Cybersecurity Archives — ľ��AV

Day In The Life: Leo Pryor, SOC Analyst

ľ��AV PR — Thu, 18 Apr 2024 11:00:22 +0000

The job of a security operations center (SOC) analyst is crucial. They maintain information and network security by detecting, investigating, and remediating cybersecurity threats. SOC analysts are on the front lines in an organization’s battle against cyber threats and test existing cybersecurity infrastructure for vulnerabilities and weaknesses in order to make improvements.

We sat down with Leo Pryor, ľ��AV SOC analyst, to discuss the day-to-day challenges that SOC analysts face, the important and rewarding nature of their work, and why cybersecurity is a critical field for skilled professionals interested in meeting the moment and making a difference.

PART ONE

PART TWO

PART THREE

ľ��AV delivers SOC-as-a-service, endpoint security platform-as-a-service, vulnerability management, and continuous monitoring solutions to leading enterprises across government and industry. The ľ��AV SOC is powered by more than 50 unique commercial and open-source intelligence feeds and a cyber threat intelligence team that currently tracks more than 17,000 adversaries.

Working as a SOC analyst with ľ��AV means doing work that matters, expanding your knowledge and expertise, and protecting some of the world’s most-targeted networks.

Ready to meet the moment and make a difference? Visit our career center to learn more.

The post Day In The Life: Leo Pryor, SOC Analyst appeared first on ľ��AV.

The Power of Predictive Security: How AI Helps Prevent Cyberattacks

ľ��AV PR — Tue, 16 Apr 2024 11:00:23 +0000

By
Director of Cyber Analytic Products

Your browser does not support the audio element.

In a hyper-connected world where cyber threats are evolving at an alarming pace, traditional reactive security measures are no longer sufficient to safeguard sensitive information and critical infrastructure. As a result, cybersecurity professionals’ focus has shifted towards proactive and predictive security solutions that can anticipate and thwart cyberattacks before they strike.

The technology that makes this possible? Artificial intelligence (AI), an increasingly critical component of modern cybersecurity.

The Need for PredictiveCybersecurity: Shifting the Paradigm

Traditional cybersecurity strategies are akin to locking the doors of a house after an intruder has already gained access. Reactive approaches entail identifying and responding to threats as they occur, leaving little room for proactive defense.

Predictive security is more like knowing a would-be intruder is coming before they ever make it to your front door. It represents a conscious paradigm shift, enabling organizations to anticipate and mitigate potential risks before bad actors attack. By harnessing the power of AI, your cyber analysts are better equipped to analyze vast amounts of historical data, identify patterns, and predict attack vectors with unprecedented accuracy.

A More Intelligent Arsenal

AI algorithms can continuously learn from real-time data, enabling your cybersecurity tools to adapt to evolving threats and making your whole security posture more nimble and agile. By analyzing historical cyberattack patterns and discerning the tactics employed by malicious actors, your analysts can predict and prioritize potential vulnerabilities that may be exploited.

Enter ľ��AV Pathfinder

Identifying your organization’s need for predictive security is an essential first step, but how do you meet that need? Where do you turn for the expertise to execute this paradigm shift in your cybersecurity?

Enter ľ��AV Pathfinder, an AI-powered cyber analytics platform that leverages historical data and advanced algorithms to predict exploitable entry points and help counter cyberattacks.

Pathfinder’s predictive capabilities are based on three fundamental pillars:

ATTACK PROBABILITY

Pathfinder’s AI scrutinizes historical attack data and determines the likelihood of certain cyber threats occurring. By quantifying the probability of various attacks, organizations can focus their resources on the most pressing threats and determine which can be scheduled for triage at a later date.

PERVASIVENESS

Not all vulnerabilities are equal; some may be widespread and impact numerous systems, while others are niche and affect only specific configurations. Pathfinder considers how pervasive potential vulnerabilities are, ensuring that high-risk, widespread vulnerabilities are addressed immediately.

URGENCY

Pathfinder identifies the criticality of vulnerabilities and determines the potential harm they may cause if exploited. Prioritizing urgent vulnerabilities allows organizations to allocate resources efficiently and protect against the most severe threats.

Force Your Adversaries Into a Losing Battle

The real strength of predictive security lies in its ability to force adversaries into an unfavorable position. By proactively addressing potential weaknesses, organizations employing ľ��AV Pathfinder can create a lower-risk environment, making it increasingly difficult for attackers to find exploitable entry points. As the organization’s defenses become more robust and resilient, malicious actors encounter diminishing returns for their efforts — a powerful deterrent.

The power of predictive security, fueled by AI algorithms and historical data analysis, is revolutionizing the way organizations defend against cyberattacks. ľ��AV Pathfinder can force your adversaries into an uphill battle, meaning your organization can stay one step ahead in an ever-evolving threat landscape.

Ready to shift the paradigm?

Contact Our Experts

The post The Power of Predictive Security: How AI Helps Prevent Cyberattacks appeared first on ľ��AV.

Work That Matters: Virtualization Guru Rob Laposta Helps to Protect the US Army

ľ��AV PR — Wed, 10 Apr 2024 09:00:25 +0000

ľ��AV Systems Engineer Rob Laposta oversees some of the most important servers, storage, and virtual machines in the world.

