Historically, cyber security methods closely mirrored physical security – focused primarily on the perimeter and preventing access from the outside. As threats advanced, both have added layers, requiring access credentials or permission to access rooms and systems, and additional defensive layers continued to be added for further protection.
However, the assumption is that everything is accessible; it’s assumed that no layer is secure and that, at some point, an intruder will get in—or is already in. What does this mean for the federal IT pro? Does it mean traditional security models are insufficient?
On the contrary; it means that as attacks – and attackers – get more sophisticated, traditional security models become one piece of a far greater security strategy made-up of processes and tools that provide layers to enhance their agency’s security posture.
A layered approach
Agencies must satisfy federal compliance requirements, and the Risk Management Framework (RMF) was created to help. That said, meeting federal compliance does not mean you’re 100 percent secure; it’s simply one—critical—layer.
The next series of layers that federal IT pros should consider are those involved in network operations. Change monitoring, alerting, backups and rollbacks are useful, as are configuration management tools.
A network configuration management tool will help you create a standard, compliant configuration and deploy then across your agency. In fact, a good tool will let you create templates.
Automation is key and a configuration management tool will help you keep up with changes automatically; it will let you change your configuration template based on new NIST NVD recommendations and get those changes out quickly to ensure all devices maintain compliance.
In addition to a network configuration tool, federal IT pros should consider layering in the following tools to enhance security:
Patch management. Patch management is critical to ensuring all software is up to date, and all vulnerabilities covered. Look for a patch management tool that is automated and supports custom applications, as many agencies have unique needs and unique applications.
Traffic analysis. A traffic analyzer will tell you, at any given time, who is talking to whom, who is using which IP address, and who is sending what to whom. This is vital information. Particularly in the case of a threat, where you need to conduct forensics, a traffic analysis tool is your best weapon.
Security information and event management. Log and event management tools brings all the other pieces together to allow federal IT pros to see the entire environment—the bigger picture—to correlate information and make connections to see threats that may not have been visible before.
The ideal solution is to build on what you already have; use what works and keep adding. Create layers of security within every crevice of your environment. The more you can enhance your visibility, the more you know, the harder it will be for attackers to get through and the greater your chances of dramatically reducing risk will be.
Find the full article on Defense Systems.