This interview is an excerpt from GovLoop’s recent guide, The DoD of Tomorrow, which explores how the department is transforming its operations, technology, workforce, and acquisitions process to confront 21st century challenges.
The Department of Defense’s information network spans the globe. Yet while that asset is necessary to support a distributed workforce and worldwide mission, it also widens the potential attack surface for cyberthreats. At the same time, the sophistication and rate of cyberattacks are rapidly increasing.
This heightened vulnerability cannot be ignored. To understand how DoD can reduce its risk exposure, we spoke with Ralph Kahn, Vice President Federal at Tanium, an endpoint security platform provider.
“It’s incumbent on every agency to protect the data they collect and the systems that process it, from a very large and growing array of cyberthreats,” Kahn said. He also explained how rapid, scalable endpoint monitoring will allow DoD to reap the benefits of its expansive IT network, without sacrificing the security of its data.
Accelerating Detection
Kahn said the most critical barrier to security is the inability to monitor your endpoints in real time. “The bad guys are moving really fast and DoD agencies, with their existing processes, procedures, and technologies, have a really hard time keeping up,” he said. “Most of the endpoint technologies that DoD agencies are operating with, and most of the processes and procedures that they’ve developed to operate them, are based on a cycle time that’s measured in days or weeks, not a cycle time that’s measured in seconds.”
According to Kahn, cycle times measured in days or weeks leave a large time window in which adversaries can operate. “The adversary operates in seconds,” he said. “They penetrate your system, they figure out what they can do and move around, all in a matter of seconds.”
In many cases, agencies do have the ability to spot these intrusions using existing network security technology. Yet, once an attack has been spotted, most agencies lack the ability to quickly identify how and where a threat spreads and simultaneously take action to remediate it.
Tanium’s security platform is unique in its ability to provide real time detection and remediation of threats. Tanium can query every endpoint in an unprecedented amount of time – less than 15 seconds in the majority of use cases. What’s more, Tanium’s unique architecture can provide the same response time even for organizations with hundreds of thousands or millions of endpoints.
“Tanium pairs lightning fast access to endpoint information with real time remediation capabilities,” said Kahn. For DoD, this capability is crucial to ensuring that its network and endpoints remain secure even as it faces increased frequency and sophistication of cyber attacks.
Moreover, “Tanium delivers this capability in a very lightweight and powerful architecture. It does all of this on a couple of servers,” explained Kahn. “That’s significant because it allows you to deploy the system a lot more quickly, the lifecycle cost is a lot lower, and the availability’s a lot higher.”
Ensuring Compliance
In addition to providing early detection of security risks, this rapid scanning also provides visibility and regulatory benefits for DoD.
“Command Cyber Readiness Inspection, or CCRI, is a process designed to ensure that all bases across DoD have a baseline level of cybersecurity compliance, meaning patches are applied, and firewalls and other pieces of defensive hardware are properly configured,” explained Kahn.
“But that process of checking to see whether they’re in compliance is painful, time consuming, and expensive,” he said. “The processes and technology that DoD currently use to get themselves into compliance take weeks to operate and require a large staff of people to complete them. The whole process is really disruptive to their mission.”
Again, Tanium’s ability to rapidly query all endpoints can eliminate risk. “Tanium can shorten that process from weeks to a day, and it can ensure very quickly that DoD bases pass their CCRIs,” said Kahn. “That’s a big deal because then all those people can go back to executing their missions, rather than worrying about finding vulnerabilities or keeping their computer systems up to date.”
Enhancing Response Capabilities
Agencies today are awash in threat data. With recent enhancements to information sharing, agencies receive unprecedented amounts of threat data from both internal and external sources.
“The challenge for DoD is it doesn’t have a method to take all that threat data and determine quickly which threats are impacting their endpoints right now,” said Kahn. “Tanium’s technology can take that threat data and turn it into queries which can be run across the entire department in 15 seconds. This would allow DoD to see in real time which threats were active and take immediate action to remediate them thereby reducing the threat window to minutes instead of days or weeks.”
Photo Credit: Flickr/US Air Force
Interesting article – will have to checkout the full report. In particular found this quote interesting:
“But that process of checking to see whether they’re in compliance is painful, time consuming, and expensive,” he said. “The processes and technology that DoD currently use to get themselves into compliance take weeks to operate and require a large staff of people to complete them. The whole process is really disruptive to their mission.”
It’s just scary to me how little time there is to react to a threat or an incident. Time has become the most important asset we got, so the more you’re automating and letting technology take care of compliance work, the better off you are in the long run. Thanks for sharing!
The real cause for why attacks take so long to be detected followed by the appropriate actions needs to be looked at. Monitoring is good but then what? The attack surface needs to be decreased if automated solutions can’t reduce the damage of a breach. That is probably easier said than done. The staff needs to be hired that can address vulnerabilities detected.