Automating Cybersecurity Defenses
As commercial, state, local, and federal organizations continue to increasingly rely on the Internet and the rich capabilities afforded by network-connected communications platforms to conduct business operations, Cybersecurity has emerged as a critical component of any sized organization’s Information Technology (IT) strategy. The threat, scale, and financial incentives associated with successful cyber attacks continue to increase. Consequently, organizations have no choice but to integrate Cybersecurity into all facets of business operations or risk potentially devastating exposure of mission critical information. Examples of recent high profile, damaging Cybersecurity attacks include the Office of Personnel Management (OPM) cyber attack that exposed 21.5 million records of background check personnel data, and the Experian hack that exposed an estimated 143 million people’s credit profile information.
As a proven provider of Cybersecurity and Information Assurance (IA) services, ExecuTech embraces these challenges and offers the following three suggestions to stay ahead of these damaging Cybersecurity attacks.
- Find the right tools. A key component of any modern Cybersecurity strategy requires employing tools that support both on-demand and scheduled scans for all infrastructure supporting business operations. These scans should cover all devices in the network and generate reports that cover the patch level, configuration issues, and open vulnerabilities associated with the devices in question. It is important to select tools that have the ability to generate reports in both human and machine-readable formats. Machine-readable formats like comma separated value files or similar formats allow for the use and development of automated tools that can compile metrics, establish baselines, and develop trends in order to report on anomalous behavior.
- Subscribe to automated alerts and events that are real-time. Companies need to be able to identify Cybersecurity attacks of all sizes, from large-scale Cybersecurity attacks – major threats like “Heartbleed,” “Spectre,” and “Meltdown,” that have occurred in recent years – to smaller attacks that may just attack a single organization’s internal infrastructure. Cybersecurity analysts and Chief Security Officers need to maintain the appropriate level of threat awareness across all potential attacks. Many Cybersecurity-related web sites provide the ability to subscribe to alerts and events in an automated manner, eliminating the need to manually check for announcements concerning the latest vulnerabilities. For example, the National Vulnerability Database (NVD), which is synchronized with the Common Vulnerabilities and Exposures (CVE) website, gives administrators the ability to subscribe to alerts in real-time by obtaining subscriptions in Extensible Markup Language (XML) or Rich Site Summary (RSS) feed formats.
- Use centralized patch distribution servers and open source tools. In today’s fast paced and continuously changing Cybersecurity threat landscape, manually patching systems often proves impractical due to the number of interfaces required in both small and larger server environments. Part of an overall Network Operations (NETOPS) strategy is implementing centralized patch distribution servers that can host patches and enable download and installation of patches at predetermined intervals. One example of this capability is the Microsoft Server Update Services (WSUS) server that allows for centralized distribution of patches for large numbers of Windows Server instances. In addition, using open source tools and protocols like the Security Content Automation Protocol (SCAP), Extensible Configuration Checklist Description Format (XCCDF), and Puppet can enable automated configuration changes to systems as needed in order to maintain a strong Cybersecurity posture.
In summary, it is important to maintain awareness of the latest trends impacting the Cybersecurity landscape to include closely monitoring developments related to machine learning, artificial intelligence (AI), and their potential benefits for improving Cybersecurity defenses. While this area of Cybersecurity defense continues to grow and mature, Cybersecurity experts should carefully evaluate vendor solutions in lab environments before making substantial financial investments. Often the amount of hype and claims made about machine learning or AI-based solutions may not match the solution’s real-world performance. For more information, please contact ExecuTech by phone at (571) 285-3331 or email at Info@esc-techsolutions.com.
Red Team is teaming up with Berenzweig Leonard for a monthly newsletter to provide an in-depth look on the latest trends and key issues in government contracting. This post was published in the April 2018 Words of Wisdom newsletter.
This post was written by our guest author, Samuel Edoho-Eket. Samuel is the Chief Technology Officer at ExecuTech.