On the heels of Solarigate and Hafnium, companies are once again evaluating their overall IT and security posture. While ransomware has grabbed much of the attention over the past three years, it’s increasingly obvious nation state-related attacks infiltrating organizations and exfiltrating their data have not faded away. In fact, these efforts have just become more sophisticated and targeted.
Companies that are part of the Defense Industrial Base are being pushed due to requirements around NIST and CMMC, but the details to become compliant often do not give a clear path to being secure. As such, these companies should re-evaluate these two critical things:
- Cloud Strategy
- Security Toolset
Cloud Strategy
For many smaller companies, it should be clear that the speed that technology changes and the continued exploits of zero-day attacks that on-premise architecture puts IT teams at a considerable disadvantage. Even with known vulnerabilities, the discipline and effort to consistently apply a patch management strategy has been challenging to apply among a sprawling patchwork of different vendor operating systems and tools. And, ironically, the Solarigate attack targeted the same software that was meant to assist with on-premise monitoring and management.
Increasingly there are other reasons for companies to manage on-premise infrastructure and services. Especially in the post-COVID world, where companies have now had a crash course in managing and granting access to a remote workforce, a cloud-first strategy becomes increasingly realistic. Leveraging services continually monitored and patched by the vendors, especially with Government Community Clouds now available, should be the primary go-forward strategy for small and medium-sized businesses.
Security Toolset
The security vendor landscape is still a jumbled mass of products offered by multiple vendors, many of which overlap. Purchasing strategies have swung back and forth like a pendulum in approaches from ‘best of breed’ to a single vendor approach. Wherever your organization is hanging at this point, you must be implementing these essential technologies:
Endpoint Detection and Response
Traditional endpoint anti-virus is no longer sufficient for security teams to leverage in their environment. Endpoints are now distributed throughout many geographic locations, and the ‘hard and crunchy outside’ provided by legacy IT infrastructure designs no longer exist as employees work from home en-mass. Security analysts must have the capability not only to see alerts from signatures but also to investigate anomalous activity while potentially needing to isolate the host to prevent the threat actor from doing additional damage or exfiltrating damage.
Security Information and Event Management (SIEM)
Data is critical to determining what is happening in your environment. The purpose of the SIEM is to collect, correlate, and assist with analyzing the massive amounts of data generated by endpoints, network devices, and security tools. As threats emerge, the SIEM becomes one of the primary tools to determine if those threat indicators exist in your environment. However, the effort that goes into tuning and normalizing the data to be useful, not to mention analyzing the data even after data correlation, is a large lift for many organizations. Not utilizing a SIEM capability can make it very difficult to understand the full scope of attacks you are facing.
CMMC: Understand How It Fits into the Overall IT and Security Strategy
To conclude, companies subject to CMMC should take this time to understand how it fits into the overall IT and Security strategy and not have a myopic focus on just achieving compliance. Recent coordinated hacks are having a significant impact on the operations of many companies. Organizations must leverage new ways of approaching traditional IT challenges that also reduce their overall security exposure.
CyberSheath has long recognized that a large part of IT delivery, things like patching and asset management, are foundational to NIST 800-171 and CMMC compliance, which is why we are offering a force-multiplying solution for Managed IT services. This offering is only available to defense contractors and can be paired with our Security solution to make CMMC and NIST 800-171 compliance a natural outcome of day-to-day operations.