Federal agencies recognize that threat detection and resolution must happen fast. The longer that attackers are able to dwell on the network, the more time they have to find valuable sensitive data.
The good news is that there is evidence that the global median dwell time is improving. It has reduced from 78 days in 2018 to 56 days in 2019, according to our latest 2020 M-Trends Report.
However, even a week can be sufficient time to do damage. FireEye analysts and I have investigated multiple security incidents at federal agencies. Government institutions are the third-most targeted sector, and we’ve seen the toll these breaches and attacks have taken. The impact includes system downtime, costs, and considerable extra work among IT teams to recover.
We also know that there are multiple reasons that cyber attacks are so taxing for federal institutions. They’re often dealing with aging IT infrastructure, legacy systems, and a shortage of IT skillsets. As they work toward IT modernization and migration of workloads to the cloud, new complexities arise in managing these environments.
And on top of these challenges, it’s difficult to keep up with a constantly evolving threat landscape. As we reported in the M-Trends report, 41% of malware is new. That means there’s a good chance these incidents will evade typical defense systems.
The attackers are becoming more sophisticated and are adapting their techniques in an attempt to escape detection. They’re also taking advantage of the ongoing global situation to escalate threats against the remote workforce.
So, what can federal agencies do?
The Need to Increase Visibility
First, it’s important to recognize that IT systems are regularly updated or changed—for example, new data is added and new applications are implemented. Plus, the cloud complicates matters. It can be a challenge to detect and respond to security incidents across both on-premises and cloud environments.
The most critical step is to gain visibility. That’s where FireEye solutions and services truly shine. Our ecosystem includes both technology and expertise to help federal agencies more quickly detect, protect and respond to potential threats.
For example, FireEye Helix uses machine learning to get a baseline of “normal” behavior in the organization’s network. Then it integrates our real-time threat intelligence capabilities to rapidly discover anomalies and send alerts. Helix also incorporates artificial intelligence to reduce the false positives that cyber security teams have to chase.
Another way to gain visibility is through our Cloudvisory solution. Security in the cloud is a critical concern for government organizations in terms of storing and transferring sensitive data. It’s imperative to see potential threats across multiple cloud environments and workloads. Cloudvisory offers a single console that enables agencies to:
- Gain uniform visibility across cloud infrastructure, including multi-cloud environments
- Reduce risk of cloud security misconfigurations
- Automate policy management and intelligent detection to ensure governance with frameworks and practices such as NIST, FedRAMP and more
- Protect data and applications with continuous discovery and mapping of assets
Depending on an agency’s specific needs, we’ve got them covered. FireEye’s capabilities extend throughout network, endpoint and email security. We also offer consulting and managed services to help government institutions better understand their security posture and improve their detection and protection efforts.
Head over to our website to learn more about FireEye cloud solutions. For more information and additional tips on gaining comprehensive visibility into your IT environment, read the FedScoop Cloud Security Special Report.