This interview is an excerpt from our recent guide, The Future of Cybersecurity, which examines 15 trends transforming the way government safeguards information and technology.
Most data breaches are caused by highly sophisticated malware, which can evade point-in-time detection technologies. Today, more than ever, it is essential for the government to protect its networks with advanced malware protection that augments point-in-time technology with continuous analysis so that any outbreak can be quickly scoped, contained, and remediated.
To learn more about the advanced malware threat and what government can do, as well as other cybersecurity approaches and solutions, GovLoop spoke with Steve Caimi, Senior Product Marketing Manager of Cisco.
“Whenever you read about breaches these days, whether it’s in the government or outside, typically you’ll see the word malware in that write up,” Caimi pointed out. “Malware comes in multiple different pieces, they reassemble themselves, they’re designed to evade technology that focus on point-in-time type of analysis.”
Caimi went on to explain that malware today is designed to exploit all kinds of vulnerabilities that are out there, especially zero day ones that the public sector might not even know about. This malware is designed to understand whether they’re being analyzed within a sandbox environment, in which case they could sit there and lie dormant.
Though difficult to deal with, Caimi said there are a number of different types of approaches that the government can take to combat this threat.
“Advanced malware protection must be used,” stressed Caimi, “especially those that just don’t rely on a given point in time type of a detection. Secondly, you want to be able to contain the malware. If you can see how far that it went, then you certainly don’t want it to go any further. And then finally you need to have those capabilities to remediate. A lot of times that remediation has to do with integrating with other types of solutions, so you need to look at that.”
Additionally, while advanced malware is a root cause for many data breaches, several (if not most) of the recent government breaches could have been contained or prevented with proper network segmentation security controls, said Caimi. Implementation complexity has been a long-standing issue; properly setting and maintain border firewalls, access control lists, and virtual LAN configurations is a daunting task. But there’s no excuse anymore. The network itself – if solutions are chosen wisely – can act as a network segmentation enforcer. And policies can be managed far easier that in the days of old.
“One of the things that we’re putting out there is this idea of using the network itself,” Caimi said. “So the network itself could be a policy enforcer. And one of the ways that that’s done is through technology where you can actually write information about where that network packet can go directly into the packet itself, and then the router and switch, and component technology can enforce that type of policy and do it on a scalable way. So it’s another tool in the arsenal and it’s a unique Cisco position to do network segmentation, using the network itself as an enforcer.”
But no matter how unique or effective your cybersecurity approaches, if they exist in a silo they will not stand the test of time. Cybersecurity solutions that act as information silos simply add complexity and impose higher workloads on already overburdened cybersecurity staff, Caimi said. It’s essential to select security solutions that share knowledge and context with other solutions using a platform-based architecture for try knowledge sharing across discrete technologies. This helps the government leverage its existing investments while improving cybersecurity and reducing incident response times.
“I can’t stress how important it is to make sure that security information isn’t locked in a bunch of silos,” Caimi added. “The platform-based type of approaches layer on things like application programming interfaces, using industry standards and so forth in order to make sure that that threat information is shared among different types of technologies.”
Caimi said one of the primary reasons it’s so important for systems to share knowledge across the board is due to a cybersecurity workforce shortage.
“We can’t just throw people at this problem and say, hey, this person is responsible for looking at all the event logs,” he continued. “You just can’t do that today. There aren’t enough people with any kind of cybersecurity experience, especially in public sector, to make that happen. So what is important is making sure that that information is shared across multiple types of technologies and solutions, so you can reduce that complexity.”
These actions, concluded Caimi, will reduce the time to detection in order to make sure that the public sector can truly stay ahead of all of the threats that are out there today.