Federal Cybersecurity Sprint: Deploy and Scan for Threat Indicators

Federal CIO Tony Scott’s 30-day Cybersecurity Sprint in July called on government agencies to make substantive progress in four areas:

  • Deploy DHS threat indicators to scan systems and logs
  • Patch critical vulnerabilities without delay. 
  • Tighten policies and practices for privileged users. 
  • Dramatically accelerate implementation of multi-factor authentication, especially for privileged users.

When the sprint was completed, agencies did report significant gains in meeting these objectives. But as the CIO blogged, “…we still have more work to do.  The work of addressing cyber risks is never done.”

The sprint was just a small segment of a marathon, and Quest is pleased to be able to help our customers keep running, with the equivalent of a fresh water bottle, a clean towel, or an energy bar. In October, National Cybersecurity Awareness Month, I’m hosting a four-part webcast series to help you follow up on the July Sprint. These weekly, half-hour webinars will focus on each of the sprint directives and tell you about Quest solutions that will help you continue to make real, substantive progress toward meeting them.

We’ll begin with the first directive:

“…Federal agencies must: Immediately deploy indicators provided by DHS regarding priority threat-actor Techniques, Tactics, and Procedures to scan systems and check logs.  Agencies shall inform DHS immediately if indicators return evidence of malicious cyber activity.”

While CIO Scott did mention specific gains for some of the other directives, he said little about progress for this one. That’s not surprising; it’s not a great idea to let bad actors know precisely how much we know about their techniques, tactics and procedures, and how broadly those threat indicators are deployed!

Scanning and checking logs across any large enterprise can be time-consuming and unwieldy, and without an integrated, organization-wide view, getting useful information about what’s going on in a timely fashion is practically impossible without a small army of analysts. That’s where Quest comes in to help you meet this directive.

In our first on-demand webcast, I’ll be joined by Brad Bussie, Principal Security Architect for Quest Federal. Brad is a fifteen year information security veteran with numerous industry certifications, including the CISSP. Brad has spoken at industry events around the globe and helps federal, intel, and DoD customers solve complex security issues.

We’ll discuss Quest solutions like Change Auditor and InTrust, which enable complete, real-time change auditing, user activity tracking and in-depth forensics across the organization. Quest can help you securely collect, store, search and analyze massive amounts of IT data from numerous data sources, systems and devices in one place, reducing complexity and speeding security investigations and compliance audits.

We’ll help you get maximum value out of your up-to-date threat indicators.

Please join us for this introductory webinar – and for the whole Cyber Sprint Continued series.

Anonymous