analyze the data will help chief information security officers make faster and better decisions.
“A platform that can take feeds, whether they’re from a vendor that has that platform or whether it’s another vendor’s product that’s running in the environment, but needs to contribute to that platform. So somewhere where we can collect all of the threat information and the metadata, and make sense of it all because a human can’t get grips around that, right. It’s got to be that security abstraction layer has got to take feeds from its own environment, third parties, no one vendor is going to provide a single solution to everything, especially zero trust,” Abramowitz said. “We have a number of other vendors that provide third party integration into our platform because we can’t do it all. But we depend on those different technologies to give a more complete story about the users, the devices, the applications, the risk and the attack surface.”
A single platform to collect and analyze information also helps CISOs understand the risk score of any one system or database. Abramowitz said the risk score helps answer questions like: How do I compare to other organizations? Where are my weaknesses that I need to shore up? Where do I need to focus my resources on now?
“Those are the table stakes to even start to put together into in a rule for a zero trust policy to figure out is that the user is allowed to access this internal or cloud based application on the internet at this time through this device. And that has to constantly be monitoring happening in real time,” he said. “We’re starting to see the beginnings of agencies getting their arms around the environment because there aren’t a lot of policies in place right now that that go to that level that really police a user at a specific time and a device at a specific time. Typically what happens now is if I were to log in to a system, I would have access internally to all the applications and there’s no reassessment. Right, nobody is necessarily thinking about that. But that’s a critical piece. Every time I jump to a new application, or every time I try to access a different piece of data, I need to be reauthenticated. Things like that are starting to get into the thinking and strategizing of our customers. I think they’re making small steps now.”
Listen to the full show:
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Chief Technologist, Federal, Trend Micro
Executive Editor, Federal News Network
