April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Using an automated threat response framework to protect government infrastructure

Peter Clay

Unfortunately, none of us has any trouble imagining a security breach. Breaches are so frequent these days, so fast and so clever, that seemingly out of nowhere we could find critical infrastructure threatened, networks at risk, markets in danger.

Whether the mark is a government agency, a key part of the energy or communications infrastructure, or a too-big-to-fail financial institution, fear of security breaches keeps government security officers up at night. Every sizable institution is at risk, from retail chains to the Pentagon. While attackers will target any organization that stores valuable data—or even any entity that digitally connects to such organizations—there’s no richer or more resonant target than the government. Whether it’s for bragging rights or to make an ideological statement, taking down a piece of the essential infrastructure that keeps the country running has value beyond money for many cyber criminals.

In 2013, there were a stunning 47,479 confirmed attacks on public administration organizations—a segment that spans embassies, economic programs, the military, and other support organizations—and at least 175 of those attacks resulted in confirmed data compromise, according to Verizon’s 2014 Data Breach Investigations Report. Not unexpectedly, the public sector also leads the field in cyber-espionage, with 133 confirmed incidents, more than half of which occurred in the United States. Clearly, the government sector is a major target for hackers of all affiliations, both inside and outside the U.S.

An ever-evolving enemy demands a well-armed (and automated) response

As technology changes and evolves, cyber attacks change and evolve too. Attacks often come in looking like one piece of software code only to rapidly mutate and adapt to the target environment, proliferating at machine speed to expose weaknesses. In such an environment, new vulnerabilities and attack vectors are being identified and exploited, and security teams can’t keep pace with the number and sophistication of attacks. With a real shortage of security-literate professionals—as well as an economic environment full of unfunded mandates and continuing resolutions—it’s become increasingly difficult to keep up in the face of such relentless attacks.

The escalating frequency and complexity of attacks is making real-time cyber security management more complicated and challenging for public and private organizations alike. But the gap between risk mitigation and attack sophistication is most critical in the government space, where cyber threats challenge the nation’s security infrastructure. So how can government security officers ensure the rapid response and decisive take-down these attacks demand? They need to arm their people with intelligent and holistic security analytics and automation solutions that enable an agile and immediate response to some very devious enemies.

Instant action: closing the gap with automated threat response

During an attack, every second counts. While an attack can happen in an instant, it can take months to remove it from the infrastructure—while the damage continues to spread. Should skilled security professionals get bogged down in an endless loop of repeatable manual processes, or rely on smart automation to speed the response? Should team members spend critical attack time trying to integrate disparate tools and legacy systems, or use pre-integrated playbooks built on well-orchestrated actions? The answer is obvious.

Today’s state-of-the-art security operations center (SOC) requires well-honed protocols, advanced data gathering and analysis tools, and a modern threat-identity infrastructure. But integrating multiple point security tools is expensive and does not scale when the tools are supported by manual processes. Teams need a way to tie their security tools together with proven processes and protocols, with a dose of automation to make everything work at machine speed, to allow them to perform more sophisticated threat analysis and remediation.

After all, many highly-specialized SOC analysts spend significant amounts of time dealing with the manual aspects of the many advanced tools at their disposal. Countless personnel resources are expended on updating helpdesk tickets, uploading malware protections, testing hyperlink safety, and gathering information from infected machines. In fact, many organizations spend more time on repeatable manual tasks than they do on analyzing actual incidents or supporting more advanced security measures. With new automation and orchestration technologies, agencies can layer defense protocols throughout the organization—and reallocate valuable analyst time to support resilient operations and rigorous uptime requirements.

Calling the plays in an attack scenario: using proven protocols to orchestrate a response

An automated threat-response framework helps to bridge the gap between the security systems agencies have and the readiness levels they need. By unifying security tools and data feeds, security teams can integrate threat data from across the SOC, fine-tune systems to respond immediately to threat information, and orchestrate action in real-time across multiple systems.

Instead of analyzing and reacting to specific attacks as they happen, forward-looking agencies are cataloging active responses built from proven protocols they use on a regular basis. Building a smart, automated threat-response system begins with looking at discrete threat types and identifying the appropriate workflows, tools, and processes required for a successful response in each instance. Putting together a playbook that outlines these courses of action that can be orchestrated to execute specific threat-response scenarios allows organizations to reuse proven automations and workflows and connect them to larger response strategies. Over time, such playbooks can become digital libraries of approved actions that can be linked together to create active defense environments. Playbooks can continually collect organizational wisdom around security measures and provide SOC analysts with tested and adaptable sets of responses to multiple attack scenarios.

Playbooks and other tools in the threat-response framework combine an agency’s best personnel, processes, tools, and workflows and organize them into a dynamic, flexible, real-time security-response engine, forming the cornerstone of a more resilient overall security strategy. And in a world where agencies are fending off millions of attacks every year—each aimed at bringing down a critical piece of the government—that speed and agility matters.

Peter Clay is chief information security officer at CSG Invotas.


Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...