Advanced, software supply chain attacks have a vast and rippling impact. By
injecting malicious code into an otherwise legitimate software update, bad
actors infected over 18,000 conscientious SolarWinds customers.

[…]

By mimicking the behavior of real-world attackers, the ATT&CK framework helps IT, information security and compliance organizations effectively assess risks, identify security gaps and eliminate vulnerabilities.

[…]

Empower your team with integrated automation to manage security vulnerabilities, servers, and network devices across your hybrid environment.

[…]

Faced with ever-evolving cyberattacks, federal agencies and other critical enterprises work tirelessly to provide secured applications and systems against sophisticated actors. Cyber-operators, however, are overwhelmed, and the scale and complexity of attacks make it impossible to investigate all identified incidents.

[…]

After several high-profile data breaches involving Federal agencies and an overnight acceleration into remote work, Federal IT leadership found themselves quickly rethinking their cybersecurity posture. But, lasting change can’t happen instantaneously. It is a
journey.

[…]

It’s time to adopt an “assume-breach” mindset to detect and isolate adversaries before they traverse your network and inflict serious damage. An assume-breach mindset means thinking like an attacker.

[…]

A look at why asset management – once a pure IT play – matters for cybersecurity, and how federal IT and security teams can both benefit from cybersecurity asset management.

[…]

The February 2021 hack of a water treatment plant in Oldsmar, Fla. – likely via a shared application – could have resulted in the poisoning of thousands of people, absent the observational skills of a supervisor who witnessed unusual network activity.

[…]

At the end of 2019, I came to two realizations… The first: There has never been a better time to be a cybercriminal. The second: Only teams of defenders that are focused on proactively disrupting adversaries will win. In the months that followed, both theories have proven to be correct.

[…]

Despite the incredible technologies available in cybersecurity today, security teams still struggle to get accurate answers to asset-related questions. While the tools we use can give us individual pieces of the asset puzzle, information lives in many different silos – this makes it difficult to ask simple questions that span the many data sources.

[…]

Federal agencies understand how important protecting their networks and critical data is to mission continuity. However, there is a discrepancy between this and how agencies rate their cyber efforts. According to a recent study, 84% of Federal IT managers agree cybersecurity is a top or high priority within their agency, yet, just 51% rate the state of cybersecurity within their agency as “very effective.”

[…]

To address the new environment and our need for resiliency, we need to evolve from defense-in-depth to new approaches. Zero Trust (ZT) is a security concept anchored on the principle that organizations need to proactively secure all access to data and
resources to reduce security risks to acceptable levels. Its goal is to ensure the trustworthiness of the user, device or service requesting access to an agency resource at any time

[…]

Ransomware attacks are on the rise. According to Cybersecurity Ventures, ransomware will cost organizations across the globe over $20 billion by 2021, with general cybercrime expected to make a $6 trillion impact—estimates including costs associated with restoring data and infrastructure as well as the often-hidden expenses of mitigating the social damage of an attack.

[…]

While perimeter security remains important, the routers, firewalls, and intrusion detection systems that protect network access are no longer sufficient protection for Federal agencies against bad actors. Attackers will always try to find ways to breach the network perimeter; it’s usually a question of when – not if – they will succeed.

[…]

As government agencies navigate network environments expanding into uncharted territories in the telework age, new threat actors are finding ways to infiltrate and exploit the federal enterprise. Known vulnerabilities and open source information become easy targets with the potential to take down an entire agency ecosystem.

[…]

The Trusted Internet Connection (TIC) initiative set out to greatly reduce the number of endpoints across Federal agencies – aiming to establish a secure perimeter to protect the nation’s vital data.

[…]

Are you looking to improve cyber readiness? See how augmenting your existing cybersecurity solutions with real-time log event triaging and extended context improves cyber detection, response, and compliance.

[…]

MeriTalk, in partnership with Lookout, surveyed 150 Federal cybersecurity managers in April 2020 to explore agencies’ mobile threat defense.

[…]

TIC 3.0 begins to eliminate barriers to greater federal use of the cloud and enables broader adoption of emerging technologies like SD-WAN. SD-WAN breaks down policy-driven bottlenecks in federal network access points, and enables more robust federal network security. Discover how SD-WAN addresses challenges connecting to off-premises cloud environments and is a key component to […]

[…]

With Federal cloud adoption and teleworking at an all-time high, Federal teams need to secure access to data and applications for all users, anywhere, from any device, 24/7/365. Learn more about modernizing cloud and internet access for the mobile Federal workforce.

[…]