By Paul Parker, Chief Technologist, Federal and National Government, SolarWinds
As we move closer to the United States midterm elections, cybersecurity has become a hot topic of conversation.
From Facebook to the Department of Homeland Security, both private and public organizations have become extraordinarily cognizant of the potential threats posed by external hackers.
Earlier this year, Director of National Intelligence Dan Coats sounded the warning bells.
In his Worldwide Threat Assessment of the U.S. Intelligence Community, Coats wrote:
“The potential for surprise in the cyber realm will increase in the next year and beyond as billions more digital devices are connected—with relatively little built-in security—and both nation states and malign actors become more emboldened and better equipped in the use of increasingly widespread cyber toolkits.”
(Testifying at a Senate Intelligence Committee hearing on worldwide threats, Director of National Intelligence Dan Coats said the U.S. is “threatened by cyberattacks every day.” Courtesy of CBS News and YouTube. Posted on Feb 13, 2018.)
As the defense sector continues investing in connected devices, thereby increasing the complexity of its networks, it’s creating additional access points for hackers to exploit.
It may also be making it more challenging for federal IT professionals to lock their agencies’ virtual doors, monitor their networks, and keep data protected.
This is challenging, but not impossible.
By focusing on people, technology, and planning, federal network administrators may get a better handle on their networks, while strengthening security policies that can keep the “nation states and malign actors” at bay.
Hire the right people, and train the ones who are already in place
Hackers are smart. They learn from being deterred.
If a particular type of intrusion doesn’t work, they’ll continue to test security perimeters in new ways that federal IT professionals may be unprepared to combat.
As such, it’s extremely important that agency personnel are continually trained and encouraged to learn about threat tactics and hackers’ latest exploits.
This knowledge can be critical to detecting and reacting to potential threats.
It can also be instrumental in forming the appropriate security policies and protocols to better protect agencies.
Agencies should make investing in ongoing security education and training a top priority.
IT teams should also proactively use and scour all of the resources at their disposal—including social media channels, networking groups, and threat feeds—to keep up to speed on hacker activity, malware, and more.
This is a simple, yet effective, way to keep on top of rapidly evolving trends.
Hiring the right people is also important, but that alone can be a challenge.
ISACA predicts that there will be a global shortage of cybersecurity professionals by next year.
However, as set forth in the federal cybersecurity work force strategy, the U.S. Office of Personnel Management (a 2017 ‘ASTORS Platinum Award Winner) will help agencies develop security career paths and “foster opportunities for employees to obtain new skills and become subject matter experts in their field.”
(Learn More. National Security Advisor John Bolton says the U.S. is under attack daily from cyberspace, including attempts to “undermine democracy. And as such, the U.S. will now use offensive as well as defensive cyber strategies to counter that threat. Courtesy of Wochit News and YouTube. Posted on Sep 20, 2018.)
Arm employees with the proper tools
As networks become larger and more complex, they can become tougher to monitor and manage.
Today’s defense agencies are dealing with massive amounts of data, thousands of connected devices, and private, public, and hybrid cloud infrastructures.
Manual monitoring approaches and traditional network management and security tools will likely be ineffective in these environments.
There are too many access points and applications, both in-house and at hosted sites, and too much information that can be easily compromised.
Effective security and network monitoring go hand-in-hand with solutions that can automatically scan and respond to potential anomalies, wherever they may be.
(Successful threat mitigation requires continuous monitoring of network configuration changes and potential policy violations, but this process needs to be automated, fast, and reliable. Continuous real-time monitoring and alerts for automated detection and remediation of harmful security violations is essential. See how SolarWinds® Network Configuration Manager (NCM), provides these benefits—and more. Courtesy of SolarWinds and YouTube.)
For example, if an application becomes compromised, it can be difficult to trace the problem back to its source, particularly if that application exists within a hybrid IT environment.
The problem could lie within the hosted data center, or it could reside on the agency side.
Teams need tools that provide deep visibility into the entirety of their networks, so they can locate and quickly correct the issue before it becomes a critical problem.
Likewise, agencies dealing with a copious number of devices should have a means of tracking devices as they appear on their networks.
