Focus on Security Fundamentals — You’ve Got This!

As you’ve likely heard by now, the White House released a statement on Monday, March 21, citing intelligence reports indicating “… that the Russian government is exploring options for potential cyber-attacks.” Paired with that statement, the White House issued a comprehensive list of steps organizations should undertake to improve their cybersecurity posture.

As I reviewed the list, I couldn’t help but think of legendary basketball coach John Wooden. It’s March and the NCAA college basketball tournament known as March Madness is in full swing. Wooden was famous for his coaching, which emphasized the importance of practicing and mastering the fundamentals. His quote, “I believe in the basics: attention to, and perfection of, tiny details that might be commonly overlooked,” underscores this concept.  

Practicing the basics is important, and as cybersecurity professionals, we understand the criticality of practicing cybersecurity fundamentals. These include strategies like implementing multifactor authentication, having reliable backups, and emergency planning. These are the tips we share with our friends, family, and colleagues. Frankly, they’re probably tired of hearing us repeat these after every high-profile data breach or cyberattack. These practices are fundamental for a reason — they underpin a sound, proactive cybersecurity posture.

Let’s deep dive into three such recommendations issued by the White House:

White House Recommendation #1

“Deploy modern security tools on your computers and devices to continuously look for and mitigate threats.”

Firewalls, EDR, and SIEMs are the first line of defense that most security teams think of, but these tools lack the ability to detect malicious activity at the network level. As networks become more complex, with a mix of private and public cloud and on-premises environments, you also need tools that give your security and network teams deep observability across this infrastructure.

Network detection and response (NDR) and visibility fabric address that visibility gap. When researching NDR solutions, look for solutions that provide historical network traffic visibility. This is especially helpful as attackers’ dwell time on networks averages 280 days, or nearly 9 months. Pairing your NDR with a visibility solution helps ensure your network and security teams are maximizing their ability to detect threats and defend your network against modern attacks.

Gigamon solution: Gigamon ThreatINSIGHT™ Guided-SaaS NDR

Gigamon solution: Hawk Deep Observability Pipeline

White House Recommendation #2

“Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack.”

While traditional defense tools are necessary for an organization to prevent common malware infections, they often fall short in detecting and preventing more advanced and persistent adversaries — a risk that organizations of all sizes increasingly face. The addition of a threat-hunting program creates an umbrella over the first-line defenses to both improve and supplement those capabilities, detecting otherwise unidentified adversaries.  

When evaluating security solutions, look for tools that provide guided playbooks that allow your investigators to identify attackers based on real-world behaviors, with just a few mouse clicks.

It’s a bonus if the tool allows for parallel investigatory capabilities that help coordinate threat hunting and investigation efforts across worldwide teams.

Gigamon solution: Gigamon ThreatINSIGHT Guided-SaaS NDR

White House Recommendation #3

“Encrypt your data so it cannot be used if it is stolen.”

Encrypting your data at rest is critical, but something just as important is encrypting your data in-motion. Cybercriminals know this and do the same thing – so you need visibility to inspect their behaviors too.

SSL decryption is critical to securing today’s enterprise networks due to the significant growth in applications and services using encrypted traffic. Cybercriminals increasingly use SSL/TLS sessions to hide, confident that security tools will neither inspect nor block their traffic. When that happens, SSL/TLS sessions can become a liability, inadvertently camouflaging malicious traffic. In other words, the very technology that makes the internet secure can become a nefarious threat vector.

Enabling SSL decryption uses the root certificate on client machines, acting as certificate authority for SSL requests. This process makes it possible for SSL decryption to decrypt, perform a detailed inspection, and then re-encrypt SSL traffic before sending it off to its destination. This ensures that only authorized SSL traffic is entering the network and that malware hidden in SSL/TLS sessions is exposed and dealt with during SSL decryption.

To meet the diverse needs of your organization, look for solutions that support both inline/man-in-the-middle and passive/out-of-band decryption of SSL/TLS.

Gigamon solution: SSL/TLS Decryption

They’re “Best Practices” for a Reason

The White House statement’s comprehensive list of recommendations echoes best practices (fundamentals) that have been repeated throughout the cybersecurity industry and are foundational to maintaining a proactive security practice. What differentiates this announcement is the sense of urgency around the potential for threats perpetrated by Russia and Russia-based threat actors.

As an industry, we’ve been beating the steady drum for organizations to implement these best practices for over a decade. But given the heightened state of public awareness and perception of higher stakes, it’s easy to get overwhelmed by the volume of information or by questions from armchair experts. It’s often difficult to be the voice of reason in the room pushing back against a sea of buzzword-spewing folks spreading fear, uncertainty, and doubt. Take a breath and lean back into your experience and trusted practices and solutions.

These concepts don’t always account for an organization’s ability to rapidly adopt and implement complex, advanced security frameworks. Implementation takes time. Unfortunately, the reality for many industries is they lack the maturity or resources to succeed. Gigamon is no stranger to publishing guidance in line with White House recommendations and executive orders. My colleagues, Joe Slowik, Darshan Shah, and Orlie Yaniv, published recent blog posts that underscore the concepts, including the need for a Zero Trust architecture and foundational network visibility.

Vendors tend to focus on “the latest and greatest,” when organizations would be better served focusing on fundamentals to improve their security posture. This White House statement attests to that fact, and Gigamon has proven to be a valuable partner for organizations looking to improve their security posture by providing deep observability through network-level intelligence.