SLTT Organizations and the Defense-in-Depth Strategy
Defense-in-depth applies layers of controls and mitigations to systems and networks, providing redundancy and reducing the likelihood of a successful cyberattack or a single point of failure. Many U.S. State, Local, Tribal and Territorial (SLTT) organization networks are already protected by cybersecurity technologies. But while technology plays an important role in protecting SLTTs, it is only one layer of the defense-in-depth strategy. Simply stated, technology alone isn’t enough.
3 Benefits to SLTTs that Adopt a Defense-in-Depth Strategy
A defense-in-depth strategy protects the confidentiality, integrity, and availability of the network and the data within. It is beneficial to adopt this strategy because it:
- Ensures network security is redundant, preventing any single point of failure.
- Significantly increases the time and complexity required to successfully compromise a network.
- Provides many hurdles a cyber threat actor must overcome. Most cyberattacks are opportunistic, meaning cyber threat actors take the path of least resistance. Unless your organization is the specific target, they will move on to less mature organizations that haven’t implemented a defense-in-depth strategy.
While no individual mitigation can stop all cyber threats, the systems in a defense-in-depth strategy provide protection against a wide variety of threats while incorporating redundancy in the event one mechanism fails. When successful, this approach significantly bolsters network security against many attack vectors.
The Challenge SLTTs Face with Defense-in-Depth Implementation
A defense-in-depth strategy requires a wide range of security best practices, tools, and policies that strengthen an organization’s security posture. Some of these tools include firewalls, an intrusion detection system (IDS) or intrusion prevention system (IPS), endpoint detection and response (EDR) software, and more.
While government organizations recognize the importance of incorporating crucial mechanisms to enhance their cybersecurity, time and resources are always a challenge. Obtaining services from outside sources may be necessary in order to build a strong cybersecurity program.
For example, U.S. SLTTs can join the Multi-State Information Sharing and Analysis Center (MS-ISAC) at no cost. The MS-ISAC is designated by DHS as the cybersecurity ISAC for state, local, tribal, and territorial (SLTT) governments. It provides services and information sharing that significantly enhances SLTT governments’ ability to prevent, protect against, respond to and recover from cyberattacks and compromises.
CIS Endpoint Security Services (ESS) Offers Protection and Response
CIS Endpoint Security Services provides an additional layer of cybersecurity protection by deploying directly on devices like workstations and servers. The service offers device-level protection and response to strengthen an organization’s cybersecurity program and provides active defense against both known (signature-based) and unknown (behavioral-based) malicious activity. The service can stop an attack in its tracks upon identifying a threat on an endpoint, regardless of the network it is connected to, taking an active role in mitigating and remediating malware affecting an organization’s devices by killing or quarantining files.
Managed Security Services (MSS) to Support Defense-in-Depth
CIS, in partnership with Accenture, provides Managed Security Services (MSS) to help U.S. SLTT organizations improve their cybersecurity. These services monitor SLTT devices for signs of malicious or anomalous activity, eliminate false positives, and escalate only actionable items as an alert. This alleviates alert and log fatigue by filtering out all of the false positives and only “alert” on what is impactful. The elimination of false positives saves an organization time and effort in reviewing potential threats. As a result, organizations spend more time focused on their core mission and less time worrying about cybersecurity.
Benefits of MSS from CIS include:
- Access to the 24x7x365 Security Operations Center (SOC) for questions and support
- A customized Log Collection Platform (LCP) built with CIS and Accenture
- Reports and analysis done by expert analysts using cyber threat intelligence specifically focused on SLTTs, providing details of all incidents for the previous month, and statistics on data such as events, incidents, and a review of the total volume of monitored traffic
- Access to the Accenture portal, which provides visibility into security events
MSS provides a valuable expansion of insight, saves time and resources for government organizations, and alleviates information fatigue, all while supporting a defense-in-depth strategy.