Apr 01 2022

Q&A: As Agencies Seek Resilience After Cyberattacks, Tools Adapt to Meet New Needs

New IT solutions focus on zero-trust environments and securing data.

The federal government is moving quickly to build a cybersecurity environment based on the principles of zero trust, a concept that can be described as “never trust, always verify.” Cyberattacks are getting bolder and harder to detect, and they don’t always come from the outside. Insider threats create a different challenge, and it’s no less daunting. Protecting data in a secure location has never been more critical. After all, an agency can’t recover from an attack if it can’t access its data. Kevin McDonough, advisory systems engineer, CISSP, for Dell Technologies, talked to FedTech about a tool his company calls “the vault,” which provides the resilience an agency needs to bounce back after an attack.

FEDTECH: Tell me what PowerProtect Cyber Recovery does.

McDonough: PowerProtect Cyber Recovery is a last line of defense. It protects and isolates all your critical data from a ransomware attack or any other kind of sophisticated threat. It provides that isolation along with true advanced immutability. And it uses adaptive analytics, machine learning and forensic tools to help an organization identify what it’s been hit with and be proactive in terms of, “Where’s my last good copy?” Basically, it answers all the questions that the security operations team is going to have as they’re running around with their hair on fire.

FEDTECH: How does this tool fit into the current cyber environment? What is it about the current cyber environment that would make this a good fit for an agency?

McDonough: If we use the NIST Cybersecurity Framework as a way to go — identify, protect and detect, respond, and recover — PowerProtect Cyber Recovery is positioned in the “recovery” aspect, and it does loop around a little bit into “identify.” So, from a resilience standpoint, it’s going to augment what agencies are already doing and take a look at the data in a different manner.

DISCOVER: Find out how to design the technology that keeps your agency secure.

FEDTECH: How does the tool isolate and protect the data? What’s the mechanism by which it works to do its job?

McDonough: At a high level, it’s zero-trust architecture. We talk about the four I’s: isolation, immutability, intelligence and invisibility. The way we transfer data from the production environment into the vault itself, it’s completely invisible to anybody on the production side. This eliminates the insider threat or compromised credentials, those sorts of things. That’s how we get true isolation from a zero-trust architecture standpoint — everything that controls that replication link is controlled from inside the vault. Putting it into the vault provides invulnerability.

FEDTECH: What makes this tool particularly appealing to a federal customer?

McDonough: The provision of the last line of defense. If you’re hit with a very targeted, sophisticated threat or attack, the goal of the adversaries is to ultimately get to command and control. So, you have all of these steps that the adversary has to go through in order to take action on their objectives. The vault stops every single attack prior to command and control.

The adversary can’t take action on their objectives if the data is sitting in the vault. Can they destroy your production data? Can they encrypt it? Can they wreak havoc? Yes. But they can’t ever get to that data in the vault. And the big thing about recovery is that you have to have data to recover with.

Everybody has the expectation that attacks are going to happen. They’re now starting to actually work on their strategies from the standpoint of, “This is definitely going to happen, how are we going to respond?”

MORE FROM FEDTECH: Learn how to get your agency started on the road to zero trust.

FEDTECH: It seems as if there’s more talk about cyber resilience versus cybersecurity. What’s the difference between the two, and how does this tool fit in?

McDonough: Resilience is, in my mind, everything together — all of your identify/protect/detect tools, your respond-and-recover tools, everything working in tandem with your people, process and technology.

Resilience is, “Let’s plug the holes that we know about; what tools can we use? What’s the security hygiene? Do we have email hygiene that can go out to our end users?” And then we start building resilience. The way we position the vault is that even if you don’t know what to put in the vault initially, we have a list of things based on empirical data or historical events that are the items you need to have in the vault. Active Directory, DNS, intellectual property, networking diagrams — all of those are things you are going to need to put in there, because that’s what the adversary is going to go after.

READ MORE: Get tips on protecting your agency against cyberattacks.

FEDTECH: Is ransomware the biggest threat right now?

McDonough: Yes. It’s happening more and more. About three years ago, an attack happened every 46 seconds or so; now an attack happens every 11 seconds. The problem is that now adversaries are starting to work together as an enterprise, going to their core strengths. One group might be really good at reconnaissance, one might be good at delivery. There’s enough money out there that they say, “Hey, let’s just split the kitty.”

With nation-states involved, it raises the specter of a brute-force attack, which by definition is going to be 100 percent successful given enough time and given enough resources. If bad guys have the backing of Russia, China, Iran or North Korea, they have the resources. If you’re more resilient, it’s going to take them longer to break in, but eventually they’re going to break in if they want to.

I used to talk about the difference between a bunker and a vault. A bunker gives you protection, but if there’s a direct hit, good luck. The vault’s made for that direct hit.

Brought to you by:

metamorworks/Getty Images

aaa 1

Register