If your focus is on cybersecurity, you hear the daily din on the impending! At some point you wonder—in spite of all this rhetoric—how exactly government agencies are faring and what exactly the challenges are that they face. Well, the Federal Cybersecurity Risk Determination Report and Action Plan released in May 2018 offers some clues. While reports on FISMA compliance have been regularly published to Congress, this is one report that details in plain language what challenges agencies face in bolstering their cyber posture. The report lays them out under four categories:
- First is limited situational awareness. In fact, situational awareness—the ability to see and understand what is going on across the agency—is so limited that agencies could not identify the method of attack, or attack vector, in 11,802 of the 30,899 cyber incidents (38 percent) that led to the compromise of information or system functionality.
- Second is lack of standardized IT capabilities. This suggests a lot of actions and activities are ad-hoc since agencies don’t have standardized cybersecurity processes and capabilities, impacting their ability to gain visibility and effectively combat threats.
- Third—and I think this combined with the first one, is the most devasting—is lack of visibility. Agencies lack visibility into what is transpiring on their networks, leaving significant blind spots. Only 27% of agencies reported having the ability to detect and investigate attempts to access large volumes of data, for example. The risk assessment report revealed that 73% of agency programs are either at risk or high risk in this critical area.
- Fourth, agencies lack standardized and enterprise-wide processes for managing cybersecurity risk. As the report suggests, agencies are at various stages of enabling repeatability and consistency but have some ways to go.
When you think about it, this should come as no surprise. Agencies over time have invested in dozens of disparate security technologies managed in silos, making it increasingly impossible for a human to thread together a cogent picture of what is transpiring across the agency, leave alone identify a threat. And with inconsistent processes, a widening skills gap and resource struggles, agencies have to look past traditional answers.
In this fast-evolving threat environment, security teams need the ability to quickly see and understand what is going on across the organization so they can quickly pinpoint any threat and respond to it. The way to do this is by collecting all data from each and every source—endpoints, servers, network, users, applications and even outside intelligence—in real-time, correlate them and have it for analysis. Now, with this analytics-driven security capability, you not only have end-to-end visibility, but a consistent way to analyze, respond and manage threats across the organization and most importantly, quickly minimize any adverse impact and not get splashed all over the headlines.
And that approach has worked time and again across our customers. If you're a Splunk user, you know its power as a security intelligence platform that can address a number of use cases—from security monitoring and compliance to complex ones such as incident response, insider threat and other advanced threat detection scenarios. As the security nerve center, it delivers real-time situational awareness and accelerates response and mitigation through automation, resulting in effective risk management.
Splunk is the leader in security and risk management. Our customers don’t just trust us with their infrastructure and data, but many also entrust us with their critical missions, and that’s a partnership we are honored to have and proud of.
To learn more on how you can get started, listen to this on-demand webcast on Splunk Security Essentials, or call us at (866)-GET-SPLUNK.
Let’s help you change your posture on that OMB risk report before it's published the next time!
Until next time,