The Army Endpoint Security Solution (AESS) that ľ��AV provides for U.S. Army Cyber Command protects between 800,000 and 1.2 million U.S. Army endpoints around the world from 1.5 million malicious events per month.

The AESS is the only true managed security service used by the U.S. Army. It’s also the only deployed, fully integrated cybersecurity solution that offers all the endpoint security and management capabilities required by Joint Force Headquarters ― DoD Information Network.

The AESS is delivered from a handful of U.S. Army data centers located around the world, and that’s where Rob’s work comes in. The many racks of servers and storage components in those data centers — along with the virtual machines running on them — are the focus of his passion, dedication, and hard work.

Q: Could you give us an overview of the work you do and where you do it?

Sure. I don’t deal with the AESS itself. I build and maintain the house it lives in. By that I mean software-defined data centers located on Army bases around the world. It’s from these data centers that ľ��AV delivers the AESS.

Typically, we manage everything remotely from our home base, Fort Huachuca, here in southern Arizona, and from our nearby corporate office and test lab. We run 24/7 operations, so there’s always someone here to answer the phone.

I normally travel once or twice a year. We don’t have personnel at every data center, and some technical issues require a hands-on fix. I might also travel to deploy additional servers and storage disk shelves, when needed.

Q: Your work has you travelling a lot lately. Why is that?

Yes, I’ve been working onsite at bases in Kuwait, Germany, Hawaii, and elsewhere. We’re updating our equipment. In the fall, we replaced our storage components and added disk shelves to keep up with growing storage needs. We’re also replacing our servers, which are nearing end of life.

The work in the data centers can be physically demanding because we’re pulling heavy components from the racks, labeling them, and dealing with wires that are tangled beneath the floor. At the end of the day, you’re tired.

Q: If you had to name one special skill or strength you bring to your work, what would it be?

Virtualization. Our infrastructure is built on VMware, and that’s where my greatest strength lies. One of the things I love about my job is that I can continue to grow this strength. I’m able to continue learning about VMware and other technologies and make our software-defined data centers run as well as they possibly can.

Q: Could you say more about the rewarding aspects of your work?

I get to use my 25 years of IT experience to run, manage, and configure in the best way possible — to make our infrastructure run the best it can. We are one of the few COCO [contractor owned, contractor operated] contracts in the Army. We’re always beating our SLAs [service level agreement performance metrics], and this is partly due to the equipment being owned by ľ��AV rather than the Army. Because we own the equipment, whenever we need to replace something or fix or tune the system, I can do it within a day or instantly, and just submit a change request afterwards. There are no lengthy government procurement processes slowing us down.

The AESS has worked extremely well. A lot of people are chasing Matt Borman [vice president of Army Cyber, Mission Solutions, ľ��AV] because he has such a good reputation for providing a fantastic service to the Army.

The Army is excited about what we’ve done for them and the new ideas we’re bringing forth to better secure endpoints and the network. To provide the Army with such a great and important service is very gratifying.

“Work That Matters” is a series in which ľ��AV experts discuss their roles and responsibilities and the larger impact they have in the workplace, community, and world.

Careers at ľ��AV

Enjoy ľ��AV Articles Like This One?

Don’t Miss Any. Sign up for our “ľ��AV Insights” newsletter.

Subscribe Now

The post Work That Matters: Virtualization Guru Rob Laposta Helps to Protect the US Army appeared first on ľ��AV.

Building a Better Cyber Team

ľ��AV PR — Thu, 04 Apr 2024 04:01:04 +0000

The cybersecurity industry has a labor problem. In the United States, we now have up to , and only 26% of cybersecurity professionals under the age of 30 are women.

What can organizations and institutions do to close the gender gap in cybersecurity, and ultimately, the cyber skills gap? Research shows that to build strong cyber teams, employers and the wider industry need to make cybersecurity a welcoming career for all.

To understand ľ��AV’ approach towards equitable and inclusive cyber teams, we spoke to a few of the women leading our cyber teams. We are continually inspired by these women and look forward to keeping the conversation going.

BEVERLY
GOODWIN

Executive Director, Governance, Risk, and Compliance | Cybersecurity Assurance

SHAYLA
TREADWELL

VICE PRESIDENT, GOVERNANCE, RISK, AND COMPLIANCE

JOANNA
DEMPSEY

VICE PRESIDENT, CISA PORTFOLIO, JUSTICE AND HOMELAND ľ��AV

JOANNE
MORRIS

VICE PRESIDENT, ENTERPRISE ľ��AV

RAMONA
ZILLIGEN

PROGRAM MANAGER, ARMY ENDPOINT SECURITY SOLUTION

What does a successful cybersecurity career mean to you?

”For me, success means learning from failures and turning them into lessons learned. It also means work-life balance: being happy, enjoying my work, and looking forward to each day's challenges, while still growing as a professional.

I am grateful to be part of the ľ��AV cybersecurity team, knowing I can continue to grow and learn more all the time. I am fortunate to be happy and fulfilled in my career ― that is my definition of success.
Ramona ZilligenProgram Manager, Army Endpoint Security Solution (AESS)

How do you approach diversity and equity challenges within your team?

