The Reality of Continuous Monitoring…Is Your Agency Secure?

Editor’s Note: Listen to the complete discussion on Federal News Radio here.

From: FederalNewsRadio.com

Is your agency coping with identifying and protecting against the constant  barrage of sophisticated cyber threats, while at the same time, trying to improve  your FISMA scores?

From reduced resources (budget, manpower and unified vision), to lack of an  automated risk mitigation capabilities, these factors continue to impact civilian  agency FISMA scores. WTOP brings together a panel of network security experts to  explore the challenges civilian agencies face in dealing with critical cyber  security concerns, and discuss how to coordinate defenses, leverage advanced tools  and take advantage of CDM programs to help agencies tackle these issues.


NIST, DHS push security automation to the next stage

From: GCN

By William Jackson

An emerging area in network security is automation, using various tools to monitor systems and network traffic for signs of trouble. Automation can handle tasks that otherwise would have to be done by IT staff members, who are then freed up for other tasks.


Can automated security put agencies a step ahead of the hackers?
A growing number of products can help automate IT security; Nevada’s DOT found they can help in other areas, too. Read more.



IG: DHS Does Not Track Security Training of System Administrator Contractors

From: Nextgov

The Homeland Security Department does not keep tabs on whether contractors that monitor vulnerabilities on federal networks have undergone training, according to a new inspector general audit.

These private sector system administrators support CyberScope, a central reservoir for incoming streams of data summarizing every federal agency’s computer security posture. The composite view of threat-levels is intended to help Homeland Security leaders manage cyber risks governmentwide. The account of an inadequate security training program for system administrator contractors at DHS follows the alleged breach of top secret files by a system administrator contractor at the National Security Agency.


Study of 61K Amazon Web Services instances finds 23K should improve their security

From: VentureBeat

John Koetsier

In the initial rush to the cloud, some companies may have lost site of the  fact that security, efficiency, and continuous monitoring are just as important  in the cloud as in the datacenter. It looks like they’re picking up that theme  now, but perhaps not as swiftly as their customers might like.

A new study by by cloud optimization company Newvem checked 61,545  Amazon Web Services instances which total a yearly spend of over $157 million.  The good news is that cloud users are getting much more savvy about security,  utilization, and optimization.


Gartner: Start security monitoring in the public cloud

From: Network World

Gartner analyst Anton Chuvakin puts forward three possible ways to make it work

By Ellen Messmer

National Harbor, Md. — Security monitoring — the type involving traditional security information and event management (SIEM) — can be done in some public cloud environments, according to Gartner. And if you’re using public cloud services, it’s time to think about doing it.

Security monitoring of assets that the enterprise has placed in cloud is still not a common practice, but it really should be, said Gartner analyst Anton Chuvakin during his presentation this week at the Gartner Security and Risk Management Summit.  There is always a “loss of control” when turning corporate data assets over to the cloud, Chuvakin says, but “you can compensate by increasing the visibility that comes with collection of logs and network traffic.”


Federal Agencies Graded On Cybersecurity

From: InformationWeek

Elena  Malykhina

Federal agencies have been making significant progress to improve their cybersecurity. However, much more needs to be done as agencies work toward achieving the Obama administration’s cross-agency cybersecurity goals by the end of 2014, according to the latest progress report released by the White House.

Last March, federal cybersecurity coordinator Howard Schmidt unveiled a plan for agencies to implement priorities that safeguard federal IT systems against cyberattacks. The White House’s objective by the end of 2014 is to have agencies achieve 95% implementation of critical administration cybersecurity capabilities on IT systems in the areas of trusted Internet connections (TIC), continuous monitoring, and strong authentication. The effort is part of the Cross Agency Priority (CAP) Goals initiative on Performance.gov, which feds use to grade agencies on their improvement efforts.


Mitre: Developer Days 2013

Editor’s Note:  Mitre’s registratation page is here, https://register.mitre.org/devdays/.

From: Mitre

Developer Days 2013

The MITRE Corporation will be hosting Developer Days on July 22-24, 2013, at MITRE in McLean, Virginia, USA. This three-day event will be technical in nature and focus on the Open Vulnerability and Assessment Language (OVAL®) effort, remediation, and other security automation topics.

The purpose of the event is for the community to discuss OVAL and other security automation efforts and specifications in technical detail and to derive solutions that benefit all concerned parties. An exciting agenda is being developed.

The event will begin at 10:00 a.m. on Monday, July 22, and end at 5:00 pm. on Wednesday, July 24.

MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the security automation community.


Deloitte Acquisition Signals Push By Consultancies Into MSSP World

From: CSO

By Edward Ferrara

Last week Deloitte announced the acquisition of Vigilant. This is important news for several reasons. With over 14,000 consultants that specialize in information security Deloitte is the largest and broadest of any security consultancy globally. Deloitte provides customized security solutions across a broad number of vertical industries, including financial services, aerospace, defense, retail, manufacturing, technology, communications, energy and pharmaceuticals.