Government often plays catchup to threat actors rather than tracking their activity early in the attack life cycle. But according to Kevin E. Greene, Public Sector Chief Technology Officer with OpenText Cybersecurity, it is time for government agencies to become more forward-leaning, especially considering the new National Cybersecurity Strategy (NCS), which underscores the need to disrupt threat actors.
“Part of what the NCS emphasizes is taking a more proactive approach with cyber defense, actively hunting for early warning signals associated with threat actor behaviors to adapt and evolve cyber defenses to disrupt their campaigns,” he said.
Early Warning Signals
Unlike indicators of compromise, which are forensic clues discovered after a cyberattack happens, early warning signals detect an adversary’s preparations before the initial access phase of the attack life cycle.
For instance, an agency could use what we call global adversary signals and analytics to detect reconnaissance activities to gather information threat actors use to plan and execute their initial access for a cyberattack, Greene said.
Early warning is “basically creating an inspection shield looking for signals coming in and out of what we call a covered space [routable IP addresses] to detect compromised behaviors and suspicious communications to known infrastructure controlled by threat actors or infrastructure supporting compromised assets and resources, and using that … to hunt for these signals in [security information and event management], XDR/EDR telemetry and drive better planning [and] repurposing of cyber defenses to be more resilient against cyberattacks,” he said.
Zero Trust
If you work from the zero-trust premises of “never trust, always verify and assume compromise,” it is essential to incorporate good identity management hygiene and visibility into daily operations, Greene said. It forces users to pay greater attention to little things because “you can never take subtle notification alerts for granted,” he explained. By leveraging mission-specific threat intelligence, government agencies can take what is considered a threat-informed defense approach to formalize their zero-trust strategies and make the right investments to mature their zero-trust architecture. But “at the center of everything is protecting the sensitive data, whether it’s in use, in motion or at rest,” he said.
For organizations that must do a lot, but with limited resources, adopting a proactive cyber stance can be difficult.
“Government is a little risk-averse, but I think we have to try new things, because some of the things we’re so used to are just not keeping pace with threat actors,” Greene said.
This article appeared in our guide, “A New Cyber Game Plan Takes Shape.” To learn more about how respond to — and head off — the latest threats, download the guide:
Leave a Reply
You must be logged in to post a comment.