”There is a tendency people have where they think no one is paying attention to their behavior. Making it known that people are heard and seen is important when identifying diversity and equity challenges. With recent events coming to light, I assumed that people knew that I condemn any type of hate within my team, but I had a team member reach out to me and let me know that they needed me to acknowledge what was going on. After addressing this directly with the team, we all felt relieved that there was more space to talk safely to address these issues.
Joanna DempseyVice President, CISA Portfolio, Justice and Homeland Solutions

What are some characteristics that you think make a team successful?

”Cognitive diversity. It is so important that you don’t let groupthink get in the way. Identify people with different backgrounds and experiences so that you can come to an agreement and make the best decision for everyone. Allow people to highlight things you wouldn’t otherwise think about as well.
Shayla TreadwellVice President, Governance, Risk, and Compliance

How do you handle a situation in which you don’t agree with the group consensus?

”I present my opinion in a positive manner, and I listen in a positive manner too. Everyone’s opinion has value, but sometimes a different opinion is a better situational fit. No matter how experienced I am, there’s always an opportunity to learn. Teams are stronger than individuals, so it’s key to let every voice be heard and then work with the team to move forward with a single voice.
Joanna MorrisVice President, Enterprise Solutions

What are the top three habits that you would recommend to someone seeking a leadership role?

Lead by example.

Be willing to follow the same rules and practices you expect from your team. This habit will help establish expectations and build trust with your employees. The workplace changes in response to COVID-19 presented many opportunities to lead by example. All of us had to adapt to remote work and stressful video meetings with kids or pets in the background. I also learned through frequent check-ins with staff that they were tending to work longer hours and experience burnout from never leaving the workplace. As leaders, we need to recognize how these changes impact work life balance and encourage employees to factor in breaks and establish boundaries between work and home life.

Communicate vision and goals clearly.

It is very difficult to lead a team if they don’t grasp their larger goal and vision. Refresh and remind your team why their work adds value and where they fit into the bigger picture.

Stay calm under pressure.

Challenges arise every day, and how you respond makes the difference. Women often feel that we need to be perfect in every situation, but we don’t. Letting go of this expectation helps us to reframe challenges and stay focused on what’s important, especially during stressful situations. When facing challenges, practice responding over reacting. Take a deep breath, ask questions to understand the problem, and guide teams through effective solutions.

“”
Beverly GoodwinExecutive Director, Governance, Risk, and Compliance │ Cybersecurity Assurance

At ľ��AV, we believe in diversity and inclusion at all levels. If you are looking for a career in cybersecurity where you can make a difference, apply to one of our open positions today.

The post Building a Better Cyber Team appeared first on ľ��AV.

ľ��AV Cyber Ops Leader Adam Tischler Awarded Elastic’s 2023 Certified Professional of the Year

ľ��AV PR — Thu, 28 Mar 2024 11:00:37 +0000

Award recognizes expertise with the Elasticsearch platform and contributions to the Elastic community

FAIRFAX, Va. — March 28, 2024 — ľ��AV, a leader in advanced technology, science, and engineering solutions and an ASGN (NYSE: ASGN) brand, announced today that , cyber operations leader at ľ��AV, has been recognized as the 2023 Certified Professional of the Year by Elastic. The award recognizes an individual who has achieved excellence and expertise in the platform and has given back to the Elastic community at large.

Used across the federal and commercial sectors for security, observability, analysis, and data visualization, Elastic is the leading platform for search powered solutions. Tischler has achieved every available Elastic certification: Elastic Certified Engineer (ECE), Elastic Certified Analyst (ECA), and Elastic Certified Observability Engineer (ECOE).

As part of his role at ľ��AV, Tischler helps develop and manage the continuous diagnostic and mitigation (CDM) dashboard ecosystem for the Cybersecurity and Infrastructure Security Agency (CISA). The system delivers cyber situational awareness data to federal agencies and summarizes risk exposure across the government for the Department of Homeland Security. Tischler has also served as a member of the Elastic Security Federal Advisory Board, providing feedback on new features and helping to steer future capabilities benefiting the security of federal customers.

JOANNA DEMPSEY

Vice President of CISA Portfolio

“On behalf of ľ��AV, we are so proud of Adam and the work he has done to improve the cyber resilience of our nation,” said Joanna Dempsey, vice president of CISA portfolio at ľ��AV. “Adam is a key leader on our CISA CDM team, not only in helping develop the platform, but training and mentoring his teammates.”

ADAM TISCHLER

Cyber Operations Leader

“I’m honored to be named Elastic’s Certified Professional of the Year,” said Tischler. “ľ��AV has more Elastic engineers than any organization outside Elastic. I’m proud to help continue that growth and success.”

About ľ��AV
ľ��AV, ASGN’s federal government segment, delivers advanced solutions in cybersecurity, data and artificial intelligence (AI), cloud, application and IT modernization, science, and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence, and commercial industries. ľ��AV maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ľ��AV has nearly 4,000 employees throughout the United States. For more information, visit ľ��AVtech.com.

