Targeting Advanced Threats: Proven Methods from Detection through Remediation

Tuesday - 7/15/2014, 9:08am EDT





Listen to the full show.

Download

Threat intelligence in many ways is another form of big data. But the difference is the value of this information is much more clear than just any sort of big data that an organization collects.

At the same time, the amount of cybersecurity data coming into agencies or organizations is ever increasing especially as the tools and sensors get better. The Homeland Security Department's US Computer Emergency Readiness Team or US CERT, says agencies reported more than 218 thousand incidents in 2013—a 26 percent increase over 2012.

Now part of the reason for the increase is the agencies are getting better at reporting incidents…detecting and mitigating them more quickly. But it's also because the number of incidents are growing as nation states, organized crime, hackers and other bad actors are targeting federal networks and systems. And agencies will face a deluge of cyber threat data over the next year as they implement continuous diagnostics and mitigation tools and other continuous monitoring sensors.

Agencies are getting better at detecting incidents. OMB reports that more agencies are using the Einstein software for intrusion detection and prevention. The initial deployment of Einstein 3A would address 85 percent of the known threats aimed at federal networks.

Additionally, OMB reports that across the 21 CFO Act agencies conducting controlled penetration tests, on average the network and security operation centers were 73 percent effective at detecting incidents, with half of the CFO Act agencies reporting a detection rate of 99 percent or better. This overall capability increased from 63 percent in 2012.

So agencies collect all this data, what are the best ways to use it, make sense of it and most importantly improve cybersecurity.

Read related article.

Moderator

Jason Miller, Federal News Radio

Jason Miller is an executive editor and reporter with Federal News Radio. As executive editor, Jason helps direct the news coverage of the station and works with reporters to ensure a broad range of coverage of federal technology, procurement, finance and human resource news.As a reporter, Jason focuses mainly on technology and procurement issues, including cybersecurity, e-government and acquisition policies and programs.

Panelists

Bob Bigman, former Chief Information Security Officer, Central Intelligence Agency

Robert Bigman recently retired from Central Intelligence Agency (CIA), after serving a thirty year distinguished career. Recognized as a pioneer in the field of classified information protection, Mr. Bigman developed technical measures and procedures to manage the nation's most sensitive secrets. As an information security trailblazer, Mr. Bigman participated in developing security measures for Government computers well before commercial industry found the Internet. He then developed creative solutions to allow the CIA to use the Internet to further its mission without exposure.

Lance Dubsky, Chief Information Security Officer, National Geospatial-Intelligence Agency

Mr. Lance C. Dubsky has a 30 year record of achievement and demonstrated success driving change and enabling mission through innovative information security solutions. He serves as the NGA Chief Information Security Officer and Director, Information Security Management Office. As CISO, he supports the Agency Leadership in the execution of the information security & cyber mission and resources assigned to Springfield, St. Louis, and other NGA sites. His responsibilities include functioning as the Agency's Authorizing Official (formerly DAA) and Cyber Executive. Mr. Dubsky was appointed to his current position in October 2012.

Ben Rubin, Director, Cyber & Information Security Operations, CGI

Ben Rubin, Director of Cyber & Information Security Operations currently leads the Security Operations Center (SOC) and Managed Security Services Practice (MSSP) within one of the largest Defense Contractors and top 5 IT service delivery corporations in the world. The MSSP delivers security and computer network defense services to Department of Defense, Civilian Agency, as well as major commercial customer base within the United States within an environment maintaining several critical accreditation requirements such as FedRAMP & DISA P-ATO, PCI, IRS1075, necessary to process sensitive information. The SOC provides monitoring and analysis for internal corporate information security operations, ensuring the means in which our company operates and delivers on strategic Federal contracts remains agile and up to date with the latest security threat landscape.

Darren Van Booven, Chief Information Security Officer & Assistant Chief Administrative Officer, U.S. House of Representatives

Darren A. Van Booven is the CISO for the U.S. House of Representatives and is responsible for implementation of the House's information security program and technical aspects of the business continuity efforts. Prior to the House, Darren spent several years in the CIA as a counterintelligence officer responsible for carrying out nation state intrusion investigations, incident response activities, and countering technical threats against operations. He also worked as a senior staff operations officer responsible for the mission of offensive cyber operations and forensic exploitation against the terrorist target. Darren spent time as a senior manager in the Office of Inspector General where he evaluated the efficiency and effectiveness of technology used in Agency operations.

Darren is a CISSP, CISM, CISA, and licensed CPA.

Tony Cole, Vice President and Global Government CTO, FireEye

Tony Cole is FireEye's Vice President and Global Government CTO where he assists government agencies, corporations, and system integrators in understanding today's advanced threats and their potential impact. He is also the conduit for customers to provide feedback to FireEye on government related cyber security requirements and feature enhancements for FireEye products.