Federal agencies are currently at a critical inflection point as they seek to modernize their IT architectures and cyber tools to better meet the ever-evolving threats to the nation’s critical data, supply chain, and infrastructure. To be successful, they'll need to expand their efforts beyond mere compliance and implement proactive, preventive security operations with an emphasis on vulnerability management and persistent threat hunting.
As today’s threat actors become bolder and more sophisticated, government personnel will need access to the most reliable and most current tools, capabilities, and data available. Meeting the mission will require overcoming some significant challenges, but each of these challenges can also be seen as a potential opportunity.
- Barriers to cooperation and visibility. Traditional waterfall-based methodologies for delivering cyber capabilities can often be too siloed and inflexible to meet evolving threats. Agencies should take full advantage of this transition period to adopt advanced methodologies such as the Scale Agile Framework (SAFe®) that are far more adaptable. Stakeholders and end users should be engaged as early as possible in the development process, and teams, such as operations and maintenance (O&M), should be given all the information and other resources necessary to effectively deploy, operate, and troubleshoot the tools that are developed.
- Need to accommodate new data types. Historically, sensor data has been collected largely from physical, on-premises locations where agencies connect to the internet, but data and processing are increasingly being shifted to the cloud. In addition, perimeter data is not as effective for identifying threat actors that are already inside of the environment. Hence, agencies will need to expand their ability to capture and enrich data from the cloud as well as from endpoint detection and response tools that sit on the endpoints to intelligently correlate the data and make it available to analysts.
- Shift to hybrid and multicloud. The move to the cloud offers compelling benefits, including reduced infrastructure costs and effort, and on-demand compute power to perform analytics. As agencies shift to a hybrid and multicloud architecture, they should take the opportunity to ensure that operators and analysts upskill to be able to manage the new applications and cloud-based solutions that form the foundation of an effective modernized threat-hunt solution.
To meet these challenges, federal agencies—including the Cybersecurity and Infrastructure Security Agency (CISA), with its central role in protecting networks and data across the government IT ecosystem—will need the support of a highly flexible and integrated team of teams, with an extensive cyber background, that can develop and deliver capabilities in record time. Booz Allen is an integrator with a deep understanding of every aspect of the cybersecurity mission, from threat hunting and vulnerability assessments to enterprise-scale data management and analytics.