About ASGN Incorporated
ASGN Incorporated (NYSE: ASGN) is a leading provider of IT services and solutions across the commercial and government sectors. ASGN helps corporate enterprises and government organizations develop, implement, and operate critical IT and business solutions through its integrated offerings. For more information, please visit .

Contact
Shab Nassirpour, Vice President of Marketing and Communications, ľ��AV
(703) 270-1540
Shab.Nassirpour@ľ��AVtech.com

The post ľ��AV Cyber Ops Leader Adam Tischler Awarded Elastic’s 2023 Certified Professional of the Year appeared first on ľ��AV.

ľ��AV Subsidiary Awarded $120M Cybersecurity Contract With Centers for Medicare & Medicaid Services

ľ��AV PR — Fri, 22 Mar 2024 20:00:57 +0000

Through its wholly owned subsidiary Iron Vine Security, ľ��AV will continue to provide comprehensive cybersecurity support for CMS and the CMS Healthcare Marketplace

FAIRFAX, Va. — March 26, 2024 — ľ��AV, a leader in advanced technology, science, and engineering solutions and an ASGN (NYSE: ASGN) brand, has won a $120 million contract with the Department of Health and Human Services (HHS) via the ľ��AV subsidiary Iron Vine Security. The Centers for Medicare & Medicaid Services (CMS) Cybersecurity Integration Center Operations (CCIC OPS) contract will have ľ��AV providing the core of the cybersecurity services it currently provides through an incumbent CMS contract through 2029.

With an emphasis on innovation, ľ��AV will continue to provide a cohesive and evolving managed cybersecurity service supporting CMS and the CMS Healthcare Marketplace. This managed service includes enterprise security operations support, incident response and management, SOC-as-a-service, threat intelligence analytics, data forensics, security engineering and architecture, penetration testing, breach and attack simulation, and more.

Acquired by ľ��AV in 2022, Iron Vine Security began providing managed cybersecurity services for CMS in 2016. Today, ľ��AV applies years’ worth of CMS experience and knowledge to continue protecting the healthcare data of millions of U.S. citizens.

“This is a great win for ľ��AV and our partners,” said , vice president of Enterprise Solutions at ľ��AV. “We look forward to continuing our work with CMS by providing innovative, state-of-the-art cybersecurity technology and practices and passionate personnel who will drive the CMS mission into the future.”

WILLIAM GEIMER

Vice President of Enterprise Solutions

JOHN HENEGHAN

ľ��AV President

“I could not be prouder of the efforts of our team, the support of our leadership, and the confidence that CMS has placed in our cybersecurity experts,” said John Heneghan, president of ľ��AV. “We’re honored to support CMS as it serves the millions of Americans who receive healthcare through Medicare, Medicaid, the Children’s Health Insurance Program, and the Health Insurance Marketplace.”

Contact
Shab Nassirpour, Vice President of Marketing and Communications, ľ��AV
(703) 270-1540
Shab.Nassirpour@ľ��AVtech.com

Kimberly Esterkin, Vice President, Investor Relations, ASGN
kimberly.esterkin@asgn.com

The post ľ��AV Subsidiary Awarded $120M Cybersecurity Contract With Centers for Medicare & Medicaid Services appeared first on ľ��AV.

AESS 2.0 and How Intelligence Drives Security

ľ��AV PR — Wed, 20 Mar 2024 16:01:33 +0000

Listen to article:

Your browser does not support the audio element.

Mark Maglin

Vice President of
DoD Cybersecurity

“We’re protecting one of the largest, most complex networks in the world,” says ľ��AV Vice President of DoD Cybersecurity Mark Maglin, “for an incredibly important mission that our nation’s adversaries are attacking every single day.”��

Mark is talking about the Army Endpoint Security Solution (AESS) that ľ��AV has provided for U.S. Army Cyber Command (ARCYBER) since 2016. “The key to AESS success is sharing cyber threat intelligence (CTI) in near real time to protect the Army’s assets and inform our partners of new threats.”

The zero trust architected AESS protects 800,000 endpoints across the Army’s global infrastructure. It blocks 1.5 million malicious events per month. It’s the only true managed security service used by the U.S. Army. And it’s the only deployed, fully integrated cybersecurity solution that offers all the endpoint security and management capabilities required by Joint Force Headquarters ― DoD Information Network.

In the fall of 2022, ARCYBER awarded ľ��AV a five-year recompete contract, beginning the “2.0” phase of AESS development. We sat down with Mark to ask a few questions about AESS and where its 2.0 improvements are taking Army cybersecurity.

Q: Can you describe some innovations and improvements AESS 2.0 will bring?

A: For starters, we’re adding another endpoint tool, Microsoft Defender. Our strength is our working with key technology partners to integrate and deliver the latest and best tool sets available, because no one tool does everything.

We take all these powerful tools — Elastic, ThreatQuotient, Forescout, Trellix, Tychon, and others ― integrate them into a coherent solution, automate it, and deliver it as a managed service. So ARCYBER never needs to worry about managing individual tools or policies.

All our tools are cyber sensors. Our integrated solution collects, normalizes, correlates and instantaneously shares CTI from each one of the sensors. So, the AESS can isolate a single malicious detection and use that CTI to protect every endpoint across the global enterprise — automatically and in real time.

