Governments around the world are facing an increasing challenge to contain the threat from cyberspace. This is especially the case in the U.S.. Director of National Intelligence, James Clapper, is now claiming that cyber attacks have surpassed terrorism to become the number one challenge to national security. With this backdrop, it’s important that the U.S. government have strict security control over what software can run in its IT environments.
That’s why we’re excited that our flagship server security platform Deep Security has met the rigorous process by the Defense Information Systems Agency (DISA) and is now included in the Security Technical Implantation Guides (STIGs). This enables federal organizations operating on the Department of Defense (DoD) networks the ability to utilize the industry-leading protection provided by Deep Security in a compliant manner. And it is further proof that here at Trend Micro we understand the specialized needs of the sector.
From reactive to proactive
As noted in Trend Micro’s “Follow the Data” report, government organizations were the third most targeted, behind healthcare and education, making up 16 percent of all data breaches in 2015. Prominent breaches included: the State Department, IRS, NOAA, U.S. Postal Service and the Office of Personnel Management (OPM). This research also noted a clear pattern – while the number of attacks has grown steadily, the level of sophistication and volume of compromised data has grown exponentially. The top three breach methods include loss or theft, unintended disclosures, and malware attacks, which can be attributed to the growing criminal underground, the thriving deep web and an increase in the skillsets of criminals.
The phrase “wake-up call” has been used heavily in connection with these attacks, but in truth, we should all be aware of the scale and nature of these threats by now. Instead, it’s time to get serious about how we combat them. To counter an increasingly agile, sophisticated and determined online foe, security professionals need to move from being hunted to being the hunter. Whether attackers are financially-motivated criminals, nation-state operatives or hacktivists out to cause damage, disruption and negative publicity, we need to contain the threat more effectively. With better understanding of the enemy, we can transition from a reactive to a proactive stance on cybersecurity.
Security in the hybrid cloud
This isn’t easy, of course, with shrinking budgets, internal skills gaps and strict compliance requirements to meet. Federal CIOs and CISOs are also trying to take advantage of the IT efficiencies of the cloud, which can create additional security challenges. Problems can occur if organizations don’t use cloud or virtual-ready solutions. Traditional security tools can cause system performance issues, fail to spot inter-VM attacks and instant-on gaps, and allow targeted malware to gain persistence inside networks completely undetected.
The truth is that in a cloud-first world, federal IT managers must understand that security is a shared responsibility. While the CSP will take care of security around the physical network infrastructure, it’s down to the customer to protect virtual servers, apps and data – which is exactly what Trend Micro Deep Security was designed to handle. It provides an extensive range of protections including anti-malware; web, email and file reputation; log inspection; file integrity monitoring; vulnerability shielding; app controls and more. It’ll help spot signs of targeted attacks, provide instant-on protection and protect systems from zero day threats, all without affecting system performance. And it can all be managed from a single pane of glass – across physical, virtual, cloud and hybrid environments for maximum efficiency.
To find out more about how Deep Security can help government agencies lock down risk and support compliance, visit http://www.trendmicro.com/us/business/industries/government.