Security incident identification and remediation are daunting challenges for security teams. Manual processes, multiple cross-team hand-offs, and the proliferation of security tools hinder a team’s ability to quickly assess and remediate vulnerabilities and attacks. A recent CSO study revealed that the average enterprise uses 75 security products. […]

In 2012, the U.S. Office of Management and Budget identified continuous monitoring of federal IT networks as one of 14 Cross-Agency Priority Goals. Subsequently, the Department of Homeland Security established the Continuous Diagnostics and Mitigation program to “support … government-wide and agency-specific efforts to provide adequate, risk-based, and cost-effective cybersecurity.”

Shared services makes more sense now than ever, as the Presidential Cyber Executive Order of May 11, 2017, makes clear: ‘Effective immediately, it is the policy of the executive branch to build and maintain a modern, secure, and more resilient executive branch IT architecture. … Agency heads shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud, and cybersecurity services.’ In today’s environment, federal leaders are looking for permanent reductions in the structural costs of mission-support and administrative functions, so more of their limited resources can be dedicated to
building new capabilities and mission delivery.

Lookout has developed the Mobile Risk Matrix to help organizations understand the components and vectors that make up the spectrum of mobile risk — and to provide data that will help enterprises gain a deeper understanding of the prevalence and impact of mobile threats and vulnerabilities.

Lengthy, manual cybersecurity compliance efforts have been expensive for US government agencies—both in budget and time. The time gap between sampling network configurations and getting audit results inevitably means that the network has changed and the results are no longer valid. Using RedSeal, compliance and audit teams are able to reduce network modeling times from weeks to less than a day, and visualize the current status of their as-built networks, reducing costs, and improving operational tempo—while enhancing the digital resilience of their networks.

During 2015, federal departments collectively reported 77,183 cybersecurity incidents, a 10 percent increase from 2014. Looking ahead, cyberrisks and attacks are rapidly increasing and evolving. In short, more clearly than ever, cybersecurity is everyone’s priority. Despite these increases, however, there does seem to be a silver lining: government is getting better and more capable at […] […]

This paper provides insight to how Tenable addresses the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (CSF), which calls for “a set of industry standards and best practices to help organizations manage cybersecurity risks.”

There are many things you could do to improve your security, but where should you invest your resources? Many organizations are turning to security frameworks for best practices and direction for improving their security program.

Agencies are transforming data management with unified systems that combine distributed storage and computation at limitless scale, for any amount of data and any type, and with powerful, flexible analytics, from batch processing to interactive SQL to full-text search. Yet to realize their full potential, these enterprise data hub architectures require authentication, authorization, audit, and data protection controls.