We all know the information security landscape is ever changing – a cursory look back at the biggest threats facing IT chiefs even 24 months ago will tell us that. Today’s cyber criminals are more sophisticated, motivated and well-resourced than ever before and they’re looking to compromise virtually every part of our infrastructure. This requires a new approach to security; one which will enable us to react and defend against cyber threats on a continuous basis.
A new cyber world order
Today’s cyber-attacks have not only grown to an unimaginable volume but also a sophistication and variety that would have been hard to believe a few years back. They target our mobile devices and social network accounts; they attack new technologies – everything from HTML5 to virtual machines – and they steal our data and identities and turn our machines into botnets. They’re even using public cloud accounts to launch massive brute force attacks and DDoS storms – hitting public and private sector organizations across the globe. There are no boundaries…
The actors behind these attacks, whether state-sponsored groups or financially motivated guns-for-hire, are an increasingly professional bunch, making use of the commoditized exploit kits freely available on many underground forums. What’s more, an ever greater number are targeting organizations with a laser-focus, perhaps sneaking malware in under the radar via a malicious email attachment or compromising a trusted site and making it a watering hole for distributing malware. Once inside the network, this malware can lie hidden for months or years exfiltrating data out of an organization.
In short, the bad guys have shifted the goal posts, so that traditional approaches to information security, and technologies such as signature-based AV and intrusion prevention systems (IPSes), are now virtually obsolete.
The fightback: CMaaS
Continuous monitoring is a risk management process covering people and technology to provide real-time defence in depth against the cyber threat onslaught. It began life as a 2010 memo from the President’s Office of Management and Budget to all heads of U.S. executive departments and agencies, requiring the gathering, monitoring, analysis and correlation of enterprise security metrics on a continuous basis. The idea is that with this automated real-time system in place, IT bosses will be better able to make risk-based decisions, and networks will be better positioned to defend against attacks due to advanced situational awareness.
NIST has a list of the basic tenets of continuous monitoring here. (http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf)
CMaaS, or continuous-monitoring-as-a-service, is part of the government’s more recent attempt to reinvigorate the initiative started in 2010. The five year Continuous Diagnostics and Monitoring (CDM) Program announced in January 2013 will see The Department for Homeland Security and respective agencies foot a $6bn bill to ensure CMaaS is implemented ubiquitously. CMaaS will require the deployment of dashboards and diagnostic tools to collect and display data on security risks across government in an automated, always-on manner. The program will cover 15 continuous monitoring capabilities including hardware and software inventory management; operational security; vulnerability management; network/physical access control management; authentication management; and generic audit/monitoring.
From cyber defence to cyber offense
Put simply, the new cyber world order requires a new approach to security. The attacks are sophisticated and persistent. The nefarious characters may have shifted the goalposts but CMaaS will give government agencies the opportunity to seize back the initiative to improve the health, integrity and service quality of their systems. Continuous monitoring will improve cyber-situational awareness, helping us locate our adversaries and ultimately drive them from our networks.
Click here to read Part 2, “Trend Micro: a trusted partner of government in the continuous monitoring journey.”
Click here to read part 3 in our CMaaS series, “Continuous Monitoring: Next Steps to a Safer Future for Government Organizations.”