Threat Detection and Response

Federal Leaders Discuss Most Urgent Issues Through Global Pandemic

Author
Tom Zinzi
Cybersecurity Manager, Federal
SHARE:

Detection & Response, Zero Trust, AI/MIL and Workforce Shortages Remain Top of Mind

Fidelis Cybersecurity was proud to support and participate in the 11th Annual Billington Cybersecurity Summit last week. As we entered 2020, some critical issues faced Federal cybersecurity stakeholders. These issues include Detection and Response, Zero Trust, Artificial Intelligence and Machine Learning (AI/ML), Emerging Threats and a skills shortage in the Federal cybersecurity workforce (to name a few). These issues were only heightened by the COVID-19 global pandemic.

A common thread throughout these topics discussed at Billington was the impact of the pandemic. But also, how Federal agencies have adjusted and continued to address these issues in “moving beyond the pandemic.”

COVID-19 Impacts Cybersecurity Transformations for Federal Agencies

  • Remote workforce created an infinite attack surface for adversaries that an understaffed federal cyber workforce cannot address.

    The obvious macro impact of COVID-19 was the immediate transformation into a near 100% remote workforce among Federal Agencies. Federal agencies were already facing the challenge of an expanded, complex landscape inclusive of network, endpoints, public/private clouds, mobile devices, IoT, Operational Technology, and legacy systems. This evolving hybrid infrastructure grew exponentially overnight. It created a seemingly infinite “attack surface” for adversaries to conduct phishing and ransomware attacks, disruption, and data exfiltration.

    Many Federal leaders spoke of the need to address cyber workforce and skillset shortages. A recent statistic showed that there are 3.5 million cyber job openings. Additionally, there’s a need for cybersecurity awareness training for the entire Federal workforce. While re-training and awareness are necessary, the don’t adequately scale to address the whole problem.

  • Automation is paramount to meeting the demands of cyber alerts.

    Automation is paramount as well in meeting this challenge. In addition, resource-constrained Federal security teams face large volumes of alerts and false positives from upwards of 75-100 different tools resulting in “alert overload”. While the trend was already moving away from a traditional perimeter, COVID-19 accelerated that progress and has ushered in the era of Zero Trust, where Automation and Data are key.

  • AI/ML capabilities continue to be enhanced in order to fully analyze your rich metadata.

    The cybersecurity industry continues to develop and enhance AI/ML capabilities. With any AI/ML objective, metadata in a contextual format becomes critical for the mission to be successful.

    Fidelis has been doing this for years. We continuously monitor all ports and protocols while enabling enterprises the ability to capture and store metadata cost-effectively. This is done with upwards of 300 attributes per session and made accessible anywhere between 30 and 365 days for retrospective and historical analysis.

    This provides a solid foundation for AI/ML and the Automation benefits to eliminate repetitive steps for security teams and free them up for more complex stages of an incident. Zero Trust and digital modernization are being driven by data. Because of that, security teams must be able to pivot to the “who” “what” “where” “when” and “how” of an event.

Adversaries are leveraging automation and the blind spots being created by evolving hybrid infrastructures and the expansive landscape. They do so to take advantage of a “brittle infrastructure” and move laterally throughout the enterprise undetected. These emerging threats increase the importance of both detection and rapid response.

How Fidelis is Positioned to Help Federal Agencies in their Cyber Transformation

Fidelis is uniquely positioned to help Federal enterprises address these challenges. We focus on detection and response in our platform that is mapped to the MITRE ATT&CK framework. We engineered this so that teams can be simultaneously proactive, protective, reactive, predictive, and retrospective.

Federal security teams must also be able to continuously map and classify assets. This includes IoT, OT, and legacy systems where a fundamental level of security can be applied while digital modernization evolves. Fidelis accomplishes all of this through integration of network detection and response (NDR), Data Loss Prevention (DLP), Deception beyond detection, TLS encryption, and Digital Forensics under a unified platform.

Federal security operations teams that have incorporated Fidelis into their security program are realizing measurable outcomes; including, 1) faster response, 2) identification and control of unknown adversaries that have bypassed all other defense systems, 3) automated threat hunting both real-time and retrospectively, and 4) closing workforce and skillset gaps by eliminating steps in incident response.

Browse our blog