Beyond CTI, we enumerate every endpoint for cyber hygiene: policy compliance, configuration, and vulnerabilities. That way, as soon as a new attack and its method are known, we know which endpoints may be vulnerable.

During a significant cyber event, no single entity has all the information, authorities, or capabilities to enable comprehensive action. Creating shared situational awareness is primarily a policy, information, and analytics challenge, not just an IT challenge.

Network visibility and analytics improvements are also in the works. We’re creating a unified asset management system that will provide more visibility of network devices and enhanced reporting. This will improve compliance, threat detection, investigation, and response.

We’re also integrating with the Army’s big data platform, Gabriel Nimbus, and other DoD data platforms. This will enrich the Army’s long-term threat intelligence analysis.

Q: You’ve said AESS is “all about the data.” Can you elaborate on that?

A: It’s all about protecting the Army’s data. And it’s also about the CTI generated by our security tools. By gathering and analyzing that threat data, we gain visibility and can better protect endpoints. That’s why we’ve built AESS from these tools. We know how to get the data from them and gain visibility into every asset on the Army’s networks and everything that’s happening on those networks.

Data analytics tell us things we wouldn’t otherwise know, such as where the vulnerabilities are. Without this capability, you’re just playing Whac-a-Mole on security events. But with it, we know where to look and how to understand and prioritize vulnerabilities and fix things before we have an intrusion.

Data enables us to detect and automatically protect against threats across the Army’s networks in the short term. Finally, by sharing our threat data with other Army platforms, we’ll help uncover cyber threats and vulnerabilities through long-term analytics.

We are also working with other DoD agencies such as Joint Special Operations Command, Central Command, and others to automatically share CTI discovered from novel malicious events. This is a first, and I think we are the only ones sharing across agency networks. There is a technical challenge which we have solved, but it is really a policy challenge, too. It is the right thing to do. We need to crowdsource our CTI.

Q: Can you comment on the zero trust capabilities of AESS 2.0 in light of the DoD’s Nov. 2022 zero trust strategy?

A: AESS has long been a zero trust solution and we continue to move in that direction. Our AESS 2.0 core capabilities map very well to the department’s zero trust framework, apart from areas that lie outside the scope of our AESS work. From users, devices, and data, to visibility and analytics, and automation and orchestration — AESS 2.0 provides the zero trust capabilities called for in the department’s zero trust framework.

On AESS, we are implementing a hybrid-multi-cloud cybersecurity system. It is hybrid in that we host our cybersecurity tools on premises, within Army data centers, and we use the native cybersecurity tools in Microsoft Azure as part of Microsoft Defender Enterprise (MDE). It is multi-cloud because we protect every type of endpoint —from physical on premises (work laptops) to virtual desktops to cloud-hosted applications in multiple clouds, including cArmy.

Q: Is there anything else about the future of AESS that you’d like to leave us with?

A: AESS will continue to evolve, and ľ��AV will continue to draw on our company’s massive array of skills and experience to maintain and develop AESS. Internal knowledge sharing across ľ��AV projects will always support the development of the Army Endpoint Security Solution — so long as we have the privilege of providing the Army with this managed security service.

CONTACT OUR EXPERTS TODAY

The post AESS 2.0 and How Intelligence Drives Security appeared first on ľ��AV.

Tuning Cyber Threat Detection Rules for Better Security

ľ��AV PR — Wed, 13 Mar 2024 11:00:49 +0000

With advanced tuning of threat detection rules in Elastic Security, ľ��AV gained SecOps efficiencies, harnessed SOAR capabilities, and provided customers with better security.

The post Tuning Cyber Threat Detection Rules for Better Security appeared first on ľ��AV.

Operational Visibility: Reducing Federal Cyber Risk with Elastic and the CDM Dashboard

ľ��AV PR — Wed, 28 Feb 2024 11:00:44 +0000

By Vice President, CISA Portfolio

and Vice President, Justice & Homeland Solutions, CTO

[This article complements a talk given by Joanna Dempsey, vice president of CISA portfolio at ľ��AV, at ElasticON 2023. to view Joanna’s full presentation on YouTube.]

For the past three years, ľ��AV has been working with the Cybersecurity and Infrastructure Security Agency (CISA) Continuous Diagnostics and Mitigation (CDM) program to build, deploy, and operationalize a whole new CDM dashboard ecosystem. Our goal has been realizing actionable operational visibility for federal agencies – an unprecedented level of visibility and access to cyber data, at scale. The CDM Dashboard ecosystem improves how incident responders find and remediate threats and vulnerabilities, enabling agencies to better protect their assets.

To achieve this, we’ve partnered with Elastic, whose suite of open-source products enables real-time search, analysis, and visualization of data regardless of format. And while the original CDM mission to help federal agencies protect their networks remains strong, the CDM dashboards, built on Elastic, are enabling a game-changing level of visibility and insight. After exploring how, we’ll look at a scenario illustrating how operational visibility in the federal government could greatly improve our nation’s cybersecurity.

The First Steps Towards Operational Visibility

First, we must recognize the impact of the 2021 Executive Order on cybersecurity, which did three critical things:

Removed many of the government’s barriers for interagency data sharing.
Directed the improved collection and analysis of additional cyber-relevant data.
Prescribed a government-wide endpoint detection and response (EDR) capability, which has become a top priority for CDM.

