Security Strategies for Defense Industrial Base Companies

By Brett Powers • March 8, 2021

On the heels of Solarigate and Hafnium, companies are once again evaluating their overall IT and security posture. While ransomware has grabbed much of the attention over the past three years, it’s increasingly obvious nation state-related attacks infiltrating organizations and exfiltrating their data have not faded away. In fact, these efforts have just become more sophisticated and targeted.

Companies that are part of the Defense Industrial Base are being pushed due to requirements around NIST and CMMC, but the details to become compliant often do not give a clear path to being secure. As such, these companies should re-evaluate these two critical things:

  • Cloud Strategy
  • Security Toolset

 

Cloud Strategy

For many smaller companies, it should be clear that the speed that technology changes and the continued exploits of zero-day attacks that on-premise architecture puts IT teams at a considerable disadvantage.  Even with known vulnerabilities, the discipline and effort to consistently apply a patch management strategy has been challenging to apply among a sprawling patchwork of different vendor operating systems and tools. And, ironically, the Solarigate attack targeted the same software that was meant to assist with on-premise monitoring and management.

Increasingly there are other reasons for companies to manage on-premise infrastructure and services. Especially in the post-COVID world, where companies have now had a crash course in managing and granting access to a remote workforce, a cloud-first strategy becomes increasingly realistic. Leveraging services continually monitored and patched by the vendors, especially with Government Community Clouds now available, should be the primary go-forward strategy for small and medium-sized businesses.

 

Security Toolset

The security vendor landscape is still a jumbled mass of products offered by multiple vendors, many of which overlap. Purchasing strategies have swung back and forth like a pendulum in approaches from ‘best of breed’ to a single vendor approach.  Wherever your organization is hanging at this point, you must be implementing these essential technologies:

 

Endpoint Detection and Response

Traditional endpoint anti-virus is no longer sufficient for security teams to leverage in their environment. Endpoints are now distributed throughout many geographic locations, and the ‘hard and crunchy outside’ provided by legacy IT infrastructure designs no longer exist as employees work from home en-mass.  Security analysts must have the capability not only to see alerts from signatures but also to investigate anomalous activity while potentially needing to isolate the host to prevent the threat actor from doing additional damage or exfiltrating damage.

 

Security Information and Event Management (SIEM)

Data is critical to determining what is happening in your environment. The purpose of the SIEM is to collect, correlate, and assist with analyzing the massive amounts of data generated by endpoints, network devices, and security tools.  As threats emerge, the SIEM becomes one of the primary tools to determine if those threat indicators exist in your environment. However, the effort that goes into tuning and normalizing the data to be useful, not to mention analyzing the data even after data correlation, is a large lift for many organizations.  Not utilizing a SIEM capability can make it very difficult to understand the full scope of attacks you are facing.

 

CMMC: Understand How It Fits into the Overall IT and Security Strategy

To conclude, companies subject to CMMC should take this time to understand how it fits into the overall IT and Security strategy and not have a myopic focus on just achieving compliance. Recent coordinated hacks are having a significant impact on the operations of many companies.  Organizations must leverage new ways of approaching traditional IT challenges that also reduce their overall security exposure.

CyberSheath has long recognized that a large part of IT delivery, things like patching and asset management, are foundational to NIST 800-171 and CMMC compliance, which is why we are offering a force-multiplying solution for Managed IT services. This offering is only available to defense contractors and can be paired with our Security solution to make CMMC and NIST 800-171 compliance a natural outcome of day-to-day operations.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC - How It Started. How It's Going. Join Us for a Live Webinar April 21, 2021 at 12:00 pm EST.