In Part One of MeriTalk’s discussion with Maitland Muse, Vice President of Global Channels and Alliances at AppGuard, we discussed the ways that traditional antivirus technologies have been compromised, and how a new approach to defending agency networks is required.
We continued the conversation with Maitland, as well as AppGuard’s Chief Evangelist, Neal Conlon. Conlon is an acclaimed cyber influencer and speaker who draws on what he refers to as his “trinity of service.” With military service as a U.S. Marine; a passion for sharing knowledge and connection with people; and far-ranging technical industry experience from military, to banking, to startup technical frameworks, Neal believes we are on a mission as a country to restore confidence in the cybersecurity posture for elected officials and executive branch agencies.
MeriTalk: Do you think the American public understands the mounting pressure for government to keep up with growing cyber threats?
Neal Conlon: Cybersecurity to the general public is a very challenging concept. It’s an evolving beast, where not only do new and complex attacks emerge every day, but older, brute force attacks re-manifest. Even as government agencies themselves become hardened, the attackers are now going downstream to less secure contractors and consulting firms and paddling up their application vulnerabilities.
State and local government agencies also continue to be prevalent targets for cyberattacks, and the root cause is almost always the same. Research suggests 95 percent is human error and 93 percent of attacks are directly related to an application vulnerability compromising the Operating System.
You’re correct that pressure is mounting, especially here in 2020. You discussed with Maitland how traditional methods of protection have let us down. The election security issues that emerged in the 2016 election and then subsequently became political spectacle – everything from social engineering on Facebook, private emails, hacking of DNC servers – no matter what side of the aisle you’re on, there’s been growing cyber conflict that many elected officials have yet to reconcile. It’s shaken the public’s trust in government, and it’s why we have a duty to restore that confidence.
That’s all been a learning lesson. AppGuard will be protecting certain aspects of the 2020 presidential election, and we’re seeing from our partners a hardened focus on a free and fair election.
MT: We’re already seeing questions of proper cyber practices on the campaign trail. Election security as a whole is coming back into frame. Can you talk about the risks to campaigns?
NC: In this election cycle, reports suggest 70 percent of campaign websites lack basic security. It’s probably obvious at this point, but a recent statement from a senior U.S. intelligence official confirmed that Russia, China, and Iran are attempting to manipulate public opinion ahead of the 2020 elections. At the state and local level, election officials are short on funding to boost election security and protect our democracy. We’re seeing an uptick in appropriations, but the support can’t come soon enough.
As with the voting infrastructure, the candidate within the campaign is not the sole target. Adversaries compromise secondary and tertiary targets to get to – or bypass – the primary ones. The campaign manager is more likely to open an attachment from a volunteer she knows than from a complete stranger, so spear phishing and social engineering attacks remain easy attack vectors.
But campaigns are just one element. We’ve seen the same headlines about the legislative branch, that is, congressional websites becoming targets, too. The folks reading this interview include many in the executive branch. AppGuard been working to support the function of these executive branch agencies, and their role in delivering key government services and securing sensitive citizen data is obvious.
During critical times where we decide on the future of the administration, adversaries have countless targets to choose from, and even the specter of this threat has the potential to undermine public confidence.
MT: So, how can government agencies go beyond talk and start to get tactical?
Maitland Muse: Prevention trumps all. To be very congruent, for all forms of cyberattacks, the culture of the agency should always be to prevent the attack from occurring. The resilience will create a long-term benefit to the organization. There was a time in the cyber ecosystem that identifying, and detecting were enough, and I think the ecosystem now understands that prevention is the key. If you can prevent a problem without having to manually detect its existence, wouldn’t you always choose to do that?
We all know that government is strapped for cyber manpower. There is a shortage of high-end expertise. This is where a technology like AppGuard is valuable to agencies. If a piece of software can reduce the hard costs of applying high-end folks to low-end tasks – false positives, IT tickets, and the like – then that is a huge win for your SOC/MSSP, and ultimately a win for the end-user.
We’re hosting our first-ever Federal Forum on February 20th, where we’ll explore these topics in even greater detail.
MT: Do you see evidence of agencies augmenting their programs with solutions that help bridge that talent deficit?
NC: Definitely. It’s great to see the folks at NIST finally adopting the zero-trust framework. The concept took some time to solidify. Also, the CARTA framework is spot-on to focus your efforts on protecting your infrastructure. AppGuard’s patents of OS Segmentation, OS Interaction, and process execution create a policy engine that should be a best practice for every agency. In a nutshell, AppGuard prevents applications from being turned against the operating system. Our policies allow you to not only establish a location-based, zero-trust framework, but also supplement your human capital by preventing threats autonomously.
MT: What are the top things agencies can do to protect themselves in FY2020?
MM: First, assume your security parameters are already compromised. Don’t rely on detection and response, instead utilize a preventative solution. Since zero-day attacks are increasing, leveraging preventative technologies is key to stopping both known and unknown attacks. Finally, employ a system of layered defenses involving complementary technologies. Many use the term defense-in-depth. This needs to begin at the kernel level, with a solution that stops disastrous exploits from executing in the first place.