Cyber Intelligence and Defense for the Public Sector, Part 1

Marty Meehan

Part 1: The Challenge

In today’s connected society, the threat posed by cyber actors and the reality of countless high-profile breaches have catapulted cyber security to a top priority for most organizations. According to recent studies, today, cyber crime and cyber espionage are estimated to cost the global economy over $400 billion each year. However, this estimate fails to take into account the damage to the indirect victims of these crimes. Nowhere is this more evident than within the federal government, where the damage caused by a data breach could negatively impact overt and covert operations spanning decades, putting the country, its operatives, and its citizens at risk.

The threat landscape faced by federal agencies is vast and evolving rapidly. Threat actors are constantly changing their tactics to sidestep defenses, leveraging zero-day vulnerabilities and compromised endpoints to subvert secure perimeters. Today, the dynamic nature of the threat, coupled with the diversity of federal IT environments, has made it impossible for organizations to mitigate every potential threat and patch every security vulnerability. Instead, organizations must develop a proactive defense strategy, driven by intelligence that enables them to anticipate the moves of their adversary, detect attacks early on, rapidly neutralize threats, and dynamically prioritize mitigation efforts all within the context of their business or mission goals.

The growing complexity of IT systems is pushing the limits of internal security teams. According to recent surveys, it takes most companies an average of almost 30 days to remediate half of their systems for a given vulnerability. In other words, as much as half of the infrastructure remains vulnerable even 30 days after the discovery of a vulnerability. Even more startling is the pace at which new attacks are surfacing, putting organizations in an endless battle, deploying stale patches and updating security rules to block every known threat possible. However, the reality is that you can’t block every threat and mitigate every vulnerability, so organizations must find ways to focus their efforts on the most dangerous threats.

Active defense has emerged as an approach to cyber security that shifts the focus from preventative controls toward active identification and remediation of threats and actors. Active defense is often confused with offensive cyber tactics, in which organizations seek to “hack back” at their attackers. However, active defense is simply about the proactive defense of an organization’s systems, resources, and data. There are many ways to achieve this proactive posture, but it starts with an organization developing a better understanding of the unique threats and adversaries it faces. This includes classifying the key targets within the organization, understanding the specific attack vectors and exploits that pose the most significant risk to those targets, and identifying the actors that might carry out these attacks. Getting to this level of focus on the threats facing an organization and achieving an active defense posture requires the use of targeted intelligence and analytic capabilities, such as those offered by popular commercial cyber intelligence services, including Verisign’s iDefense Security Intelligence Services.

In short, the cost of not integrating intelligence into security operations is significant and growing. When operating in a domain as complex and dynamic as cyber space, organizations can no longer afford to rely on passive or reactive security techniques or a static perimeter.