Answering the Executive Order with Cyber Resilience

Co-written with Jason Burosh

As noted previously, President Biden recently signed an Executive Order to improve America's cybersecurity in the wake of major cyberattacks, such as SolarWinds.

Although this Executive Order only applies to the federal government and federal government systems. It can also be applied to thousands of government contractors that provide IT goods and services to the US government.

The first two sections highlight the need to prioritize detection and response capabilities while sharing threat intelligence. To summarize:

Section 1 of the Executive Order covers the Administration’s policy that the prevention, detection, assessment and remediation of cyber incidents is a top priority and essential to national and economic security. You can read more here.

Section 2 discusses the need to share threat information about the incidents they suffer with the federal government, as well as collect and preserve data that could aid threat detection, investigation and response, highligted by:

“The Executive Order ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information. IT providers are often hesitant or unable to voluntarily share information about a compromise. Sometimes this can be due to contractual obligations; in other cases, providers simply may be hesitant to share information about their own security breaches. Removing any contractual barriers and requiring providers to share breach information that could impact Government networks is necessary to enable more effective defenses of Federal departments, and to improve the Nation's cybersecurity as a whole.”

You can find out more info by reading the FACT SHEET

The Paradigm Shift

Historically, organizations have not shared threat information from the incidents they've suffered.

Why? No organization wants to share bad news, especially when it comes to their cybersecurity capabilities. They risk damaging their reputation, losing their customers' trust, and making it seem like they wasted money on their current cybersecurity tools if they share information about incidents that they have suffered.

With this Executive Order, the federal government is creating a central authority to collect this threat information and share it publicly. But this approach will work only if organizations step up and rapidly share their incident information.

Before we share information as an industry, organizations need to break down their own silos as well.

Most enterprises have dozens of cybersecurity tools deployed and access to mass volumes of related information. Despite this, many continue to fall victim to attackers who have figured out how to slip through holes that disparate systems and siloed data leave open. By breaking barriers between security information silos and functions, organizations can unify key processes and close significant gaps between detection and response capabilities. To eliminate barriers and build bridges, organizations need to focus on joining threat intelligence and defensive operations internally to effectively share what's needed to win the war against cyber attackers.

Becoming Cyber Resilient

While we have a long way to go until the Executive Order comes into fruition, we at Anomali believe strengthening cybersecurity begins with cyber resilience.

To achieve a state of resilience, organizations need to elevate their security posture by taking a holistic approach to cybersecurity with a security strategy that includes global, actionable intelligence that provides:

• Relevant Intelligence at Scale
• Precision Attack Detection
• Optimized Response across Security Ecosystems

Relevant Intelligence at Scale

The cost of intelligence, insufficient team skills to cultivate relevancy, and the inability to operationalize are some of the reasons why security strategies lack this critical capability.

Anomali takes intelligence and makes it relevant to what matters, giving CISOs the power to monitor global cybersecurity risks, detect potential attacks and perform investigations required to determine gaps in security coverage. Anomali provides relevant intelligence at scale that:

• Access to global threat intelligence knowledge at your fingertips, identify new and known threats, and understand if you’ve been impacted – in seconds.
• Leverages machine learning and automation to score and prioritize active threat intelligence
• Eliminates false positives and expired indicators improving efficiency of security teams
• Enables secure collaboration with internal teams, external suppliers, partners, & industry peers
• Provides increased visibility to monitor global trends to identify relevant cybersecurity risks

Precision Attack Detection

When it comes to detecting threats, the accuracy of the intelligence used in the detection process is critical. If the detection model is riddled with false positives, detection alerts are useless.

Anomali’s threat detection capabilities are fueled by constantly curated global intelligence that help prioritize and operationalize relevant threats at scale. This provides analysts with the data required to investigate the root cause of an attack and enables them to immediately respond. Anomali provides precision attack detection that:

• Machine learning that eliminates redundant data and reduces costly false positives that send security teams in the wrong direction
• Integrated big data management that allows organizations to leverage threat intelligence at scale to quickly understand the historical impact of new threat intelligence in their environment
• Continuously evolves with the ever-changing global threat landscape to help accurately detect threats with pinpoint precision
• Integrates automated enrichments that increase the fidelity of intelligence to deliver more accurate detection of threats in an environment
• Provides a seamless workflow of human created and automated investigation between Security Operations, Threat Intelligence, and Incident Response functions to increase the accuracy of threat detection and response efforts

Optimized Response across Security Ecosystems

When under attack, security teams need to make decisions fast. Anomali allows security teams to effectively respond to attacks by giving them the tools and actionable intelligence needed to make informed decisions. Anomali helps provide an optimized response for security teams by:

• Providing relevant global intelligence at their fingertips to make quick informed decisions
• Enabling visualization of threat actor trends, attack activity, and relevance that enable analysts to prioritize investigations and effectively respond
• Automating response that enhances security posture after an identified breach and helps protect from future attacks

Anomali helps organizations achieve cyber resilience. We are committed to helping the federal government, its agencies and its suppliers become cyber resilient to meet the objectives of the Executive Order, and beyond, to defend against today’s sophisticated cyber threats.

To find out how we can help you understand and meet the needs of the Executive Order, download our white paper “Executive Order on Improving the Nation’s Cybersecurity”.