The security technology and architecture that the government chooses to invest in now must be positioned to remain at the forefront of cyberattacks today and in the years to come.
May 2021
The Executive Order on Improving the Nation’s Cybersecurity key suggestions were removing barriers to threat information sharing between government and the private sector, as well as improving investigation and remediation capabilities at a national level.
April 2022
During the Ai4 cybersecurity summit, Peter Gallinari, data privacy officer for the State of Tennessee said, “The best thing to come to the table right away is how quickly to detect [and] how quickly can we remediate an issue and see if there are any downstream concerns.”
March 2023
The U.S. government’s ambition is to develop a value-driven digital ecosystem to achieve their vision of a “prosperous, connected future depending upon the cybersecurity and resiliency of its underlying technologies and systems” (National Cybersecurity Strategy).
The ambition
The government’s forward-looking strategy is to modernize their cybersecurity standards, secure cloud services, and implement a zero-trust architecture for the federal departments, agencies, and resources shared with the private sector. Thus, by investing in security operations today, governments can build cyber resiliency for tomorrow.
The reality
The situation today is that the cybersecurity landscape is evolving rapidly. the public and private sectors are challenged with high risks associated with the accelerated growth in the attack surface, threat data inbound from disparate solutions, and decentralized security operations. Further obstructing the IT governance and processes, implementation projects move so slowly that by the time they are ready, the technology becomes outdated.
Budgets and administrations are constantly changing, limiting the government’s ability to execute their overarching strategy. For instance, at the state level, elected officials must decide where to spend their budgets. Do they fund new highways and parks or communities that citizens will enjoy to gain votes? Or do they spend money overhauling cyber/IT systems that are currently working, and no one will ever know?
Another obstacle is the selection and approval process run by procurement and vendor relations. Oftentimes, decades old contracts and relationships exist that cause agencies to continue to buy from existing contracts rather than evaluating new, qualified vendors offering the latest technologies. Agencies must run market evaluations to qualify best of breed security solutions rather than limiting themselves to baseline protection.
The gap
With the attack surface growing, cyber criminals moving at a fast pace, and cybersecurity competing to stay one step ahead, keeping pace with cyber demands can challenge government organizations.
These organizations are often disconnected with alert overload and scattered data. When applying separate security tools across multiple layers—including email, endpoint, server, cloud infrastructure, and network—this lack of visibility results in siloed threat information and uncorrelated alerts, opening the door for the makings of an attack.
To align resources, budget, and technology, the government will need to centralize security operations across infrastructure and toolsets, giving security analysts better understanding of how the information is connected. This ultimately leads to improved efficiencies in costs and threat response.
The approach
Leadership in business and technology needs to strategically invest in value-driven solutions that have proven outcomes of investigating, detecting, and responding to threats that may have otherwise seemed benign—hence reducing cyber risks. With endpoint detection and response, agencies can now correlate threat intelligence with speed and accuracy, putting the control back in the hands of the security administration. No longer do analysts need to be overwhelmed or distracted with alert and notification fatigue.
By applying analytics to the activity data collected from its solutions, endpoint detection and response (EDR) can produce correlated, actionable alerts, and comprehensive incident views. Hunting to pinpoint suspicious activity has never been so simple by allowing automated intelligence to continuously monitor and validate unknown threats. With the right technology, organizations can allow for quicker detection of complex attacks that bypass prevention.
Effectively communicating proven outcomes. By applying EDR and streamlining the investigation, detection and response process, outcomes could be presented to the board, security audits, and supporting businesses and communities to improve security operations, speed, and resiliency. Value-driven security solutions help grow awareness of cybersecurity, a top priority to constantly drive innovation, stop breaches, and stay ahead of cybercriminals.
Trend Micro is now FedRAMP Authorized. Trend has completed its FedRAMP certification with approved solutions for endpoint protection with detection and response capabilities. This will provide an unmatched understanding of the activity data in customers’ environments and a balanced approach to security, as teams can quickly see the story of an attack to respond faster and more confidently. Agencies looking for a FedRAMP security product will be able to transform their security operations and pioneer a new age in cyber defense.
Transform your security operations
Contain threats, assess the impact, and respond with Trend Vision One™ for Government. Learn more
About Author
