Cyber attacks are affecting more and more government agencies; we read new headlines almost daily about the latest breach and its impact. More often than not, the attacks originate from people with inside access, giving attackers plenty of time to do serious damage.
In the past, cyber-security methods closely mirrored physical security, focused primarily on the perimeter and preventing access from the outside. As threats advanced, both have added layers, requiring access credentials or permission to access rooms and systems, and additional defensive layers continued to be added for further protection.
Today, however, the assumption is that everything is accessible; it’s assumed that no layer is secure and that, at some point, an intruder will get in – or is already in.
As attacks get more sophisticated, traditional security models become one piece of a far greater security strategy made up of processes and tools that IT professionals must implement to enhance their agency’s security posture.
LAYERED APPROACH
Currently, agencies must satisfy government compliance requirements. That said, meeting compliance does not mean you’re 100 per cent secure; it’s simply one – critical – layer.
The next series of layers that government IT pros should consider are those involved in network operations; implementing tools at each layer within network operations can dramatically enhance security across the enterprise.
A key component of every security plan should be change management. Network reliability is greatly improved through change monitoring, alerting, backups and rollbacks. To complement change management, consider adding configuration management tools, which can play several critical security roles.
Create layers of security within every crevice of your environment
A good tool will actively maintain your network configurations in compliance with internal security policies and external regulatory standards; proactively perform device vulnerability scanning; leverage sources such as the National Vulnerability Database; provide automated compliance assessments and reports; and even automatically correct out-of-compliance issues.
A network configuration management tool will help you create a standard, compliant configuration and deploy that across the organisation. The key here is automation and the time-saving automation allows.
In addition to a network configuration tool, government IT pros should consider layering in the following tools to enhance security:
Firewall management: Do you know how the different firewall rules within your environment affect one another? Is it possible that you have a higher-level rule negating a lower-level rule? A good firewall management tool will offer ongoing rule and change tracking, which will also help enhance compliance.
Patch management: Software is constantly being updated; patch management is critical to ensuring all clients, desktop and server applications are up to date, and all vulnerabilities covered through those patches in place.
Traffic analysis: A traffic analyser will tell you, at any given time, who is talking to whom, who is using which IP address and who is sending what to whom. This is vital information in the case of a threat where you need to conduct forensics.
Security information and event management: A log and event management tool is like the icing on your security cake. It brings all the other pieces together to allow you to see the entire environment, to correlate information and make connections that may not have been visible before. Visibility across all network operations can point to an intruder or attack that may otherwise have gone undetected.
Build on what you have; use what works and keep adding. Create layers of security within every crevice of your environment. The more you can enhance your visibility, the more you know, the harder it will be for attackers to get through and the greater your chances of dramatically reducing risk will be.
For more information visit SolarWinds
