There’s no such thing as a foolproof cybersecurity strategy. That’s why network visibility is so important.
“You can’t block all threats,” says Chris Butera, senior technical director for cybersecurity at the Cybersecurity and Infrastructure Security Agency. “Well-resourced adversaries are going to find a way to get an initial foothold.
“Network visibility is necessary for stakeholders to understand what’s happened on the network, as well as to support the successful eviction of a malicious actor.”
Cybersecurity, for obvious reasons, has always been a top-of-mind priority for federal agencies. But since the discovery of the SolarWinds attack late last year, the emphasis on security in federal IT environments has been perhaps even greater.
The attack compromised at least nine federal agencies, along with a 100 private enterprises, and underscored the need for constant vigilance.
At a press conference in February, federal officials cited the role of limited network visibility in agencies’ difficulties spotting and responding to the SolarWinds attack.
“Even within federal networks, culture and authorities inhibit visibility, which is something we need to address,” says Anne Neuberger, deputy national security adviser for cyber and emerging technology. “If you can’t see a network, you can’t defend a network. Federal networks’ cybersecurity environments need investment and more of an integrated approach to detect and block such threats.”
In May, the White House issued an executive order on improving the nation’s cybersecurity, outlining CISA’s role working with other agencies to protect them against cyberthreats.
Both CISA and agencies across government are implementing tools and best practices designed to bring additional visibility to federal IT networks.
“At CISA, we’re investing in and growing our capabilities to assess risk,” says Butera. “A lot of this work necessitates a fundamental change, where CISA can hunt for threats and conduct rapid analysis for both federal agencies and nonfederal organizations.
“With this increased visibility, we’re better able to identify adversarial activity across multiple agencies, and potentially critical infrastructure sectors as well.”
COMPLIMENTARY RESOURCES FROM CDW: Find out how to craft an effective cybersecurity incident response.
Network Visibility Tools and Best Practices Agencies Should Use
Network visibility requires a mix of tools and best practices designed to establish baselines for network traffic and spot anomalies. “Getting a holistic picture of activity on the wire and at the endpoint is needed to paint that realistic picture of what is happening across your network,” Butera says.
He highlights tools such as intrusion detection system, endpoint detection and response, security information and event management (SIEM) and vulnerability scanning tools.
These solutions, he adds, must be combined with best practices such as timely patching, comprehensive logging and building an asset inventory of what is present on a given network.