Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted May 06, 2019

What can you learn from NSA cybersecurity strategies?

10.jpg

The United States National Security Agency originated as a unit to decipher coded communications in World War II and was officially formed as the NSA by President Harry S. Truman in 1952.

Since then, it has become the largest of the US intelligence organizations in terms of personnel and budget. With that level of resource and budget, there are definitely lessons to be learned by the average IT security professional.

What is the NSA?

The National Security Agency/Central Security Service (NSA/CSS) is a national-level intelligence agency of the United States Department of Defense that is responsible for global monitoring, collection, and processing of information and data for foreign and domestic intelligence and counterintelligence purposes. According to the National Security Agency website, this agency’s mission is to:

“...lead the U.S. Government in cryptology that encompasses both signals intelligence (SIGINT) and information assurance (now referred to as cybersecurity) products and services and enables computer network operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances.”

The ever-changing and globally borderless threat landscape requires new strategies for cyber risk mitigation.

Top Ten Cybersecurity Mitigation Strategies Per the NSA

After the Sept. 11 attacks, the NSA created new IT systems to deal with the petabytes of information from new technologies like the Internet and cellphones on a daily basis. They also publish guideline for cybersecurity mitigation strategies. According to a National Security Agency Cybersecurity Information brief, the top 10 cybersecurity mitigation strategies are:

  1. Update and upgrade software immediately: The primary focus here is to stay current with all available patches and software updates because without rapid and thorough patch application, threat actors can operate inside a defender’s patch cycle.
  2. Defend privileges and accounts: The primary focus here is to judicially manage privileged account credentials because threat actors continue to target administrator credentials to access high-value assets in order to move laterally through the network.
  3. Enforce signed software execution policies: The primary focus here is to identify and manage a whitelist of signed services because allowing unsigned software enables threat actors to gain a foothold and establish persistence through embedded malicious code.
  4. Exercise a system recovery plan: The primary focus here is preparation for recovery which is a necessary mitigation for natural disasters as well as malicious threats including ransomware.
  5. Actively manage systems and configurations: The primary focus here is to remove unwanted, unneeded or unexpected hardware and software from the network because active enterprise management ensures that systems can adapt to dynamic threat environments while scaling and streamlining administrative operation.
  6. Continuously hunt for network intrusions: The primary focus here is to proactively detect, contain and remove malicious code from inside the network because establishing proactive steps will transition the organization beyond basic detection methods, enabling real-time threat detection and remediation using a continuous monitoring and mitigation strategy.
  7. Leverage modern hardware security features: The primary focus here is to leverage new device and firmware security features and cycle out older platforms because using a modern operating system on outdated hardware results in a reduced ability to protect the system, critical data, and user credentials from threat actors.
  8. Segregate networks using application-aware defenses: The primary focus here is to implement segmentation or even micro segmentation strategies to reduce the attack footprint because threat actors hide malicious actions and remove data over common protocols, making the need for sophisticated, application-aware defensive mechanisms critical for modern network defenses.
  9. Integrate threat reputation services: The primary focus here is to leverage reputation services that can assist in the detection and prevention of malicious events and allow for rapid global responses to threats because multi-source reputation and information sharing services can provide a more timely and effective security posture against dynamic threat actors.
  10. Transition to Multi-Factor Authentication: The primary focus here is the recognition that anything above single factor authentication exponentially improves security so organizations should migrate away from single factor authentication, such as password-based systems, which are subject to poor user choices and susceptible to credential theft, forgery, and reuse across multiple systems.

While all of these strategies have been written about extensively as individual approaches, it is the combination that makes it more likely to succeed. By executing on all 10 NSA strategy suggestions you can potentially mitigate the costs incurred by malicious code impacting your organization.

Stop Malicious Content Before It Can Do Harm

As discussed previously, the cost of missing something is real, so the best defense is a great offense. By leveraging solutions that use deep inspection and analysis methods that interpret and detect code in real time, you can immediately block threats from affecting your organization.

Your selected solutions should make no assumptions on threat heuristics and behavior but actually assume that there is no legitimate reason for executable code to be present in a data file, it relies solely on identifying code existence on non-executables files. In this way you can be assured that inappropriate code will not enter your IT infrastructure through the inappropriate use of old passwords.

See for yourself what Mimecast can do to deliver evasion proof security for your organization today so that you can protect your corner of the world. Register for a demo here.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted May 06, 2019

You may also like:

Threat Intelligence Best Practices for Lean IT Organizations - Part 1

Here’s why looking at indicators o…

Here’s why looking at indicators of compromise isn&rsq… Read More >

Joshua Douglas

by Joshua Douglas

VP, Threat Intelligence

Posted Apr 30, 2019

New Cyber Espionage Campaign Features Never-Before-Seen Malware Tools

The key to defending against new attack …

The key to defending against new attack types is a multi-lay… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Apr 16, 2019

Insider Threat Protection: How Organizations Address the Inevitable

Keeping Connected to Our 33K+ Customers,…

Keeping Connected to Our 33K+ Customers, One Customer at a T… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Apr 02, 2019