It’s said that the best defense is a good offense. But in cyber, you have to have the best defense, the best offense and the best visibility. If you don’t have visibility into attacks as they’re occurring, you’ll always be one step behind the attacker. While the public sector is by no means alone in this, a new report from KPMG and the International Information System Security Certification Consortium (IISSC) found the majority of federal cyber officials surveyed don’t believe the federal government can detect cyber attacks while they’re occurring. According to the report, summarized by Bloomberg, 65 percent of cybersecurity officials from DoD, civilian and intelligence agencies “disagreed with the idea that the federal government as a whole can detect cyberattacks while they’re happening.”
Detection is one of the three pillars of what we call the threat defense lifecycle: protection, detection and correction. Government agencies should have the systems and processes in place to effectively block threats (protect), identify compromises (detect) and expedite remediation (correct). If you’re missing one piece of this trilogy, you’re at a disadvantage.
But it’s hard to do it all – especially if you’re trying to stitch together a slew of point solutions and make them work harmoniously. So what’s the answer? Automation can help, as can a unified security platform that allows control and visibility across all environments – on premises, in the cloud or in a hybrid situation. Further automating the detection process would make identification of dangerous cyber threats more accurate and free up cybersecurity staff to address the most serious threats that do occur.
Beyond its findings about the government, the report highlights the importance of visibility and threat detection. That’s a key part of the threat defense lifecycle: ensuring that an organization can protect, detect and correct what’s coming at it – relying on automation where appropriate and making the best use of human and technical resources.