By Jim Hansen, VP of products, security and cloud, SolarWinds
Since 2006, U.S. agencies have been the victims of more than 100 cyber attacks.
In 2018, on average, there appears to have been at least one reported incident per month in the government sector. That indicates that cyber attacks aren’t slowing down. They’re ramping up.
The U.S. government is taking steps to combat these incidents.
Programs like the Department of Defense’s Comply-to-Connect and the Department of Homeland Security’s Continuous Diagnostics and Mitigation efforts are great examples of federal agencies proactively trying to get in front of hackers.
But there’s even more that can be done at a grassroots, day-to-day level.
Agencies can begin by fortifying their security defenses with their most valuable asset—their people.
And they can finish by employing technologies that can give those people the tools they need to maintain strong security postures that can turn away even the most aggressive attacks.
Here are three strategies federal agencies should consider adopting in their efforts to lessen the number of cyber-attacks against government organizations.
Put everyone in charge of security
Employees can be an agency’s most effective line of defense. People make security policies and, just like in an airport, can be the first to spot impending threats.
Remember the old adage “if you see something, say something”? It applies just as much in the federal IT space as it does anywhere else.
Maintaining good security must be everyone’s responsibility, not just a select few.
It is incumbent upon CIOs and security managers to instill a culture of information sharing among their colleagues no matter what position they hold.
Teach all agency employees to look for warning signs and share information immediately whenever they notice what might be a red flag, no matter how innocuous it may seem.
It’s always better to err on the side of caution, rather than pay a hefty price later.
Focus on continuous training and education
A recent SolarWinds survey of federal IT professionals found that 43 percent of respondents felt that inadequate user training was a barrier to system optimization.
That’s problematic for a number of reasons.
First, the less training a person receives, the more likely they may be to make a mistake—and mistakes can lead to the unintentional dissemination of critical information or allowing hackers (via things like phishing attacks) to gain a foothold into the network.
Second, lack of training could prevent IT professionals from becoming experts on how to use security systems effectively or understand evolving threat vectors.
Knowledge is, indeed, power.
To that extent, senior leadership should strive to continually impart and reinforce knowledge among federal IT administrators in charge of security.
This can be done in several ways—through weekly meetings, quarterly check-ins, threat reports, message boards, and more.
Ongoing user training is also essential.
Technology training can be augmented with sessions that focus on hacker tactics, the latest malware, insider threats, and other items related to risk management.
Regardless of the method, training must be held consistently and regularly, as the threat landscape is continually shifting.
Agencies should also strive to maintain compliance with Defense Department Directive 8570, which provides guidance and procedures for training, certification and management of government employees in charge of information assurance.
Support employees with the right tools for defense
An army doesn’t go into combat without the right weaponry.
Therefore, it’s important to arm security managers with an array of tools that can be used to effectively mitigate cyber threats.
Firewalls are, of course, critical, but can be ineffective if data exfiltration occurs over domain name server traffic.
Agencies need a more robust suite of solutions and strategies for detecting both external and internal threats.
Network monitoring technologies are important, as they can automatically scan for and alert managers to potential intrusions.
But agencies that employ hybrid IT environments—where some applications exist on-premises while others are hosted in the public cloud—should go beyond traditional network monitoring and employ methods that monitor data as it passes between their cloud provider and in-house data center.
(Learn more about the latest network management feature updates in SolarWinds® Network Performance Monitor, Network Configuration Manager, NetFlow Traffic Analyzer, VoIP & Network Quality Manager, IP Address Manager, Orion® Platform, and Orion Maps. Courtesy of SolarWinds and YouTube. Posted on Jun 6, 2019.)
There are other policies and procedures that agencies should consider implementing.
For example, since unpatched software is extraordinarily vulnerable, agencies may also wish to adopt a Microsoft-like “Patch Tuesday” mentality, setting aside a specific day of the week to update their systems.
They may also engage in regularly scheduled “red team” exercises that mimic real-world risk scenarios to test their agencies’ cybersecurity defenses.
When it comes to shoring up cyber defenses, there truly is no time to waste.
The next attack is imminent, and will probably happen this month if history is any indication. Agencies cannot afford to sit back and wait.
Taking some simple steps now can help turn back that attack before it has the chance to do significant damage.
About the Author
Jim Hansen has 18 years of experience building and delivering simple and easy-to-use software solutions in the security market.
He is passionate about customers, understanding their needs, and delivering solutions that make their jobs easier and their infrastructures and data more secure.
SolarWinds Returns to Compete in the 2019 ‘ASTORS’ Homeland Security Awards Program
As a 2019 ‘ASTORS’ Homeland Security Awards Program Competitor, SolarWinds Network Configuration Manager will be competing against the industry’s leading providers of Innovative Network Security, Access Control & Authentication, and Security Incident & Event Management Solutions.
Good luck to SolarWinds® on becoming a Winner of the 2019 American Security Today’s Homeland Security Awards Program!
Nominations are now being accepted for the 2018 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.