This evolution of federal cyber requirements cleared a path for more effective collaboration across the federal civilian executive branch (FCEB) agencies – a new direction that aligned perfectly with platforms like Elastic and the CDM dashboards.

The CDM Agency Dashboard is the first point at which all these vast data sets are aggregated so that we can efficiently scale federal cyber operations.

Starting at the bottom of this chart, we have a diverse and dynamic set of agency tools and sensors that satisfy a range of requirements for effective cyber hygiene on agency networks. Moving up a layer, the data from these tools and sensors is integrated and aligned to a common schema so that we can make sense of it at scale.

CDM and Operational Visibility

CISA’s operational visibility strategy has two components:

Providing improved, contextualized visibility into an organization’s mission.
Providing deeper insights into the risk posture of an organization and its assets.

The strategy’s goal is to connect people with the right contextualized and enriched data to help them make better decisions and reduce cyber risk. In the agency’s view, the question operational visibility seeks to answer is:

“How do we integrate the people, processes, and tools we need to automate the detection and remediation of the known, predict the known unknowns, and adapt to the unknown unknowns?”

Let’s focus on two key initiatives within CDM that enable CISA’s operational visibility strategy: the government-wide deployment of EDR capabilities and a Host Logging Visibility pilot. The former has become a critical part of federal cyber programs, as EDR tools are generally very good at automating the detection and remediation of known bad things happening on an endpoint. The latter expands the data available to agency and CISA analysts in the CDM dashboard to include endpoint logs – data which can be correlated at scale and with other CISA intelligence to improve threat detection and analysis.

Operational Visibility in Action

Now, let’s walk through exactly how the CDM dashboards can help orchestrate an improved defense of agency networks.

Pretend you’re a CISA cyber analyst tracking a particularly bad threat actor, “Bad Baby Dingo,” operating out of Australia. You receive intelligence that Bad Baby Dingo is targeting a common vulnerability and exposure (CVE) to launch a rare process that installs a malicious file on victims’ systems.

The process to install the file, which we’ll call “Creepy Koala,” leaves behind clues – specifically, logs that describe the process being launched and the file being installed. These process logs are captured on the endpoint and sent to the CDM dashboard for analysis and monitoring.

You log in to the CDM federal dashboard and run a search across the entire FCEB for the CVE that Bad Baby Dingo is exploiting. You get over 12,000 hits spread across 14 agencies, which would require a huge amount of labor to comb over. However, with the dashboard, you simply isolate the assets with the CVE, gaining insights into potential high value assets (HVAs) that could be impacted. Using this list as your input for another query, you identify potential indicators that the Creepy Koala process has been run. This time, your search leads you to 18 devices split between just two agencies, with HVA context to help inform and prioritize your response.

At this point, you have evidence that Bad Baby Dingo has breached two federal networks with an identified and prioritized set of assets. You pivot to agency A’s EDR console and isolate 10 of the impacted devices. You dive deeper into the systems to confirm what you suspected – a Creepy Koala process has been run on the endpoints. You help the agency security operations center (SOC) prioritize their response to block the process, remove the bad files, and create rules within the EDR to block the process in the future. You work with your peers across CISA to distribute alerts and detection rules to all agencies. You now have what you need to render Creepy Koala effectively harmless against the entire federal government.

ľ��AV + Elastic Deliver

Ultimately, Elastic-powered CDM dashboards empower incident responders like never before. With a broader and more enriched set of cyber-relevant data, coupled with a more unified approach to how we consume, manage, and analyze that data, our nation’s defenders can stop reacting to the problem and start being more proactive in defending their missions.

Interested in learning about our CDM Program?

Reach out and talk to our experts today!

The post Operational Visibility: Reducing Federal Cyber Risk with Elastic and the CDM Dashboard appeared first on ľ��AV.

On Driving Cybersecurity With Intelligence

ľ��AV PR — Mon, 26 Feb 2024 12:00:27 +0000

ľ��AV Cyber Pros Discuss Intelligence-driven Security and Share Insights and Best Practices

Recently, members of our massive corps of ľ��AV cybersecurity pros gathered to discuss intelligence-driven security. As these cyber leaders are working to protect some of the biggest and most critical government and commercial networks in the world, the conversation was lively and jam-packed with information and insights.

Here are some conversation highlights:

MARK MAGLIN

Vice President, DoD Cyber Security

As a former naval aviator and intelligence officer, I know how critical actionable and trusted intelligence is in driving decisions and action across any battlefield — virtual or physical. Over 2,500 years ago, Sun Tzu wrote ‘If you know the enemy and know yourself, you need not fear the result of a hundred battles.’ In cybersecurity, self-knowledge is as important as knowledge of the adversary, which is how intelligence drives security.

Having led the development and fielding of the SharkSeer cyber defense tool and the Enhanced Shared Situational Awareness (ESSA) initiative, I know it’s critically important to have visibility of all your assets and users and to know your risk posture.

