Author Archives: CyberScoop Staff

Podcast: The case for zero-trust networks

Posted on by

In the aftermath of the massive U.S. Office of Personnel Management data breach in 2015, then-Rep. Jason Chaffetz came out with recommendations that all government agencies adopt a “zero-trust” approach to cybersecurity. That concept was based on a model created by John Kindervag, a vice president and principal analyst at the time with Forrester Research, and now field chief technology officer at Palo Alto Networks. In a new CyberScoop podcast on next-generation security platforms, Kindervag explains what distinguishes zero-trust network security from other holistic security models and what enterprises and agencies can do to embrace it more fully to their networks. “The thing that distinguishes zero trust is we focus on the fundamental problem we have in cybersecurity today,” says Kindervag. The problem? The traditional trust model networks have relied upon is broken. “The trust model we have – that all users external to the network are untrusted and bad, […]

The post Podcast: The case for zero-trust networks appeared first on Cyberscoop.

Continue reading Podcast: The case for zero-trust networks

Open source’s scalability and flexibility

Posted on by

In order to stop sophisticated modern threats, organizations need to be flexible and scalable with the way they handle their data.  Network flows and data need to be collected and examined at cloud scale in order to let defenders identify anomalous behavior, but getting to that stage is a heavy lift. Henry Sowell, Technical Director for Hortonworks spoke with CyberScoop on how open source systems allow for that flexibility and scalability, especially at a time where the onslaught of threats has never been greater. “This is one of the major benefits of the open source – collaboration,” Sowell said. “If we don’t have the answer, we have the partners that do. This results in solutions that are more effective, more secure and are of a higher quality.” Sowell says on top of keeping up with threats, open source systems also allow agencies to craft a first-rate way to share intelligence. “You […]

The post Open source’s scalability and flexibility appeared first on Cyberscoop.

Continue reading Open source’s scalability and flexibility

Position paper: Taking a holistic approach to endpoint security

Posted on by

Legacy systems, fragmented security solutions and a shortage of skilled cybersecurity specialists have left government agencies particularly vulnerable to attacks from cyberthreat actors. At a time when agencies are retaining more critical and sensitive information than ever before, resourceful adversaries are using new methods to slip through security cracks, often dwelling inside federal IT networks for a year or more before being discovered. The Verizon Data Breach Investigations Report (DBIR) lists the public sector as the third-highest breach victim in the U.S., after financial and health care organizations. A new position paper from CrowdStrike, provider of cloud-delivered endpoint security, argues that agencies need to take a more holistic approach to security and outlines a unified five-point security approach that goes beyond malware remediation. Malware is responsible for only about half of cybersecurity attacks, the paper says. The other half of attacks leverage tactics, techniques and procedures (TTPs) to outsmart and […]

The post Position paper: Taking a holistic approach to endpoint security appeared first on Cyberscoop.

Continue reading Position paper: Taking a holistic approach to endpoint security

Tech Brief: Immersive technologies 
give military new tools for training

Posted on by

The U.S. Department of Defense spends an estimated $14 billion or more per year on “synthetic” digital training  —  training that uses digital environments to teach and prepare personnel for real-life jobs and experiences. Continual advances in U.S. military systems make it imperative for military personnel to stay up to date with the latest changes in hardware, software and related systems. Yet pulling personnel out of the field for training is costly, time-consuming and often not possible during prolonged engagements. And it’s nearly impossible to keep up with changes for so many systems and procedures. A new CyberScoop Tech Brief, sponsored by Samsung, outlines the benefits of virtual and augmented reality training, which make it possible to deliver training to troops anywhere, anytime, rather than requiring personnel to travel to training centers. With the Pentagon reportedly looking to budget as much as $11 billion for virtual-, augmented- and mixed-reality training […]

The post Tech Brief: Immersive technologies 
give military new tools for training appeared first on Cyberscoop.

