Security incident identification and remediation are daunting challenges for security teams. Manual processes, multiple cross-team hand-offs, and the proliferation of security tools hinder a team’s ability to quickly assess and remediate vulnerabilities and attacks. A recent CSO study revealed that the average enterprise uses 75 security products.
In 2012, the U.S. Office of Management and Budget identified continuous monitoring of federal IT networks as one of 14 Cross-Agency Priority Goals. Subsequently, the Department of Homeland Security established the Continuous Diagnostics and Mitigation program to “support … government-wide and agency-specific efforts to provide adequate, risk-based, and cost-effective cybersecurity.”
Shared services makes more sense now than ever, as the Presidential Cyber Executive Order of May 11, 2017, makes clear: ‘Effective immediately, it is the policy of the executive branch to build and maintain a modern, secure, and more resilient executive branch IT architecture. … Agency heads shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud, and cybersecurity services.’ In today’s environment, federal leaders are looking for permanent reductions in the structural costs of mission-support and administrative functions, so more of their limited resources can be dedicated to
building new capabilities and mission delivery.
Lookout has developed the Mobile Risk Matrix to help organizations understand the components and vectors that make up the spectrum of mobile risk — and to provide data that will help enterprises gain a deeper understanding of the prevalence and impact of mobile threats and vulnerabilities.
Lengthy, manual cybersecurity compliance efforts have been expensive for US government agencies—both in budget and time. The time gap between sampling network configurations and getting audit results inevitably means that the network has changed and the results are no longer valid. Using RedSeal, compliance and audit teams are able to reduce network modeling times from weeks to less than a day, and visualize the current status of their as-built networks, reducing costs, and improving operational tempo—while enhancing the digital resilience of their networks.
During 2015, federal departments collectively reported 77,183 cybersecurity incidents, a 10 percent increase from 2014. Looking ahead, cyberrisks and attacks are rapidly increasing and evolving. In short, more clearly than ever, cybersecurity is everyone’s priority. Despite these increases, however, there does seem to be a silver lining: government is getting better and more capable at […]
This paper provides insight to how Tenable addresses the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (CSF), which calls for “a set of industry standards and best practices to help organizations manage cybersecurity risks.”
In July 2011, the Pentagon released an unprecedented cybersecurity strategy that formally branded cyberspace as a domain of warfare, akin to land, sea, air and space. But, instead of outlining offensive measures, the framework focuses on how to deter the enemy from ever attempting an attack. As part of this plan, the military is employing “active cyber defense” – an amalgamation of sensors, software and intelligence reports aimed at instantly blocking malicious activity.
Cyber security is one of the most serious national security, public safety, and economic challenges organizations face today. As a result, the need to safeguard government and private organizations’ information systems has never been greater. But how do you do more with less? In this SANS case study and webinar, learn how a large research organization ensures effective operations and protection against cyber threats—and how FireEye helps get the job done