By Paul Parker, SolarWinds Federal & National Government Chief Technologist
Agencies are becoming far more proactive in their efforts to combat threats, as evidenced by the Department of Defense’s Comply-to-Connect and the Department of Homeland Security’s Continuous Diagnostics and Mitigation programs. To develop and maintain strong security hygiene that supports these and other efforts, agencies should consider implementing five actions that can help strengthen networks before the next attack.
Identify and dispel vulnerabilities
Better visibility and understanding of network devices are key to optimal cybersecurity. Agencies should maintain device whitelists or known asset inventories and compare the devices that are detected to those databases. Then, they can make decisions based on their whitelist.
Identifying vulnerable assets and updating them will likely be more cost effective—and safer—than trying to maintain older systems.
Update and test security procedures
Many agencies engage in large-scale drills, but it’s equally important to test capabilities on a smaller scale and monitor performance under simulated attacks. Agencies must get into the habit of testing every time a new technology is added to the network, or each time a new patch is implemented. Likewise, teams should update and test their security plans and strategies frequently. In short: verify, then trust. An untested disaster recovery plan is a disaster waiting to happen.
Make education a priority
A significant number of IT professionals feel that agencies are not investing enough in employee training. Lack of training could pose risks if IT professionals are not appropriately knowledgeable on technologies and mitigation strategies that can help protect their organizations.
Agencies must also invest in ongoing user training, so their teams can be more effective. This includes solution training, but it may also encompass sessions that focus on the latest malware threats, hacker tactics, or the potential dangers posed by insiders.
Take a holistic view of everyone’s roles
It’s good that the government is focused on hiring highly-skilled cybersecurity professionals. Last year the General Services Administration held a first-ever event to recruit new cybersecurity talent, and we will likely see similar job fairs in the future.
However, security is everyone’s job. Managers must institute a culture of information sharing amongst team members; there’s no room for silos in cybersecurity. Everyone must be vigilant and on the lookout for potential warning signs, regardless of their job descriptions.
Implement the proper procedures for a cyber assault
Still, threats will inevitably occur, and while there are a variety of mechanisms and techniques that can be used in response, all involve having the correct tools working in concert. For instance, a single next-generation firewall is great, but ineffective in the event of data exfiltration over domain name server traffic.
To help protect critical services, agencies must employ a suite of solutions that can accurately detect anomalies that originate both inside and outside the network. These should include standard network monitoring and firewall solutions. Agencies may also want to consider implementing automated patch management, user device tracking, and other strategies that can provide true defense-in-depth capabilities.
Find the full article on SIGNAL.
The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.