Industry Experts: Best to Recognize Networks Are Indefensible

Industry Experts: Best to Recognize Networks Are Indefensible - top government contractors - best government contracting event
Site: DHS.gov

Army Gen. Keith Alexander, head of the National Security Agency and Cyber Command, told attendees of an FBI-sponsored event in January that the U.S. defense network is currently “not defensible.“ 

Amit Yoran, senior vice president and general manager for EMC’s RSA security management and compliance business unit, has come to similar conclusions about computer networks, according to GCN.

Yoran said at the FOSE conference Thursday that motivated attackers will get into a network despite their defenses.

Richard Bejtlich, chief security officer at Mandiant, said people that work in an interesting place are the most likely to be compromised.

The shame does not come from the reality but from not doing anything about the reality, according to Bejtlich. 

Nearly 80 percent of attack victims learn their system has been breached through a third party, he said.

The FBI has increasingly helped to notify organizations and that is a huge motivator for entities that believed they were not being breached, he added. 

Organizations have begun to assume the mentality that it is only a matter of time before an attack occurs, according to GCN.

GCN attributes the attacks to complex hardware platforms, operating systems and applications, which make for an increasingly vulnerable system. 

When direct attacks fail, hackers focus on third parties.

For example, RSA was attacked through another company that was compromised. 

Cris Poulin, Q1 Labs’ CSO, said in a separate conference session that only 20 percent of the federal information technology security budget is needed to fix the 80 percent of IT issues known.

The remaining security issues would demand more than the 80 percent of the budget, he said. 

Bejtlich said the best solution is collaboration and information sharing, which can be done with a small financial investment.

You may also be interested in...

Red Hat's David Egts: Open-Source Training, “˜Sense of Mission' Could Help Agencies Address Cyber Skills Gap - top government contractors - best government contracting event

Red Hat's David Egts: Open-Source Training, “˜Sense of Mission' Could Help Agencies Address Cyber Skills Gap

David Egts, chief technologist for Red Hat's North American public sector, has said there are several options …

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication - top government contractors - best government contracting event

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication

The Department of Health and Human Services has released a four-volume document that outlines 10 …

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019 - top government contractors - best government contracting event

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019

Some of the trends in the cybersecurity market to watch in 2019 include the availability …