Here, user device tracking, which tracks users via MAC and IP address, can be highly beneficial.
If a rogue or unauthorized device attempts to access the network, administrators have the ability to track it directly to its user.
That user could be completely innocuous—an employee attempting to use their personal tablet on a DoD network, for example.
But they could also be a member of a foreign hacking group, or a bad actor who obtained a DoD employee laptop that may have been erroneously left behind.
Without the proper tools in place, there may be no way to know, and certainly no way to immediately block the device or shut down network access privileges.
(By combining SolarWinds Bandwidth Analyzer Pack and User Device Tracker, you can quickly identify high bandwidth users. Bandwidth Analyzer Pack resolves their IP address and hostname, and then User Device Tracker instantly provides the associated Active Directory user info, the user’s MAC and switch port location. Courtesy of SolarWinds and YouTube.)
Develop—and continuously update—security strategies
Most readers will likely already have done this, but it’s certainly worth repeating.
Proactively developing a comprehensive and sound security strategy is an absolute must.
This strategy should not simply be bullet points in an email, but a well-formulated plan that outlines exactly what steps should be taken in case of a breach.
It should include a list of employees, the information they can access, and a whitelist of acceptable devices.
Additionally, it should highlight the tools that the agency uses to combat threats.
The security strategy should also be continually updated.
Threats do not stand still; neither should security plans.
In addition to their daily checklist of action items (log reviews, application patching, etc.), IT teams should plan on testing and updating their security procedures on a regular cadence—annually, at minimum, if not more frequently.
Of course, agencies should also deploy continuous network monitoring to ensure that good security remains a priority 24 hours a day.
(See how you can use maps to help quickly find where performance bottleneck reside. Gain the capability to map your application and infrastructure dependencies, and accelerate the troubleshooting process. Courtesy of SolarWinds and YouTube.)
External threats are ramping up.
The president’s 2017 National Security Strategy makes this utterly clear:
“Cyberspace offers state and non-state actors the ability to wage campaigns across political, economic, and security interests without ever physically crossing our borders.”
By building a powerful combination of the right people, the right tools, and the right strategies, defense agencies will be well equipped to combat these new threats.
About the Author
Paul Parker, who serves as the Chief Technologies of Federal and National Government, for SolarWinds, has a proven track record of success providing solutions to the Department of Defense, the Intelligence Community, Multi-National Government, Civilian Government and Commercial IT Infrastructure organizations.
Mr. Parker has been presented with numerous Military and Civilian awards for service, support, and innovation.
As a proven thought leader, innovator, and strategist, he has a passion for people and technology.
SolarWinds Competes in 2018 ‘ASTORS’ Homeland Security Awards Program
-
SolarWinds
- Platinum ‘ASTORS’ Award Winner
- SolarWinds Network Configuration Manager
- Best Network Security Solution
- *Also a 2016 ‘ASTORS’ Platinum Award Winner
AST focuses on Homeland Security and Public Safety Breaking News, the Newest Initiatives and Hottest Technologies in Physical & IT Security, essential to meeting today’s growing security challenges.
The 2018 ‘ASTORS’ Homeland Security Awards Program, is organized to recognize the most distinguished vendors of Physical, IT, Port Security, Law Enforcement, Border Security, First Responders, (Fire, EMT, Military, Support Services Vets, SBA, Medical Tech) as well as the Federal, State, County and Municipal Government Agencies – to acknowledge their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’
As an ‘ASTORS’ competitor, SolarWinds Network Configuration Manager will be competing against the industry’s leading providers of Innovative Network Security Solutions.
To Learn More about the ‘ASTORS’ Homeland Security Awards Program, see 2017 ‘ASTORS’ Homeland Security Award Winners Honored at ISC East.
Over 100 distinguished guests from National, State and Local Governments, and Industry Leading Corporate Executives from companies allied to Government, gathered from across North America and the Middle East to be honored from disciplines across the Security Industry in their respective fields which included:
- The Department of Homeland Security
- The Department of Justice
- The Security Exchange Commission
- State and Municipal Law Enforcement Agencies
- Leaders in Private Security