Federal agencies face many of the same cybersecurity challenges as private-sector organizations. These include malware, phishing emails used to spread malware or steal credentials, and distributed denial of service (DDOS) attacks that can be generated by malware-infected systems elsewhere.
Agencies also must deal with issues that businesses typically will not encounter, however, and those issues require a new approach to protecting data assets. For example, many agencies need to protect themselves against nation state actors who are specifically targeting them with malware built solely for that purpose, and nation states continue to recruit highly skilled people who are dedicated to carrying out attacks.
Another distinct challenge federal agencies face is the presence of air-gapped networks. Some government organizations with high security requirements run air-gapped networks, which are completely disconnected from the Internet. They do this as a precautionary measure to isolate their networks and the systems connected to them from Internet-based threats. The lack of connectivity renders traditional security products far less useful and effective for the agencies that have air-gapped networks in place. Government agencies would have to manually provide the updates at the endpoints for protection against new malware in air-gapped environments, which is not practical when traditional anti-malware solutions require multiple signature updates in a single day.
Moreover, federal agencies face an ever-growing volume of signature files generated by anti-malware products. Many agencies operate networks with many systems connected, and the distribution of signature file updates to all these systems several times a day can consume considerable network capacity, especially given how large the signature files often are.
A better approach to federal security involves the strategy of predicting and preventing—as opposed to merely detecting and responding to—the various types of malware and other cyberattacks. Prediction and prevention are achieved through the use of artificial intelligence (AI) and its subset of machine learning, which enable agencies to proactively protect systems and data without the need for signatures.
Prediction and prevention are ideal for addressing the problem of nation state actors. The AI and machine learning capabilities quickly identify and stop the highly-targeted, custom-made malware created by these attackers—even if the malware has never been seen before in any other environment. This is something that signature-based products just cannot reliably achieve.
The machine learning capability enables agencies to identify and prevent the execution of all types of malicious content, including zero-day activity, malware related to the implementation of advanced persistence mechanisms, BIOS malware, master boot record (MBR) malware, hypervisor malware, and malware capable of injecting into memory at any time. This will stop the many nation state attacks that rely on malicious code execution.
AI and machine learning also help to overcome the challenge of dealing with an abundance of signature files that consume significant network capacity. By pushing updates through their standard software distribution practices,and without signature files to contend with, updates are far less frequent, and thus, AI-based prevention reduces the bandwidth and administrative burdens on agencies.
The adoption and use of predictive, preventative security solutions does more than provide efficacy—it achieves dramatic cost savings and ROI. By taking advantage of advanced mathematical approaches to cybersecurity instead of using signature-based scanning, newer security solutions minimize the requirements for resource consumption such as CPU usage. This is of importance to federal agencies that commonly have legacy systems that might struggle to run signature-based technologies because of the extensive system resources they require. In addition, the process of identifying and stopping a malicious executable is extremely fast, taking less than 100 milliseconds. That’s a major advantage, given how quickly malware can inflict damage on agency systems. Moreover, it involves a lightweight agent that doesn’t siphon compute power or memory.
The endpoint is the new battleground. With the expansion of commercial cloud applications, a highly mobile workforce, the growth of telecommuting, and the expanding use of portable media, the endpoint has become the extended perimeter of an agency. As such, the extended perimeter is also the key target of adversaries and needs to be protected with the most advanced set of capabilities available on the market today.
In evaluating modern security solutions, agencies should consider three key questions:
If the answer to any of these questions is “no,” it’s best to keep looking. Total endpoint security is essential for ensuring that federal agencies can continue to operate effectively today and well into the future. At the same time, that protection must not come at the cost of increased complexity of security environments, and result in ever-increasing expenses for security.
IT and security executives at federal agencies need to take a hard look at how they are protecting their agencies’ systems today. If they continue to rely on aging, ineffective methods of defending against malware and other malicious content, they are essentially inviting the bad actors and nation state sponsors to exploit the inherent weaknesses of those legacy solutions.