Federal agencies are increasingly at risk from skillful attackers and potent cyberthreats. State-sponsored attackers, supply chain infiltration, insidious ransomware, and silent network lurkers are all willing to use malware, ransomware, phishing, and other tactics to access infrastructure, take advantage of data, and use it for any number of nefarious purposes. The massive SolarWinds supply chain attack and the Pulse Secure virtual private network exploit hit federal networks, as did the ransomware attack on Colonial Pipeline’s business infrastructure. These are just a few examples of how cyber criminals have honed their techniques with the intent of attacking government and other significant national critical infrastructure.
The costs of cyberattacks on government agencies go beyond the millions of dollars needed to fix them. The potential breach of secure data, loss of intellectual and personnel data, and extreme remediation also come at a high price. For critical infrastructure providers, who have ties to federal agencies such as the Department of Energy and the Department of Homeland Security, the attacks can mean big ransom payments and possibly expensive fines for compliance violations. The reputations of the victims of the attacks are likely to suffer from exploited networks and a shaky post-attack environment.
There is a light at the end of this bleak cybersecurity tunnel, however, and it shines bright. There are actions that federal agencies can take to reduce the risk of attack or infiltration significantly. In this blog, I address the top three cybersecurity considerations that federal agencies should take into account, along with how Cohesity solutions for the Federal Government can help.
Reduce the Attack Surface
Digital transformation, hybrid cloud environments, remote work, and changing software supply chains have increased the footprints of what federal agencies must protect. Moving millions of employees to work-from-home status and pushing data and applications to a cloud-based infrastructure without time to fully vet cloud service providers resulted in holes in these massive footprints. Many federal agencies also have unstructured data, with disparate policies that are inconsistently implemented. These conditions create an attractive attack surface with many attack vectors primed for exploitation by ransomware and cybersecurity criminals. These challenges are compounded by more distributed and complex systems created by the cloud, and more frequently, multicloud.
This is definitely not the attack surface of yesteryear, which was mostly confined to on-premises government data centers and computer hardware. The difficult task for agency IT teams is gaining a better understanding of this new, exposed attack surface, including the vastly expanded number of network-connected endpoint devices and cloud services outside the protections of the corporate firewall.
Federal agencies have to take a new tack in addressing data sprawl and mass data fragmentation. Data centricity and data consolidation are key to avoiding risk. Getting out of antiquated infrastructure, streamlining disparate data sources, and modernizing so you have a smaller number of areas to protect will have a positive impact on reducing an agency’s attack surface.
Cohesity experts can take a hard look at a federal agency’s data footprint to get a better understanding of how to consolidate it so it is protected from threats. Then, Cohesity Next-Gen Data Management can help with the consolidation. Next-Gen Data Management provides multiple data management capabilities — such as backup and recovery, disaster recovery (DR), archiving, file and object services, dev/test provisioning, data governance, security, and analytics — as a comprehensive, integrated set of offerings through a software-as-a-service (SaaS) model. Cohesity Next-Gen Data Management combines immutability, backup, recovery, replication, and disaster recovery on a single, cloud-native platform.
Also, with Cohesity’s unified, scale-out platform you can eliminate legacy data protection silos and simplify management with a single user interface and policy-based automation. Plus, our global variable length dedupe across data sources and compression further reduce a federal agency’s data footprint and attack surface, thereby reducing its exposure to cyber criminals.
Improve Incident Response
Incident response is a big issue and a major area of focus for federal agencies, from the perspective of not only containing the attack, reducing downtime, and maximizing the ability to restore operations but also ensuring there is no data loss. Being purely reactive to breaches and hoping tools will solve the problem puts network operators at a significant disadvantage when an incident occurs. Positioning security teams to respond quickly and efficiently to a malware or ransomware attack requires more than simply having tools available for standing up different aspects of what’s been attacked. The agency must make sure its data assets are not compromised. Otherwise, the federal agency is not equipped to address a malware problem. No matter how efficient a tool might be on its own, if it cannot work in an agency’s security environment, it detracts from the overall effectiveness. It does not enhance it.
The good news for federal agencies grappling with all these changes is that Cohesity can deploy a four-layered threat defense framework. Cohesity Threat Defense is a combination of capabilities and partnerships with industry leaders that can protect federal agency data, maintain strict access controls, and gain deep visibility in near real-time. Instead of reacting, federal agencies are better able to stay ahead of modern cybersecurity threats.
Cohesity Threat Defense has a resilient architecture that includes robust encryption algorithms, erasure coding, immutable backup snapshots, and WORM (DataLock), all designed to prevent an agency’s backup data from being taken hostage. Strict access controls like multifactor authentication, granular role-based access control, and more can mitigate the risk of weak or compromised user credentials. Near real-time detection minimizes the risk of data exfiltration. An agency will be able to scan production data and deploy Cohesity’s AI-powered advanced detection to reduce an agency’s blast radius. The use of AI and ML is key to detecting not only anomalies but also to getting a better sense of behavioral characteristics that don’t align with what we think is normal in a federal agency’s environment, infrastructure, or even the edge.
Implement a Zero Trust Mindset
John Kindervag of Forrester coined the term “Zero Trust” in his 2010 research. His premise was that all network traffic is untrusted. Accessing any resource, therefore, had to be done securely. The original zero trust concept was based on a data-centric network design. Micro-segmentation enforced more granular rules, which limited the lateral movement of attackers. Today, secure and resilient architectures, including those that government agencies need, follow the Zero Trust principle of “never trust, always verify.” Devices should not be trusted by default, even if they are connected to a managed corporate network, such as the corporate LAN, and even if they were previously verified.
Cohesity aligns with zero trust principles and combines active threat intelligence and active backups that are immutable with data-locking capability and isolation. It can go a long way to supporting a federal agency’s proactive approach to cybersecurity. Cohesity’s cyber resilience security strategy and framework can define security throughout your agency’s IT systems and environments to prevent threat actors from accessing data.
Put simply, Cohesity offers federal agencies important security controls —from a strong authentication to role-based access control—but we don’t stop there. Through Cohesity Helios, a next-gen data platform that manages and protects data, we can do anomaly detection against privileged users. Because federal agency workforces are more mobile than ever, Cohesity also offers Zero Trust Hardening. This highly secure Helios feature accelerates data mobilization by securely configuring and right-sizing Cohesity once and then redeploying it as the same secure, environment anywhere from the cloud to on-prem or the edge, reducing deployment time from weeks to hours.
For zero trust applications specifically, we are also working on even more sophisticated authentication models, such as attribution-based access control that takes clearance levels, GEO tags, and other attributes. Our goal is to create more granular, fine-grained access controls for users who are accessing government data — all of which falls under the zero trust strong and multi-factor authentication umbrella.
Ready to Address the Top 3 Cybersecurity Considerations?
If any or all of these considerations are top of mind, Cohesity offers a way forward. Cohesity solutions can effectively counter malware and ransomware, helping federal agencies avoid paying ransom. Cohesity’s comprehensive, end-to-end solution features a multilayered approach to protect against, detect, and rapidly recover from a cyberattack. Cohesity’s unique immutable architecture ensures that backup data cannot be encrypted, modified or deleted. Using machine learning, it provides visibility and continuously monitors for any anomalies in data. And if the worst happens, Cohesity helps to locate a clean copy of data across a global footprint, including public clouds, to instantly recover and reduce downtime. To learn more, visit our federal data protection solutions page.