The ExtraHop team attended AFCEA West last week, where one of the most anticipated events was a panel titled: "Information Warfare: Identifying the Gaps and Seams in Cyber Security." The panelists included CIOs from the Department of the Navy, the Marine Corps, and the Coast Guard. They discussed the challenges they face in leading, operating, defending, and managing the information technology, networks, and data analysis/data fusion capabilities for decision superiority while protecting key information and information resources.
There's a key point, unstated in the title of the panel, but a crucial part of the discussion at the entire event nonetheless: You cannot defend that which you have no knowledge of.
The ability to map the cyber terrain is vital for the Department of Defense (DoD), and there are a few key capabilities you need to have in place to assure that you're mapping the cyber terrain effectively:
- Discovery & Classification: Devices, interfaces, users, infrastructure components … you need to be able to see everything that connects to your IT, and you need this visibility in real-time. ExtraHop's stream analytics platform automatically detects, categorizes, maps, and decodes all hosts, protocols, and transactions by performing advanced analytics of all data in flight.
- Scale: If your mapping capabilities aren't strong enough to keep an updated view of the whole terrain, you're at risk of having threats slip through the cracks. ExtraHop monitors at a line rate of up to a sustained 40 Gbps without a single host agent being deployed, with no need for credentialed access, and without any disruption or degradation to the mission system being monitored.
- Correlation: Threats don't land right where they need to be in the network. They need to move laterally to get there. If you can't correlate a threat in one place with suspicious behavior elsewhere, you aren't mapping the cyber terrain effectively, and you've got a huge blind spot. Because ExtraHop can be deployed across all of the critical infrastructure tiers, we easily show cross-tier correlated activity such as a client accessing a server, followed by credentialed database queries, finished off by a large file transfer to another machine. Did we also mention we can export our activity maps as PDF, Visio, or image files?
Host and service mapping is a small subset of what the ExtraHop platform can do for our DoD customers. Other use cases include: compliance reporting and continuous monitoring, baselining and trending, alerting, and even performance management.
Beyond security, ExtraHop can aid during the planning stages for Application Rationalization—a big initiative within the Defense Department at this time. And as DoD continues to undergo other transformation initiatives such as datacenter consolidation and cloud adoption, the planning and assessment of the "as is" environment will prove key to controlling the chaos around these initiatives. ExtraHop will be there to help by providing a platform for enabling data-driven decisions around the planning, execution, and sustainment stages of these initiatives.
Find out more about all these capabilities by following the links below.
This is a companion discussion topic for the original entry at https://www.extrahop.com/community/blog/2016/three-key-capabilities-for-mapping-the-cyber-terrain/