Who We Are
NJVC is the engine of the secure, integrated enterprise, delivering mission-critical IT solutions for critical missions in enterprise management & monitoring, hybrid IT transformation & optimization, cloud migration and cybersecurity.
But nowhere may it be scarier than enterprise IT departments, as the end of October marks the end to National Cyber Security Awareness Month (NCSAM).
NCSAM, the yearly campaign sponsored by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security, raises the visibility of the need for good cyber practice and marks 30 days of tips, insights and lessons learned to advance the cause of cyber security in an increasingly sophisticated--and dangerous--digital landscape.
When it's over, though, cyber security awareness frequently goes right back in its box like a costume, from forgotten taining to lax patch management to infrequent scans.
Unlike Cyber Security Awareness Month, though, cyber security can't be periodic, but rather it needs to be continuous.
From a technical standpoint, most cyber security monitoring is something like the awareness month -- an intense burst of focus punctuating periods of reaction only when security events occur, assuming those events are detected in the first place.
At current, most cyber security measures work in intervals, leaving blind spots in defense and force cyber security engineers into a reactive mode, working from outdated information.
"The dominant model now is to perform a scan, compile the information and present it for use days, weeks or months after the scan, " NJVC Cyber Security Principal Robert Michalsky explains. "The data is out of date the moment it's presented. Moreover, it's often incomplete because it's individual reports from each tool, rather than a cohesive picture. Most cyber measures are more like gates and check points, rather than coordinated, continuous defenses.
These scans and reports can draw immense amounts of sophisticated data from existing tool, but reports aren’t correlated against other tools and available data, and not at real-time, resulting in gaps of knowledge.
Or to put it another way, most existing cyber security measures are a little like doing security surveillance with a Polaroid camera, or trying to predict next week's weather by using last week's satellite image.
A snapshot, no mater how detailed, is still just a snapshot.
The effects of this play-from-behind strategy are as clear as they are disheartening.
According to the 2013 Verizon Data Breach Incident Report, 66 percent of breaches take months or more to detect. Approximately 70 percent are then identified by someone outside the organization.
The solution moving forward is continuous diagnostics and mitigation (CDM), an initiative theDepartment of Homeland Security issued a $6 billion BPA to support.
Continuous processes, like NJVC’s Cyber Fusion Framework, aggregate and correlate feeds from existing cyber tools to create a unified picture of your cyber posture and provide actionable intelligence to mitigate against threats. Using a continuous monitoring solution, network operators can immediately identify devices connected to their network and receive a simple easy-to-understand score, correlating to its threat level. All of this is done in near-real time, allowing vulnerabilities to be identified and mitigated when they happen and creating a unified dashboard, rather than vendor-specific, isolated views.
Instead or learning about a breach months later, dashboards can display all devices connected to your network, filtered by information like operating system, patch status, MAC address or IP.
CDM solutions currently provide the intelligence to be acted upon by network operators, allowing for a level of human judgment in an automated process.
In addition to CDM, cyber security vendors can provide further defense in depth, combining effective employee training and intelligent configuration management with the actionable intelligence of the CDM itself.
"Introducing continuous processes is an important next-step in cyber as the number of threats grow at the same time the amount of sensitive data stored in network devices grows," Michalsky says. "It's a concept that's rapidly becoming a baseline need in cyber security. It is simply unacceptable to have breaches continue for weeks or months while waiting for the next scan that would detect it."
While Cyber Security Awareness month may be in the rearview, continuous cyber security is the next step for IT enterprises, a defense-in-depth to keep your network and assets protected from the frightening (threat actors, internal abuse, policy violations) and the undead (zombie computers, self-resurrecting malware).
You're still on your own against circus peanuts.