Comprehensive List of Categories Include:
| Access Control/ Identification | Personal/Protective Equipment | Law Enforcement Counter Terrorism |
| Perimeter Barrier/ Deterrent System | Interagency Interdiction Operation | Cloud Computing/Storage Solution |
| Facial/IRIS Recognition | Body Worn Video Product | Cyber Security |
| Video Surveillance/VMS | Mobile Technology | Anti-Malware |
| Audio Analytics | Disaster Preparedness | ID Management |
| Thermal/Infrared Camera | Mass Notification System | Fire & Safety |
| Metal/Weapon Detection | Rescue Operations | Critical Infrastructure |
| License Plate Recognition | Detection Products | And Many Others! |
Don’t see a Direct Hit for your Product, Agency or Organization?
Submit your category recommendation for consideration to Michael Madsen, AST Publisher at: mmadsen@americansecuritytoday.com.
SolarWinds® Takes Double Platinum in the 2018 ‘ASTORS’ Homeland Security Awards Program
SolarWinds
-
Best Network Security Solution
-
SolarWinds
Network Configuration Manager
-
Best Security Incident & Event Mgmt Solution (SIEM)
-
SolarWinds Log & Event Manager
-
*SolarWinds was also recognized in the2017 & 2016 ‘ASTORS’ Homeland Security Awards Programs with Platinum Award Wins.
The Annual ‘ASTORS’ Awards Program is specifically designed to honor distinguished government and vendor solutions that deliver enhanced value, benefit and intelligence to end users in a variety of government, homeland security and public safety vertical markets.
The 2018 ‘ASTORS’ Awards Program drew an overwhelming response from industry leaders with a record high number of corporate and government nominations received, as well as record breaking ‘ASTORS’ Presentation Luncheon Attendees, with top firms trying to register for the exclusive high – end luncheon and networking opportunity – right up to the event kickoff on Wednesday afternoon, at the ISC East registration!
Over 130 distinguished guests representing National, State and Local Governments, and Industry Leading Corporate Firms, gathered from across North America, Europe and the Middle East to be honored among their peers in their respective fields which included:
- The Department of Homeland Security
- The Federal Protective Service (FPS)
- Argonne National Laboratory
- The Department of Homeland Security
- The Department of Justice
- The Security Exchange Commission Office of Personnel Management
- U.S. Customs and Border Protection
- Viasat, Hanwha Techwin, Lenel, Konica Minolta Business Solutions, Verint, Canon U.S.A., BriefCam, Pivot3, Milestone Systems, Allied Universal, Ameristar Perimeter Security and More!
The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.
The 2019 ‘ASTORS’ Homeland Security Awards Program is Proudly Sponsored by ATI Systems, Attivo Networks, Automatic Systems, and Desktop Alert.
Enter today to Compete in the 2019 ‘ASTORS’ Homeland SecurityAwards at https://americansecuritytoday.com/ast-awards/.
2018 Champions Edition
See the 2018 ‘ASTORS’ Champions Edition – ‘Best Products of 2018 ‘ Year in Review’ for in-depth coverage of the outstanding products and services of firms receiving American Security Today’s 2018‘ASTORS’ Homeland Security Awards.’
Nominations for the AST 2019 ‘ASTORS’ Homeland Security Awards Program will officially open as of January 1st, 2019 at americansecuritytoday.com.
Enter Early to Maximize Media Coverage of your Products and Services at Kickoff, and Get the Recognition Your Organization Deserves!
And be sure to Register Early for the 2019 ‘ASTORS’ Awards Presentation Luncheon at ISC East 2019 to ensure your place at this limited- space event!
Why the 2019 ‘ASTORS’ Homeland Security Awards Program?
American Security Today’s comprehensive Annual Homeland Security Awards Program is organized to recognize the most distinguished vendors of physical, IT, port security, law enforcement, and first responders, in acknowledgment of their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
Why American Security Today?
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 70,000 readers at the Federal, State and local levels of government as well as firms allied to government.
The old traditional security marketplace has been covered by a host of security publications that have changed little over many years.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that provides our readers with solutions to their challenges.
Our Editorial staff provides a full plate of topics for our AST monthly digital editions, AST Website and AST Daily News Alerts.
The editorial calendar and AST’s high drawing website features 23 different Technology and Marketing Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities and Emergency Response among others.
These sectors are part of the new integration, where these major applications communicate with one another in a variety of solutions to protect our cities and critical infrastructure.
AST has Expanded readership into vital Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other Potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – enticing targets for extremist or lone wolf attacks due to the large number of persons and resources clustered together.
SolarWinds is a leading provider of powerful and affordable IT infrastructure management software, giving organizations worldwide, regardless of type, size or IT infrastructure complexity, the power to monitor and manage the performance of their IT environments, whether on-premise, in the cloud, or in hybrid models.
The company continuously engages with all types of technology professionals—IT operations professionals, DevOps professionals, and managed service providers (MSPs)—to understand the challenges they face maintaining high-performing and highly available IT infrastructures.
Learn More…
Strategies & Solutions to Enforce DoD’s Cybersecurity ‘Lines of Effort’
