To modify an old adage, cybersecurity work is never done. At a time when cyber threats are evolving rapidly, a proactive cyber defense strategy is mission critical. In fact, according to a recent report by IBM, each data breach can cost an average of $4.45 million. Of course, not all threats present the same impact level, but one that often goes unnoticed is the insider threat. That’s why an effective cybersecurity posture must include Continuous Monitoring – frequently called ConMon – strategies to protect organizations in any industry.
The fact is that, as cyber criminals continuously improve their tactics, it’s imperative that organizations upgrade their own efforts to outpace them. As their areas of expertise continue to expand, Intuitive Research and Technology Corporation (INTUITIVE®), has committed its own resources to explore and adapting the strategies and technologies available to implement a ConMon approach to cybersecurity for itself and its customers.
“Industry-wide, no one is addressing this topic in the in-depth way INTUITIVE is,” said Blake Stapler, Senior Cyber Engineer at INTUITIVE. “We are investing upfront to prepare ourselves and our customers for the coming paradigm shift. Through self-funded research and development efforts, we can explore possibilities, address potential gaps, assess the impacts of federal and DoD policies, and establish the most effective compliance and risk management framework strategies to implement these policies successfully.”
Building A ConMon Strategy
ConMon allows for the health of a network or environment to be routinely checked so that organizations can better understand their data, make more informed security decisions, respond to potential security incidents, and mitigate cybersecurity threats more effectively. This strategy can provide ongoing visibility into the health and security of an environment, allowing for actions to be taken against potential threats in near real-time.
“There are a number of ways to implement ConMon in a cybersecurity program, but there is no one-size-fits-all solution,” said Dustin Easterling, Cybersecurity Engineer at INTUITIVE. “That’s why we analyze and evaluate various ConMon strategies for the most appropriate implementation to align with our customers’ current situation and requirements.”
Tools available to build out a customized implementation of ConMon include:
-
-
- A Security Information and Event Management (SIEM) application collects and analyzes security data from multiple sources, providing actionable insights into security events. Using a SIEM application to correlate telemetry data helps security teams identify potential threats, enhances situational awareness, and effectively improves incident response capabilities.
- Vulnerability scanners identify weaknesses and misconfigurations within a network. By conducting regular vulnerability scans, organizations can proactively identify and remediate security flaws to reduce the likelihood of compromised systems and successful data breaches.
- Antivirus solutions provide defense against threats that can compromise the integrity and confidentiality of data. Deploying antivirus solutions across endpoints and network gateways allows organizations to detect and quarantine malicious files, preventing them from infecting systems or spreading across the network.
-
Tailoring ConMon Strategies for Different Environments
ConMon strategies can be tailored for different environments. Each network is unique, requiring a customized ConMon strategy to meet the specific cybersecurity requirements of each organization.
-
-
- Cloud-based networks
-
In cloud-based networks, assets and data are distributed across a variety of infrastructures. ConMon ensures that security controls remain effective, and security solutions allow organizations to quickly detect unauthorized external access, anomalous activities, or device misconfigurations that could jeopardize the security – or even the overall integrity – of the network. By integrating vulnerability scanners into the monitoring process, organizations can also identify and shore up security weaknesses to thwart attacks before they occur. Antivirus solutions are also helpful in detecting and mitigating potential threats across cloud-based resources.
-
-
- Air-gapped networks
-
In contrast, offline environments such as air-gapped networks present unique challenges for ConMon. Even though these environments may lack direct connectivity to the Internet or external networks, they are not immune to cyber threats. Malicious actors can still target these environments through physical access, using a willing insider or through supply chain attacks, making ConMon essential for detecting and mitigating risks.
A Broader View through DevSecOps
Many clients – including U.S. government and military projects – require a cybersecurity solution that provides an end-to-end view of every system and their connectivity. Tim Hanlon, Area Manager at INTUITIVE, says that development, security, and operations – known colloquially as DevSecOps – is a methodology that integrates security into all phases of the software development lifecycle.
“Organizations, such as the Department of Defense, adopt this approach to reduce the risk of releasing code with security vulnerabilities,” said Hanlon. “Through collaboration, automation, and clear processes, teams share responsibility for security all along the way, rather than leaving it to the end when issues can be much more difficult and costly to address.”
Within this framework, INTUITIVE’s experience and expertise in model-based systems engineering (MBSE) provides an additional layer of visibility through models and simulations that anticipate potential gaps and vulnerabilities.
Attendees at the National Cyber Summit, scheduled for September 24 to September 26, will be able to see the DevOps experience in action at INTUITIVE’s booth. Their experts will be on-site to demonstrate end products, as well as the number of parts required to create an end product that complies with government requirements. Easterling will also be presenting in-depth on ConMon on Thursday, September 26th, at 3:15PM.
About Intuitive Research and Technology Corporation:
INTUITIVE® is an aerospace engineering and analysis firm headquartered in Huntsville, Alabama that provides production support, software and systems engineering, programmatic support, product development, rapid prototyping, and technology management to the Department of Defense, other State and Federal Government agencies, and commercial companies. Our approach couples the latest technology with engineering expertise, analytical proficiency, and keen managerial oversight. From design through production to sustainment, we proudly provide management and technical solutions throughout all phases of the system’s life cycle.