Threat Detection and Response

Streamline Cybersecurity Operations to Enable Decisive Action

Author
Kevin L. Harvey
Senior Principal Security Engineer and U.S. Air Force Veteran
Author
Erik Sigl
Air Force Account Manager
SHARE:

Our Takeaways from the AFCEA Alamo ACE 2020 Virtual Conference

In today’s evolving threat landscape, it is imperative to consider the art of the possible to streamline cybersecurity operations that would enable decisive action against our most advanced threats. At this year’s AFCEA Alamo ACE, the message from keynote speakers was clear: accelerate change in order to arm our nation’s warfighters to compete against our adversaries. Normally held in San Antonio or “Military City USA,” AFCEA Alamo ACE brought together military leaders, security professionals and industry supporters to address problems with current systems and discuss new and innovative ways to fight in the ever-present cyber war.

Cybersecurity Operations to Enable Decisive Action

Change is constant and change must happen in order to stay ahead of attackers. One key tenet is embedding a culture of modernization in security teams and leaders by understanding the operational environment. Repeatedly, keynote speakers mentioned that cyber warriors must be organized, trained and equipped in order to achieve cybersecurity superiority over adversaries. But there are challenges that slow down progress.

The Challenges Facing Warfighters Today

Security breach alerts pop up every single day, while threats can lurk undetected in network environments until they decide to attack. Security teams face an unprecedented number of threats, alert fatigue, and cyber skills shortages, to name a few challenges. In his talk on the Vision for the Future of Industry Support, Brigadier General Chad Raduege (Air Combat Command) mentioned a few challenges warfighters face today:

  • Readiness of cyber forces. There is a constant evolution of enemy tactics, techniques and procedures (TTPs). Thus, there is a constant challenge of trying to stay ahead of attackers.
  • A dependency on intelligence. The DoD has established infrastructures in a lot of known places and cyber spaces. Threat actors, including nation-state actors, know these places and are watching these environments.
  • Fewer resources. Agencies are often underinvested and under-resourced with people and technology. Many security teams lack people and the warfighters needed with the cyber skills required to combat advanced threats.

To add to warfighters’ challenges, many new and legacy military systems rely on cyber capabilities to execute their missions. These systems are a part of everyday operations – to communicate, to store data, to organize missions, and more. As a result, space and cyberspace are essential to all military operations now, giving way to more information and data to protect.

While we had a lot of digital transformations in 2020, the challenges facing our nation’s warfighters have become more pervasive. In the intelligence updated conducted by Brigadier General Gregory Gagnon, he mentioned the Joint Vision of 2020 and one of the key operational concepts being to attain information superiority [by using cyberspace]. We must enable our teams and leaders to perform decisive actions to achieve information superiority. So, how can we help you do that?

Consolidate Security Stacks

Many organizations, including the DoD, have a cybersecurity stack of around 40+ products from different vendors. Often, these products are not integrated and automated and the data collected from these products is not actionable. Because of all these products, security teams receive an overwhelming volume of alerts to triage and investigations to conduct, often with no resources or people to sort through these reports and get a proper picture of what is happening. Due to this complication, sophisticated actors can remain on the network without detection.

Our CCSO, Craig Harber, presented during AFCEA Alamo ACE’s Technology Spotlight session. There, he talked about rationalizing the cybersecurity stack. He identified several ways of doing that:

  • Determine existing vendor product utilization. Are you using all the capabilities offered in these products? Which have overlapping features? Are these products fully integrated and automated to detect and respond to threats?
  • Map existing capabilities against the MITRE ATT&CK Framework. Doing so can help determine where there is coverage and where there are gaps in security.
  • While many solutions are reactive in nature, fortify this defense with predictive, proactive and retrospective capabilities. Craig and our Data Science Manager, Abhishek Sharma, outline these capabilities in a podcast on The Role of Machine Learning in Network Detection and Response.
  • Build a Threat Heat Map to help provide insight of where to prioritize your resource investment.
  • Next-Gen Assessment methodology that enables network engineers to perform network architecture analysis, identify threat coverage gaps and highlight redundancies.

Gain Unmatched Visibility to Detect Threats and Prevent Data Loss

By consolidating security stacks, return on investment is greater, redundancies in capabilities of multiple solutions are reduced, and security teams have a more proactive strategy for defense. Furthermore, there is greater visibility into the environment to detect threats and prevent data loss, especially with Extended Detection and Response (XDR).

Extended Detection and Response (XDR) is a security incident detection and response platform that collects and correlates data from multiple security products. Security teams can rapidly engage adversaries prior to impact, understand terrain for faster incidence response, leverage threat hunting capabilities, and extend cost-savings through this stack consolidation tool. Our solution, Fidelis Elevate XDR, integrates network, endpoint and deception defenses to give holistic visibility of the network environment.

Gain the Decisive Advantage

To gain the decisive advantage, cyber warriors must think like an attacker and utilize their arsenal of tools and skills to detect and respond to advanced threats at line speed. In his Vision for the Future, Brigadier General Chad Raduege proclaimed that collaboration and partnerships with “as-a-service” industries is a must. Security teams (and vendors) have recognized that we can’t protect everything, but must move forward in security best practices and strategies to stay ahead of the attacker. He also mentioned Zero Trust Architecture as a key component of protecting the Air Force’s data and securing our future. A zero-trust approach protects the whole environment, not just the perimeter. To learn more about zero trust architecture, read this blog from our CISO, Chris Kubic, on the subject.

Ultimately, the focus of this year’s virtual conference was on the future and how to best tool our nation’s warfighters for the future battlefield. To know more about how Fidelis has enabled over 40 DoD, civilian and intelligence agencies streamline their cybersecurity operations, contact us.

Browse our blog