The one constant of cybersecurity is its rate of change. The technology you knew yesterday was acquired, bundled and updated into a consolidated tool that provides the solution for today. That consolidation is inevitable given the breadth of solutions and vendors working to address always-shifting security operations requirements. Not all segments of cybersecurity are responding equally to consolidation though. In particular, a critical segment that is long overdue, the security operations center (SOC), has not undergone its shift—yet.
The Cyber Edge Sponsored
Zero Trust, a strategic security model to “never trust, always verify,” centers on preventing successful breaches by eliminating the whole concept of trust from an organization’s digital environment; instead, everything must be proven.
For decades, Type 1 has been the National Security Agency’s most prized cybersecurity designation, describing technology that can effectively keep the nation’s most classified information under lock and key.
Recent years, however, have seen the growth of NSA’s Commercial Solutions for Classified (CSfC) program, which offers an alternative to Type 1 products.
With these two competing options, it is important to understand what the difference between Type 1 and CSfC really is and which one is best for your use case.
Below, we’ll discuss everything you need to know about both NSA Type 1 and the CSfC program.
What Is NSA Type 1 Equipment?
Defense Industrial Base (DIB) supply chain cyber attacks are more widespread than ever due to multiple vulnerabilities. Government agencies require complete assurance that all entry points to their networks are fully secured. Meanwhile, supply chain vendors struggle with the quandary of how to ensure robust security without large investment dollars and without compromising daily operations.
The DoD Agency Secures Its Supply Chain case study is your comprehensive resource for identifying weaknesses within the supply chain and selecting the best solutions to keep your organization’s data secure.
There was massive technological growth in 2018; things like artificial intelligence and blockchain have gained much support recently. IT departments often enable improved efficiency and security in their organizations by adopting emerging technologies, but that's only if they have the freedom to do so. A few years ago, IT had very less influence over business decisions, but now times are changing: IT is gaining an increased role in business decisions with implementation of cloud computing, data centres and enterprise mobility.
Hypersonic flight introduces fundamental changes to the way today’s missiles operate. Cruise missiles fly and maneuver within the atmosphere across a range of altitudes, but at speeds barely reaching Mach 1. Ballistic missiles have speeds of up to Mach 9 during re-entry from space but their trajectory is fixed. Vastly faster than cruise missiles, yet following an unpredictable and adjustable flight path, hypersonic missiles are a unique threat.
For military intelligent sensor systems constrained by size, weight and power (SWaP), custom microelectronic processing devices using advanced 3D packaging and thermal management are the only solution for success.
Deception changes the asymmetry against attackers with attractive traps and lures designed to deceive and detect attackers. Providing an active defense for early detection, forensics, and automated incident response to in-network threats is a must. The ThreatDefend™ Platform provides accurate threat detection within user networks, data centers, clouds, and specialized attack surfaces. The portfolio includes expansive network, endpoint, application, and data deceptions that misdirect and reveal attacks from all threat vectors. Advanced machine-learning makes deployment and operations simple to operate for organizations of all sizes.
As the need for more sensor processing and embedded security continues to grow in defense applications such as unmanned systems and munitions, the footprint for these mission-critical systems continues to shrink. A fundamental shift in microelectronics design and packaging is required to address the needs of the modern threat environment where non-invasive attacks are imminent.
Today’s government missions and challenges are more complex and larger in scale than ever before, and they require informed, data-driven solutions, approaches and insights. DoD must be able to tap into the power of data to solve mission challenges, realize new degrees of operational efﬁciency and remain relevant in an information-rich world.
Recent initiatives by the National Security Agency (NSA) have enabled alternatives to Type 1 security solutions by leveraging commercial technologies in a layered approach, thus saving time and money for classified programs. The Commercial Solutions for Classified (CSfC) Program provides solution level specifications called Capability Packages (CP) to deliver data security solutions using approved components from leaders in commercial technology. In the Data at Rest CP data protection can be accomplished by integrating an inner and outer layer of hardware and software encryption where a self-encrypting solid state drive is the inner layer and either a file encryption or software full disk encryption solution would be the outer layer.
Your endpoints don’t just live within the safety of your corporate network—they’re out in the wild exposed to millions of new threats every day. With non-malware attacks on the rise that are even harder to detect than traditional malware, security professionals are realizing it is no longer a matter of if they will be breached, but when.
As you are probably aware, there was a new interesting phishing attack that started in May.
“The vulnerability was exposed for only about one hour, and a spokesperson told NBC News that it affected “fewer than 0.1 percent of Gmail users” — which would still be about 1 million.”
In a nutshell the attack worked like this:
You receive a link from one of your contacts sharing out a Google doc.
As Carbon Black’s national security strategist, Eric O’Neill is a thought leader on a wide range of issues, including counter terrorism and national security matters. He is a practicing attorney who specializes in cybersecurity vulnerability assessments, counterintelligence and counter terrorism operations, investigations into economic espionage, internal investigations and security risk assessment consulting.
Increasingly, cyberattackers have been leveraging “non-malware” attack methods to target vulnerable organizations. Recently, the Carbon Black Threat Research Team was alerted about such an attack by a partner’s incident response (IR) team. The attack ultimately compromised accounts and stole research and intellectual property.
In this specific attack, a malicious Excel document was used to create a PowerShell script, which then used the Domain Name System (DNS) to communicate with an Internet Command and Control (C2) server.
This attack method prompts three key questions for organizations looking to defend themselves against non-malware attacks, namely:
For all the talk about how hard it is to crack the cybersecurity code, what if the dialogue shifted?
What if technologists were given the right economic incentives to solve the problem? What if, instead of droning on about poor cyber hygiene practices, users weren’t treated like they are the problem but the solution?
The AFCEA Cyber Committee, which is made up of more than 40 experts in the field, has released a white paper identifying key concerns in the cyber realm and offering recommendations for the incoming administration.
The report, Key Cyber Issues and Recommendations: A Way Forward, identifies three needs in the cyber arena. The first is that the United States must approach cyber in a strategic and international context that incorporates diplomatic, information, military and economic elements of national power.
Better cooperation and enhanced information sharing between the government and industry will go a long way toward safeguarding digital networks and building up the work force needed to protect the information infrastructure. These are some of the recommendations offered by the nonpartisan Commission on Enhancing National Cybersecurity in its much-anticipated report released this month.