Continue reading Tech Brief: Immersive technologies 
give military new tools for training

Why automotive cybersecurity needs to go beyond IT-based security

Posted on by

The automotive industry is certain that it can produce IT-enabled, self-driving cars that will all but eliminate the tens of thousands of accidental deaths that happen every year. But the majority of Americans are in no rush to trust their family’s safety to automobiles that can be hacked. “We know and the public knows that we can design systems that function far better than human drivers,” said Harry Lightsey, executive director of emerging technologies policy at General Motors. “But we face a very apprehensive public.” Lightsey, who spoke during a DC CyberWeek panel session Oct. 18 on the future of automotive cybersecurity, acknowledged that part of the challenge facing the industry is the lack of a standard baseline for assessing automotive cybersecurity as it applies to vehicle safety. “There is no baseline…in cyber security [testing for autonomous vehicles]. And there’s no point in trying to pursue that” when the pace […]

The post Why automotive cybersecurity needs to go beyond IT-based security appeared first on Cyberscoop.

Continue reading Why automotive cybersecurity needs to go beyond IT-based security

Ebook: Defending critical infrastructure

Posted on by

The Internet of Things (IoT) has opened new pathways for security attacks. Sensor-controlled thermostats, lighting, doors and physical security systems are joining mobile devices, printers and scanners on the office network. New machinery and components are born “smart,” while older portions of the operational technology (OT) infrastructure may have been modified or augmented to speak to the industrial control systems (ICS) that monitor their performance, relay their data and control their processes. The resulting mix creates vast opportunities for network exploitation. A new ebook from Belcan, which secures critical aerospace, defense, industrial and government OT infrastructure, outlines the types of threats organizations need to look for, and a three-step approach to ensuring OT security. The biggest risks threatening modern OT infrastructure could come simply from the large number of aging, infrequently maintained components that aren’t visible to your organization’s traditional IT security systems, but which are vital to your organization’s […]

The post Ebook: Defending critical infrastructure appeared first on Cyberscoop.

Continue reading Ebook: Defending critical infrastructure

Tech Brief: Advancing mobile technologies without sacrificing security

Posted on by

The intensely personal relationship users have with smart mobile devices —essentially handheld supercomputers —presents a new combination of challenges for government and enterprise CIOs and IT security managers. The more data these devices collect or share, and the more they serve as conduits to enterprise systems, the more attractive they become to cyber criminals. A new CyberScoop tech brief describes how mobile devices can actually be more made secure than on-premises devices. Innovative technologies including derived credentials, behavioral analytics and containerization offer superior user authentication and multi-layer data and network protection at the transactional level. Guarding the gate The first challenge for mobile security is ensuring that only the authorized individual is using the device. Phones and tablets are too often lost or stolen, and laptops left unattended can be easily be viewed by unauthorized eyes. To address these risks, federal agencies including the Department of Defense have relied on […]

The post Tech Brief: Advancing mobile technologies without sacrificing security appeared first on Cyberscoop.

Continue reading Tech Brief: Advancing mobile technologies without sacrificing security

How state, local government need to build a cyber resilience strategy for email

Posted on by

As state and local government agencies fight against an onslaught of threats like ransomware and phishing, a standard cybersecurity strategic plan isn’t enough. Those threats are bombarding agencies at an unprecedented rate — and a good chunk of them are coming at what one county chief information security officer calls “the Achilles’ heel” of any system: email. “It’s users clicking on links, it’s the fact that those bad emails get to us,” said Michael Dent, the CISO for Fairfax County, Virginia. “We’ve got to be able to stop that.” In South Dakota, it’s a similar fight. Jim Edman, the state’s chief security officer, said that with almost 90 percent of incoming email to state employees being categorized and flagged as spam, it makes protecting against threats difficult — especially if something slips through the cracks. “The employees, boy, those people are sitting in front of that computer reading that message […]

The post How state, local government need to build a cyber resilience strategy for email appeared first on Cyberscoop.

Continue reading How state, local government need to build a cyber resilience strategy for email