By Joe Kim, SolarWinds EVP, Engineering and Global CTO
Through its significant investment in networked systems and smart devices, the DOD has created an enormously effective—yet highly vulnerable—approach to national network security threats. The department has begun investing more in the Internet of Things (IoT), which has gone a long way toward making ships, planes, tanks, and other weapon systems far more lethal and effective. Unfortunately, the IoT's pervasive connectivity also has increased the vulnerability of defense networks and the potential for cyberattacks.
That attack surface only continues to grow and evolve, with new cyberthreats against the government coming in a regular cadence. DOD must adapt to this rapidly changing threat landscape by embracing a two-phase plan to make network security more agile and automated.
Phase One: Speeding Up Tech Procurement
The government first must accelerate its technology procurement process. Agencies must quickly deploy easily customizable and highly adaptable tools that effectively address changing network security threat vectors. These tools must be simple to install and maintain, with frequent updates to ensure that networks remain well fortified against the latest viruses or hacker strategies.
There is hope. In recent years, the government has made it easier for agencies to buy software through a handful of measures, such as the General Services Administration Schedule and the Department of Defense Enterprise Software Initiative. All have been carefully vetted to work within government regulations and certifications.
Phase Two: Automating Network Security
Automated network security solutions to alert agency administrators to possible threats are also important. The government should implement these types of solutions to monitor activity from the myriad devices using Defense Department networks. Administrators can be alerted to potential security breaches and software vulnerabilities to provide real-time threat response capabilities.
The SolarWinds® Log & Event Manager (LEM) lets administrators gain real-time intelligence about the activity happening on their networks, alerting them to suspicious behavior. Administrators can trace questionable activity back to its source and set up automated responses—including blocking IPs, disabling users, and more— to prevent potentially hazardous and malicious intrusions.
The number of connected devices operating on government networks makes a comprehensive User Device Tracker (UDT) a necessary counterpart to LEM. UDTs have gained a significant amount of traction over the past couple of years, particularly since the workforce began using personal mobile devices over government networks.
Today, federal administrators must deploy solutions that automatically detect who and what are using the network at all times. Solutions should easily locate the devices through various means, so administrators quickly can prevent major breaches that have become all too common.
Prevention is more about implementing network security measures quickly and automatically than it is about who has the better firewall. For the Defense Department, which has become so dependent on connected devices and the information they provide, there’s simply no time for that type of old-school thinking. Federal administrators must act now and invest in automated, agile, and efficient solutions to keep their networks safe from cyberattacks.
Find the full article on Signal.