A Cybersecurity and Infrastructure Security Agency official told attendees at the Red Hat Government Symposium that the agency’s efforts to improve security threat hunting within Federal government networks rely on speeding threat data to end users who can best use it.
“CISA has been making a lot efforts to kind of pull out intelligence and push it out to the end users – to do a layered approach to defense is to give you more information,” said Ken Bailey, Section Chief for Capabilities, Data, and Integration in CISA’s Threat Hunting Division.
Bailey also talked about CISA’s emphasis on spreading the word on weaknesses that the agency already knows are being exploited by attackers.
“We have a program called ‘exploited vulnerabilities,’ which is updated sometimes weekly,” stated Bailey.
“So if you’re in the business of running firewalls or other systems and you’re copying and pasting block lists and other things, this helps focus your efforts greatly on the threat hunting side,” he said. “The name of the game for us is getting our analysts working on your problem quicker,” he said.
Bailey further explained that the traditional kits that have been employed to help with threat detection have been going through some changes to avoid physical delivery, and instead take advantage of cloud-based access.
“The traditional kit that we employ – and we still have these kits around in very large Pelican cases for the equipment – … requires a freight shipment to arrive on site,” Bailey said. “Anybody that’s involved with government procurement, knows that I cannot procure freight very quickly.”
“So what we’ve been working on is leveraging cloud to take parts of the kit that do not really need to be on location, and just deploying sensors so we can stream back to either the network I run in Virginia or into one of our cloud environments,” the CISA official said.