Too often, we spend precious resources on low probability events. You need to know your critical cyber terrain, mission or business impact, and your vulnerabilities. Even though the NIST Common Vulnerability Scoring System (CVSS) may be high, it may not apply to your mission.

You must know your enemy. What do they want? There are numerous threat intelligence feeds that should be tailored to your environment and mission. We can dramatically improve the ways we share the threat intelligence we gather on our own networks, to protect the collective society. The technology is there, but policy is often not aligned. We are stronger together, using our crowd sourced intelligence to drive security.”

To navigate on land, you guide yourself with a compass. To traverse the complex terrain of cybersecurity, your teams need a precision instrument akin to a compass. Intelligence-driven security is that instrument.

By driving security with intelligence, your teams can chart the most efficient and secure course through their daily tasks and remain focused on the most critical threats. This strategic tool is essential for maintaining a resilient and proactive security posture.

I have seen firsthand at a national level and across federal, state, and commercial organizations the challenges of focusing on the right things at the right time. There’s no easy way for defenders to detect every tactic or technique that actors use in the wild.

However, by leveraging a proven threat intelligence framework, like the MITRE ATT@CK Framework, we can focus on the threat actors and their associated tactics, techniques, and procedures (TTPs) that present the greatest risk to ľ��AV and our customers.

MITRE ATT&CK enables defenders to understand and counteract adversaries. Security teams can also leverage the framework to develop more robust defensive measures, driving an adaptive and proactive security posture.”

DAVE HOWARD

Executive Director, Cyber Operations and Delivery, Enterprise Managed Services

GREG SCHEIDEL

Chief Cybersecurity Officer, Cyber Division

A good working definition of intelligence-driven security is: Proactive security that’s informed by up-to-date information on our environment and relevant threats, so that we can prioritize the highest-risk issues.

This prioritization is important because we always have more to do than we can accomplish. Even if we have an unlimited budget (which none of us do), we’re always constrained by time.

Examples of intelligence data that we can use include:

Critical asset inventory
Current operating state of the environment
Abnormalities or unusual activity
Attacker attributes most relevant to our business and data
Status of commonly exploited vulnerabilities (e.g., Cybersecurity and Infrastructure Agency Known Exploited Vulnerabilities (CISA KEV) and ľ��AV Pathfinder)

We should constantly adjust our security based on the latest information. And I deliberately frame this topic as ‘intelligence-driven security,’ not ‘threat intelligence-driven security,’ because I think it is bigger than just threat intelligence. Threats are a big part of it, but so is knowledge of our environments.”

As threat analysts, we focus on analyzing relevant data and the current state of the environment by pinpointing abnormalities and unusual activity. I always ask ‘what can this information do for us?’ This question is fundamental because it’s about recognizing the value of the intelligence we gather and determining the most effective ways to apply it.

Valuable intelligence sources don’t have to be external. A wealth of valuable information can often be found internally, so we’re always looking within our own environments for actionable intelligence. This can be especially beneficial from a dependency standpoint where resources can be limited.”

RYAN FURR

Director, Cyber Threat Analysis Center, Enterprise Managed Services

HECTOR CRUZ-REYES

Deputy Operations Chief and CSOC & MSOC Lead, Centers for Medicare and Medicaid Services Information Security Support Services, Cybersecurity Integration Center, Cyber Division

I see intelligence-driven security as a way to set priorities and identify the next step you should take. One of the items you need to focus on up front is the threat landscape — who’s knocking at your door? Who’s targeting your specific industry or sector?

Once you understand the threat landscape, you can build out threat profiles using the MITRE ATT@CK Framework. As you gain an understanding of threat actor behaviors, you can start layering the different assessments on top of one another to produce a heat map that shows the areas you really need to focus on ― your gaps.”

I’ll circle back to the idea of intelligence being more than just threat intelligence, which brings up a challenge we often face: gaining a good understanding of the customer’s environment.

We can build threat actor profiles and analyze the actor till the cows come home. But trying to translate that intelligence into the risk level for the customer can be difficult if network diagrams or information about critical assets aren’t available.

To get value from threat intelligence, you often need to study the customer’s attack surface, map out high-value assets, and so forth — to build that intelligence yourself.”

JASON HARPER

Cyber Threat Intelligence Lead, MSP

HERMAN COWART

Penetration Testing Team Lead, Centers for Medicare and Medicaid Services Information Security Support Services, Cybersecurity Integration Center, Cyber Division

Intelligence-driven security makes me think of Darwin and evolution. It’s not the strongest that survive, but those who adapt the best. Intelligence-driven security helps us adapt. If I’m launching exploits from the 1990s and not staying up to date with the most current languages, frameworks, technologies, and methodologies, I’ll quickly become extinct.

Everyone in the cyber community should always be up to date on all the latest news and intelligence, so they can adapt to what’s currently happening and better protect the customer. The threat landscape is always changing. The industry is always changing. We have to stay up to date to adapt and survive, and intelligence is how we do it.”

Enjoy ľ��AV Articles Like This One? Don’t Miss Any.
Sign up for our ľ��AV Insights newsletter.

Subscribe Now

The post On Driving Cybersecurity With Intelligence appeared first on ľ��AV.

