Western governments are on high alert for the potential of Russian state-sponsored cyberattacks in the wake of devastating economic sanctions imposed on Russia for its invasion of Ukraine.
|The situation comes just months after the U.K. government released its new cybersecurity strategy, which focuses on hardening critical government functions and making all U.K.-based organisations more resilient to cyberattacks.
This is the first instalment of a blog series, in which we will outline how our partner Cybereason XDR maps to each of the five objectives contained in the U.K. Government Cybersecurity Strategy for 2022-2030.
The first objective that we will focus on is Managing Cyber Risk. Cybereason XDR supports all 8 capability outcomes for managing cyber risk contained in the U.K. cybersecurity strategy.
GOVERNMENT HAS ESTABLISHED GOVERNANCE ARRANGEMENTS WITH CLEAR ACCOUNTABILITY ENABLING EFFECTIVE MANAGEMENT OF CYBER RISKS AT ALL LEVELS
AI-driven Cybereason XDR powered by Google Cloud combines the Cybereason MalOp™, which analyzes more than 23 trillion security events per week to deliver instant detection and response, with Google Cloud’s unrivaled ability to ingest and normalize petabytes of data from the entire IT environment for planetary-scale protection.
This instant detection and response capability empowers risk owners to clearly understand what threats might be in their environment, and easily communicate that to any stakeholder.
In addition, Cybereason provides Cyber Posture Assessments that enable an organization to gain complete visibility of their attack surface, identify key gaps, and have a continuous and sustainable process for strengthening their IT hygiene. These assessments provide owners of risk confidence that all due diligence has been done and that they can communicate risk to the business accurately.
From examining configured operating systems to identifying the misconfiguration of services, browsing, applications, password management policy, and many additional indicators – the Cyber Posture Assessment arms your team with a complete, organization-wide view.
GOVERNMENT HAS COMPREHENSIVE VISIBILITY AND UNDERSTANDING OF DIGITAL ASSETS TO MANAGE VULNERABILITIES AND THE RISKS THEY PRESENT
Asset Management requires continuous checks of what systems, hardware, and software (including those provided by suppliers), are within an environment such that potential threats to these assets can be managed. This parallels Zero Trust, a framework that the U.S. Government is looking to implement as well.
The top challenges to establishing Zero Trust environments are similar to the challenges that government agencies and private enterprises face in modernizing as a whole: Complexity of the IT environment; interdependency of existing technologies; and limited budget and staff resources.
AI-driven Cybereason XDR is designed to enable organizations to maintain a Zero Trust framework. There are five core pillars of Zero Trust which Cybereason XDR continuously monitors — device, identity, network, application workload, and data.
GOVERNMENT HAS COMPREHENSIVE VISIBILITY OF THE DATA IT HANDLES AND SHARES SO THAT IT CAN APPROPRIATELY ASSESS AND RESPOND TO THE RISKS IT PRESENTS
Cybereason addresses this outcome in two ways. One is our Extended Detection and Response (XDR) solution, which provides visibility across all assets in an environment and generates visual attack analysis called MalOps (malicious operations) that are presented in order of priority and risk and deliver the full scope of the attack from root cause.
The second way is through our managed services, in which we offer Extended Response (XR) capabilities. Reducing the time between when an attacker first infiltrates your environment and when you’re able to detect and respond to it (dwell time) becomes increasingly important for more critical threats (such as ransomware).
We address this with our MalOp Severity Score, which looks at a malicious operation and gives it a risk score based on your specific environment and needs. Our XR then automatically begins triage and remediation for threats with a ‘high’ or ‘critical’ MalOp Severity Score.
GOVERNMENT UNDERSTANDS AND MANAGES RISKS EMANATING FROM COMMERCIAL SUPPLIERS
Last year’s ransomware attack against JBS, the largest beef supplier in the world, showed how a cyberattack could be a threat to a nation’s food security. Supply chain attacks reveal to us that we cannot rely on prevention alone, our protection mechanisms must involve detecting and blocking threats that make it past the initial prevention stage.
The Cybereason XDR Platform enables security teams to detect and respond to advanced attacks in an efficient way that provides them an edge against any attackers in their environment.
When the Cybereason platform detects a potentially malicious operation that wasn’t stopped by the initial prevention mechanisms, the platform gathers the information about this malicious operation in a single unified view via a MalOp Detection. This mechanism has proved to be an effective defense against previous supply chain attacks, including the SolarWinds attacks.
GOVERNMENT UNDERSTANDS THE THREAT IT FACES RELATIVE TO ITS FUNCTIONS IN ORDER TO PLAN APPROPRIATE MITIGATIONS, AT BOTH AN ORGANIZATIONAL AND CROSS-GOVERNMENTAL LEVEL
Using Cybereason XDR also means enjoying a partnership with the Cybereason Nocturnus Research Team. Nocturnus is uniquely positioned to ensure defenders are always receiving best-in-class intelligence and 24 X 7 customer support.
Our analysts bring the world’s brightest minds from the military, government intelligence, and enterprise security to uncover emerging threats across the globe. They’ve uncovered large-scale operations such as DeadRinger and have created attack vaccines such as the one for NotPetya. The Nocturnus Team uncovers malicious operations, new attack methodologies, and exploitable vulnerabilities so defenders can be prepared.
GOVERNMENT ORGANIZATIONS HAVE TIMELY ACCESS TO RELEVANT AND ACTIONABLE CYBER SECURITY DATA THAT ENHANCES THEIR ABILITY TO MAKE EFFECTIVE RISK MANAGEMENT DECISIONS
With Cybereason XDR, instead of being alerted about individual events, users can instantly understand the entire attack progression across every device, user identity, application, and cloud deployment to end attacks immediately.
This provides not only comprehensive visibility and understanding of all digital assets in an environment but also the context around the over-arching malicious operation — enabling understanding of the cybersecurity risk presented by any exploited vulnerabilities.
GOVERNMENT CYBER SECURITY ASSURANCE PROVIDES GOVERNMENT WITH THE VISIBILITY IT NEEDS TO MAKE EFFECTIVE DECISIONS AND THE CONFIDENCE THAT IT HAS APPROPRIATE CYBERSECURITY MEASURES IN PLACE TO MANAGE THE RISKS TO ITS FUNCTIONS
Confidence in having the appropriate cybersecurity measures in place is a major part of risk assessment. Assets that may have lower levels of confidence, or extremely high levels of priority, can warrant more time and resources than other assets. This helps to optimize the security operations of an organization.
Cybereason provides Cyber Posture Assessments that enable an organization to gain complete visibility of their attack surface, identify key gaps, and have a continuous and sustainable process for strengthening their IT hygiene.
STRATEGIC PARTNERSHIPS WITH THE PRIVATE SECTOR AND INTERNATIONAL PARTNERS ARE FURTHER EMBEDDED TO ENHANCE PROACTIVE DEFENSE AT A GLOBAL SCALE
This is where the Cybereason Nocturnus team can serve as a strategic partner for the U.K. Government. As a global company, Cybereason collects threat intelligence and conducts active research and development all over the world. The Nocturnus Team uncovers malicious operations, new attack methodologies, and exploitable vulnerabilities so defenders can be prepared, bringing critical actionable security research to the public sector.
activereach and Cybereason are dedicated to teaming with Defenders to end attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Schedule a demo today to learn how your organization can benefit from an operation-centric approach to security or call the team on 0845 625 9025
This blog was written and published by Karishma Asthana of Cybereason in March 2022.