On March 21, the White House released a statement from President Biden regarding the nation’s cybersecurity, including recommendations for private companies. As the conflict in Ukraine continues, the president’s administration cited evolving intelligence that American organizations could face the ripple effects of cyberattacks sparked in Eastern Europe. While the statement addresses what the government will do to limit this impact, it also points out “the reality is that much of the Nation’s critical infrastructure is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely.”
What cybersecurity recommendations did the statement include for private companies?
The first set of recommendations were best practices that all organizations should already be following, including:
- Multifactor authentication
- Patching against known vulnerabilities
- Employee education to limit the effectiveness of phishing attempts
Next, the statement focused on data safety practices. This included encryption and maintaining offline backups of company data.
However, where the statement focused on proactive measures companies can take to modernize and improve their cybersecurity posture, the instructions were vague: “Deploy modern security tools on your computers and devices to continuously look for and mitigate threats.”
Although this recommendation is on the right track, the detail it lacks is typical of the cybersecurity learning curve. The distance between starting at best practices and getting to robust enterprise cybersecurity is significant. And too often, enterprise cybersecurity becomes complicated or siloed, sometimes negating or unnecessarily limiting sound investments in cybersecurity while also prolonging existing inferior practices and tooling. Simply adding the newest tools to your tool stack won’t provide the unique security posture your organization requires.
The Cybersecurity & Infrastructure Security Agency (CISA) within the Department of Homeland Security does provide some more actionable recommendations. Locking down unused ports and protocols, enabling network logging (which was covered in detail in an August 2021 executive order), and keeping your antivirus software up to date are all important. However, these cybersecurity tools and techniques are most effective when deployed against known and identified cyberthreats, such as known malware signatures, previously exploited vulnerabilities, and other identified indicators of compromise. Necessity is the mother of invention, and the extremely uncertain situation in Ukraine only amplifies a crucial necessity of securing digital infrastructure as the likelihood of innovative cybertactics making their way beyond the conflict and into networks around the world is heightened. What starts as an exploit deployed locally could quickly become ransomware-for-hire available to eager bad actors targeting victims globally.
So, what does it look like for an enterprise to “deploy modern security tools on your computers and devices to continuously look for and mitigate threats”? A combination of tools is needed to fully secure the vulnerabilities and operations of every global enterprise, but the foundation for any modern cybersecurity strategy, including a zero-trust architecture, relies on complete, incorruptible visibility into what is happening in your organization’s global network. For this reason, we believe that a comprehensive approach to network visibility coupled with a network detection and response (NDR) solution should be the keystone in any cybersecurity strategy.
What does this visibility really look like? It looks like the ability to drill into a security alert and, within a handful of clicks, identify which application on which server at which location is experiencing an issue. It looks like recognizing threats in the attack lifecycle, right when they appear as an anomaly in your network as opposed to when they exploit a known vulnerability and trigger a preprogrammed security alert. Not all NDR tools are capable of providing this comprehensive visibility, but NETSCOUT’s Omnis Cyber Intelligence is. It leverages network packet data, the incorruptible foundational layer of the network, at scale, to detect threats such as those described above.
Learn more about Omnis Cyber Intelligence, NETSCOUT'S network detection and response solution.
All organizations need perimeter security tools such as NETSCOUT Arbor Edge Defense, network firewalls, and endpoint detection and response (EDR) to have both visibility and enforcement capabilities at the edges of the network. But that visibility and enforcement is tied to the network areas and tooling around it.
With an NDR tool as the keystone of your enterprise security strategy, deep context and insight into what is happening within your network is clear and apparent. The data these tools generate can then be shared with a security information and event management (SIEM) tool for reporting; firewalls or EDR management for immediate action on specific devices; or a security orchestration, automation, and response (SOAR) platform for sophisticated orchestration of security policies across the enterprise. NETSCOUT’s Omnis Cyber Intelligence provides visibility not only at the edge, but in all areas of the network, detecting threats and anomalies everywhere—including lateral movement.
As new threats and exploits spill out from conflicts and hacker innovation around the globe, relying on a prevention strategy alone will not secure a global enterprise against cyberthreats. With networks continuing to expand in scale and complexity, even the most experienced security teams can’t identify every vulnerability before it is exploited. Having a robust system in place that can detect anomalous behavior within your network before it becomes an attack, and then respond to it, is how the American private sector needs to ready itself to ensure that the critical infrastructure it manages will continue to deliver as planned.
Learn more about our network detection and response solutions.