Cybersecurity Archives — ľ��AV

Day In The Life: Leo Pryor, SOC Analyst

PART ONE

PART TWO

PART THREE

The Power of Predictive Security: How AI Helps Prevent Cyberattacks

By Director of Cyber Analytic Products

The Need for PredictiveCybersecurity: Shifting the Paradigm

A More Intelligent Arsenal

Enter ľ��AV Pathfinder

ATTACK PROBABILITY

PERVASIVENESS

URGENCY

Force Your Adversaries Into a Losing Battle

Ready to shift the paradigm?

Work That Matters: Virtualization Guru Rob Laposta Helps to Protect the US Army

Q: Could you give us an overview of the work you do and where you do it?

Q: Your work has you travelling a lot lately. Why is that?

Q: If you had to name one special skill or strength you bring to your work, what would it be?

Q: Could you say more about the rewarding aspects of your work?

“Work That Matters” is a series in which ľ��AV experts discuss their roles and responsibilities and the larger impact they have in the workplace, community, and world.

Enjoy ľ��AV Articles Like This One?

Don’t Miss Any. Sign up for our “ľ��AV Insights” newsletter.

Building a Better Cyber Team

The cybersecurity industry has a labor problem. In the United States, we now have up to , and only 26% of cybersecurity professionals under the age of 30 are women.

What can organizations and institutions do to close the gender gap in cybersecurity, and ultimately, the cyber skills gap? Research shows that to build strong cyber teams, employers and the wider industry need to make cybersecurity a welcoming career for all.

To understand ľ��AV’ approach towards equitable and inclusive cyber teams, we spoke to a few of the women leading our cyber teams. We are continually inspired by these women and look forward to keeping the conversation going.

BEVERLY GOODWIN

Executive Director, Governance, Risk, and Compliance | Cybersecurity Assurance

SHAYLA TREADWELL

VICE PRESIDENT, GOVERNANCE, RISK, AND COMPLIANCE

JOANNA DEMPSEY

VICE PRESIDENT, CISA PORTFOLIO, JUSTICE AND HOMELAND ľ��AV

JOANNE MORRIS

VICE PRESIDENT, ENTERPRISE ľ��AV

RAMONA ZILLIGEN

PROGRAM MANAGER, ARMY ENDPOINT SECURITY SOLUTION

What does a successful cybersecurity career mean to you?

How do you approach diversity and equity challenges within your team?

What are some characteristics that you think make a team successful?

How do you handle a situation in which you don’t agree with the group consensus?

What are the top three habits that you would recommend to someone seeking a leadership role?

Lead by example.

Communicate vision and goals clearly.

Stay calm under pressure.

At ľ��AV, we believe in diversity and inclusion at all levels. If you are looking for a career in cybersecurity where you can make a difference, apply to one of our open positions today.

ľ��AV Cyber Ops Leader Adam Tischler Awarded Elastic’s 2023 Certified Professional of the Year

JOANNA DEMPSEY

ADAM TISCHLER

“I’m honored to be named Elastic’s Certified Professional of the Year,” said Tischler. “ľ��AV has more Elastic engineers than any organization outside Elastic. I’m proud to help continue that growth and success.”

ľ��AV Subsidiary Awarded $120M Cybersecurity Contract With Centers for Medicare & Medicaid Services

WILLIAM GEIMER

JOHN HENEGHAN

AESS 2.0 and How Intelligence Drives Security

Mark Maglin

Vice President of DoD Cybersecurity

“We’re protecting one of the largest, most complex networks in the world,” says ľ��AV Vice President of DoD Cybersecurity Mark Maglin, “for an incredibly important mission that our nation’s adversaries are attacking every single day.”��

Q: Can you describe some innovations and improvements AESS 2.0 will bring?

Q: You’ve said AESS is “all about the data.” Can you elaborate on that?

Q: Can you comment on the zero trust capabilities of AESS 2.0 in light of the DoD’s Nov. 2022 zero trust strategy?

Q: Is there anything else about the future of AESS that you’d like to leave us with?

Tuning Cyber Threat Detection Rules for Better Security

Operational Visibility: Reducing Federal Cyber Risk with Elastic and the CDM Dashboard

By Vice President, CISA Portfolio

and Vice President, Justice & Homeland Solutions, CTO

The First Steps Towards Operational Visibility

CDM and Operational Visibility

“How do we integrate the people, processes, and tools we need to automate the detection and remediation of the known, predict the known unknowns, and adapt to the unknown unknowns?”

Operational Visibility in Action

ľ��AV + Elastic Deliver

Interested in learning about our CDM Program?

On Driving Cybersecurity With Intelligence

ľ��AV Cyber Pros Discuss Intelligence-driven Security and Share Insights and Best Practices

Here are some conversation highlights:

MARK MAGLIN

READ MORE

READ MORE

DAVE HOWARD

GREG SCHEIDEL

READ MORE

By
Director of Cyber Analytic Products

BEVERLY
GOODWIN

SHAYLA
TREADWELL

JOANNA
DEMPSEY

JOANNE
MORRIS

RAMONA
ZILLIGEN

Vice President of
DoD Cybersecurity

Enjoy ľ��AV Articles Like This One? Don’t Miss Any.
Sign up for our ľ��AV Insights newsletter.