Within today’s federal IT environments, cybersecurity is one of the highest priorities. Cyberattacks are no longer considered an “if” occurrence—they’re considered a “when” occurrence. Given this new norm, federal IT pros must be prepared to defend their agency’s data.
The good news is, with a combination of tools, teams, and education, it is absolutely possible to defend a federal data center and stop threats before they become major incidents. I recommend the following five-step approach.
Step 1: Integrate SIEM software
Security information and event management (SIEM) software is essentially a combination of security information management (SIM) and security event management (SEM) functionality, all rolled into a single offering. The combination—SIEM—takes relevant security information from across an agency’s multiple locations and presents them through a single view.
There are several advantages here. First, a single view helps the federal IT pro spot trends and patterns and far more easily, so they can identify anything out of the ordinary. Second, it helps identify vulnerabilities and configuration issues quickly, and helps ensure an equally fast response. Third, in terms of maintenance, a SIEM can help oversee patches and log event management.
Step 2: Create a top-tier security team
Attack attempts, particularly into federal agencies, are near constant; as a result, federal IT pros must be more vigilant than ever when monitoring systems with the most sensitive, and therefore valuable, information.
Having a security team in place is an absolute must. Even if the budget does not allow for a large team, the agency should at least look to create a basic-level security team that can work together to create a security framework. And remember: the security landscape is constantly changing. The team should continue to evaluate that framework on an ongoing basis to ensure it is up to date with the latest threat, vulnerability, and mitigation information. In fact, reassess the framework every six to nine months to ensure everything is up to date and as effective as possible.
Step 3: Create a baseline
The security team should be equipped with a comprehensive monitoring toolset that will allow the team to create a baseline of performance expectations across systems, networks, and databases. With this baseline understanding of what “typical” performance looks like for each of these pieces of the infrastructure, it will be far easier for the team to recognize anomalies. With quick recognition, the team can then execute on a pre-determined response plan in order to quickly and effectively investigate and remediate.
Step 4: Use existing resources
As cybersecurity becomes an increasing priority, so too increases the number of free and readily available cybersecurity information and resources that federal IT pros can leverage to help protect their agency. The National Institute of Standards and Technology (NIST) National Vulnerability Database should be a cornerstone of every agency’s security posture. The Common Vulnerabilities and Exposure (CVE) database is another excellent tool. Each of these provides real-time updates on current and potential future security threats, their corresponding threat level, and suggestions for remediation. Take advantage of all these resources and ensure the security team is always up to date on the latest threats and mitigation strategies.
Step 5: Invest in end-user education
End-user education is far too often overlooked—or done simply to check a compliance box. Statistics consistently show that a majority of attacks originate from the inside the agency, stemming from things like phishing attacks or other accidental user errors that stem from an inadequate understanding of potential security threats.
While things may seem obvious to the security team, the rest of the agency’s personnel simply may not understand how one action today may open the door to an attack tomorrow, the next day, or even several months down the road. The reality is, the security of the agency’s data center is only as secure as the end-users working within the infrastructure. Exacerbating the challenge, as more types of devices get approval to be added to the agency network—and are allowed to access the network and data center resources—it’s in the agency’s best interest to properly educate end-users about the impact they can have on overall agency security.
For federal IT pros, trying to harden their agency’s security posture—particularly, enhancing data center security—may seem like running toward a moving finish line. While the security landscape is certainly ever-changing, the five suggestions here are a good place to start in developing reliable data center security measures that will help protect against the expected rise in data breaches and other cyberattacks in the months and years to come.
Want to hear more of what Mav has to say about information security? Watch this video: