EMERGING CYBERSECURIT Y

S-26 | SPONSORED CONTENT

GOVERNMENT SYSTEMS are under constant attack by adversaries who have the skills

and resources to gain access. If an agency is targeted, it’s no longer a question of whether but when a serious security incident will take place.

Not only should agencies be leveraging the latest endpoint detection and response technologies, they should also be seeking support from high-level security experts who have intimate knowledge of how attackers bypass perimeter defenses and move through networks undetected — and

how to stop them. Fortunately, threat hunting is continuing to gain momentum. A threat hunt involves leveraging behavioral analytics, threat intelligence and in-house research to proactively identify threats, isolate malicious behavior and mitigate breaches before catastrophic damage occurs.

However, agencies cannot move forward from a security maturity standpoint without the proper resources, which is where the Department of Homeland Security’s Continuous Diagnostics and Mitigation program plays a vital role. CDM gives civilian agencies the ability to look at their

budget plans in terms of cybersecurity priorities and put the right tools, people and processes in place.

Strengthening the weakest linkSuccessful security policies are custom-fit to an organization’s needs, potential risks and budget, and they address the weakest link — the end user. Trustwave’s recent Global Security Report found that social engineering is now the top method of compromise. Such tactics are relatively low-effort yet highly effective ways for attackers to gain access to a system. Agencies can quickly identify and close security gaps introduced by users, such as weak or reused passwords and the tendency to click on suspicious links, through penetration testing and red-teaming capabilities.

Agencies must also incorporate continuous security training programs and best practices for employees into their overall security and contingency plans.

In addition, agencies must have a level of control over and knowledge about where critical data exists within their networks, where it goes and who has access to it. Any data on endpoints and servers is at risk when a network is compromised, but protecting such high-value assets can be as simple and straightforward as creating watchlists or blocklists that establish rules to keep specific files from being exfiltrated, accessed, moved or downloaded to an external device.

Partnerships to drive security maturity Because the threat landscape is rapidly evolving and attacks are growing in

Bill RuckerPresident, Trustwave Government Solutions

Staying ahead ofthe cyberthreat curveOutwitting attackers hinges on pinpointing vulnerabilities and building strategic partnerships

davo

oda/

Shut

ters

tock

/GCN

Sta

ff

EMERGING CYBERSECURIT Y

SPONSORED CONTENT | S-27

sophistication, agencies are choosing managed security service providers to augment their programs with elite security talent.

Those partners can also serve as trusted advisers for capitalizing on existing technologies and investments to their maximum potential, and they can offer access to shared threat intelligence.

The best partners harvest intelligence

worldwide to provide rich context and knowledge of cyberattackers’ tactics, techniques and procedures, and they have the expertise to use that knowledge to engage adversaries in direct battle and eradicate them from clients’ networks.

Indeed, as budgets and other resources continue to tighten, agencies will find it increasingly difficult to efficiently and effectively secure complex IT ecosystems

without the help of strategic partners.Agencies have an overwhelming number

of choices for security products and services, but at the end of the day, a security partner’s in-house talent and capabilities are vital elements in the fight to protect agency networks.

Bill Rucker is president of Trustwave Government Solutions.

Successful security policies are custom-fit to an organization’s needs, potential risks and budget, and they address the weakest link — the end user.

Government’s #1 Choice for database vulnerability protection.

Learn more at carahsoft.com/IIG-Emerging-Cyber/Trustwave

davo

oda/

Shut

ters

tock

/GCN

Sta

ff