Using PCAP in Federal Government to Improve Cybersecurity

The chances of every company and organization having a data breach in the future is growing towards 100%. A not so tasty example is when Magecart hackers targeted the NutriBullet website last year. Even IT firms are being hit – including SolarWinds and Malwarebytes.

The guest article below explains how your federal agency – or any organization for that matter can implement PCAP to assist in keeping your organization secure and/or becoming aware of what hackers did, after the fact.

Author: Mark Zeller, Chief Revenue Officer, Axellio

Mark Zeller, Chief Revenue Officer, Axellio

Nation-states and cyber-criminal organizations are mounting continuous attacks on US government, military, and commercial enterprises, in efforts to capture confidential information, interrupt business operations, steal classified documents or intellectual property, or demand ransom after encrypting essential data. Wikipedia has its own website on “2020 United States federal government data breach”, listing almost every federal department but also state and local governments, that have been impacted by cyber-attacks. Schools have been particularly hard hit by ransomware attacks, based on an advisory from the FBI as they have shifted to remote classes during the pandemic.

For organizations experiencing data breaches, the consequences are considerable. IBM in a 2020 research report said that over 25,000 data records are stolen with the average data breach, costing the targeted company as much as $8.64M per breach in the United States. And it takes on average a staggering 280 days between identifying and containing a data breach, giving adversaries plenty of time to explore.

As bad as this problem is today, the trajectory is even worse. Therefore, all organizations, whether government, defense, or commercial, need to be more vigilant and address the issue that determined and well-funded threat actors will breach their perimeter defense.  It is not a question of if, but when, especially for those organizations that host personally identifiable information or infrastructure data, which includes most government departments.

Perimeter defense is great to shield against known attacks through data signature analysis trying to enter the internal network. But once a threat actor has entered the environment, additional approaches are needed. Network traffic capture analysis (also known as packet capture or PCAP) within the network boundaries, also called east-west traffic analysis, is essential to identify unusual behavior in the network and threats moving laterally from user to user, or across server and storage infrastructure. Furthermore, packets are immutable, unlike logs, which security tools commonly rely on to look at incidents. If an intrusion occurs, an agency can research the packets to pinpoint where and when the problem happened. The packets also show whether the intrusion came from an internal or external location, which supports the growing zero-trust security approach.

Requests for information and proposals involving full PCAP are growing. Last year, the Department of Homeland Security’s Enterprise Security Operations Center requested vendors to provide insight into next-generation full PCAP solutions, stating it considered “Full Packet Capture a cornerstone of the cybersecurity visibility stack enabling analysts to perform investigation analysis while also satisfying DHS security requirements.” The State Department’s Bureau of Diplomatic Security issued a request for quotes for upgrading its full PCAP capability, requiring solutions to capture 100% of all network packets traversing the department’s network.

With equipment costs coming down, the ability to capture and store packets is more accessible for many agencies.  Fortunately, many government departments seem to understand the value that full PCAP offers, and are looking to integrate this technology into their networks.  Their IT systems will be more secure as a result.   


Rich Tehrani is CEO of RT Advisors and a Registered Representative with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). RT Advisors is not owned by Four Points.

Rich Tehrani may potentially be in discussions with any companies mentioned above regarding investment banking services such as funding, M&A, SPAC merger, IPO, etc.

The above information was strictly a technical/business news article/review regarding the company(ies) mentioned. The information contained should not be considered and is not a recommendation to invest in or sell short the securities of the underlying company(ies).


 

Share via
Copy link
Powered by Social Snap