We sat down with Justin Robinson, Cyber Team Lead, Thundercat, to get his thoughts on today’s risk management challenges. Make sure to visit Thundercat at the Government Symposium on Oct. 30.
1. With today’s complex IT environments, agencies must assess and mitigate risk across several different networks and platforms. How can they best address this challenge?
Agencies are best served by using a consolidated, federated, and integrated approach to cyber defensive operations. Driven by the current shortage of skilled cyber labor, and coupled with the expanding area of exposure due to cloud and mobile, this approach allows agencies to accurately handle the tremendous amount of data they need to protect.
2. Risk management assessments can help agencies get buy-in from their leadership for cyber investments. But if they’ve never suffered a cyber-attack, how can they prove the value when it’s still a hypothetical situation?
The value in risk management assessments does not solely lie in getting buy-in from leadership. The process helps agencies evaluate existing budget and toolsets to reprioritize their efforts based on their current cyber risk and exposure. Agencies are aware of the cyber threat; getting leadership buy-in is less an issue of risk assessment, and more an issue of budgetary or political climate within the agency.
3. Insight into employee behavior on the network can be the missing piece of the puzzle when detecting insider threats. How do behavioral analytics solutions help improve security, and how are organizations using the data to help drive employee security awareness and training efforts?
Behavioral, Machine Learning, and AI analytics can be extremely helpful to organizations when used as tipping and queuing platforms. When automating processes, the technology helps focus cyber operations on the most relevant data set more quickly, allowing agencies to identify cybersecurity risks more quickly. However, these solutions do not replace foundational security policies and controls. User behavioral analytics and other analytics tools help agencies identify employees that exhibit poor cyber hygiene, creating an impetus to increase awareness and implement corrective training to those displaying dangerous behaviors.
4. We all know that compliance does not equal security. How can agencies balance stringent compliance requirements with implementing holistic security solutions that truly improve security?
As a general rule of thumb, we walk our customers through a cyber assessment to pinpoint where they are in terms of both compliance and security. After a baseline assessment of their current security posture, we can then help them understand which tools, policies, or resource changes they need to make, and assign timeframes to those changes based on priority (0-6mo, 6-12mo, 12-18mo). By tying this approach to the NIST Cybersecurity Framework we can deliver a baseline with incremental advancement toward compliance and security goals.
5. With all the overlap in policy requirements, what benefits can agencies of all sizes achieve by automating the lifecycle of security policies, standards, and controls?
Security Orchestration and Automation (SOAR) is now a hot industry topic. However, it’s really part of the overall automation and orchestration shift happening throughout IT. Whether it’s configuring a Windows boot image on a server, delivering a network access control policy to a switch, or reacting to a security information and event management event. Orchestration and automation are the new norm. Symantec’s Integrated Cyber Defense Exchange (ICDx) delivers an integrated approach to leveraging your current security tools in an integrated way. Symantec’s ICDx, coupled with SOAR, changes the paradigm from detect and respond to next-generation defensive cyber operations.