{"id":6727,"date":"2020-10-19T10:16:04","date_gmt":"2020-10-19T13:16:04","guid":{"rendered":"http:\/\/www.fie.undef.edu.ar\/ceptm\/?p=6727"},"modified":"2020-10-19T10:16:04","modified_gmt":"2020-10-19T13:16:04","slug":"un-plan-de-ciberseguridad-de-tres-pasos-para-el-ejercito-moderno","status":"publish","type":"post","link":"https:\/\/www.fie.undef.edu.ar\/ceptm\/?p=6727","title":{"rendered":"Un plan de ciberseguridad de tres pasos para el ej\u00e9rcito moderno"},"content":{"rendered":"<p style=\"text-align: left;\" align=\"justify\">La creciente actividad de ciberguerra sobre las redes de defensa muestra el costo humano de los desaf\u00edos de ciberseguridad de hoy: los miembros del equipo del centro de operaciones de seguridad militar, a menudo trabajan turnos consecutivos de 12 horas, abordando una cantidad creciente de alertas. La investigaci\u00f3n de cada alerta puede tardar entre 20 minutos y 2 horas o m\u00e1s. Por esto deber\u00edan implementarse medidas especiales.<\/p>\n<hr \/>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\">In supporting Department of Defense customers every day, I\u2019ve seen the human toll of today\u2019s cybersecurity challenges: Military security operations center, or SOC, team members often work consecutive 12-hour shifts, addressing a growing mountain of alerts. Each alert could take between 20 minutes to 2 hours or more to research, with additional alerts rolling in.<\/p>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\">Some admit that they don\u2019t intend to continue on this path for long, planning to seek other opportunities \u2014 including those outside of cybersecurity \u2014 in private industry. Meanwhile, the threat environment looks to grow more foreboding for the foreseeable future:<\/p>\n<ul class=\"a-list o-articleBody__list element-ul\">\n<li class=\"a-list__item\">The Pentagon <a href=\"https:\/\/www.c4isrnet.com\/battlefield-tech\/it-networks\/5g\/2020\/10\/08\/pentagon-announced-600-million-in-5g-experimentation-contracts\/\" target=\"_blank\" rel=\"noopener noreferrer\">continues to invest<\/a> in the fifth-generation mobile network, or 5G, which is expected to enhance intelligence, surveillance and reconnaissance; enable new methods of command and control; and streamline logistics systems.<\/li>\n<li class=\"a-list__item\">The DoD\u2019s ongoing collaborations with academic institutions and private industry on what\u2019s called the <a href=\"https:\/\/iobt.illinois.edu\/\" target=\"_blank\" rel=\"noopener noreferrer\">Internet of Battlefield Things<\/a>, developing <a href=\"https:\/\/www.computer.org\/publications\/tech-news\/research\/internet-of-military-battlefield-things-iomt-iobt\" target=\"_blank\" rel=\"noopener noreferrer\">biometric wearable technologies<\/a> to enable commanders and their units to more effectively identify the enemy; access devices and weapons systems via speedy edge computing; and send and receive data rapidly to better respond to potentially dangerous and\/or hostile situations during missions.<\/li>\n<li class=\"a-list__item\">Since the <a href=\"https:\/\/www.c4isrnet.com\/thought-leadership\/2020\/05\/14\/how-a-pandemic-can-kickstart-cyber-lessons\/\" target=\"_blank\" rel=\"noopener noreferrer\">coronavirus pandemic<\/a>, the number of <a href=\"https:\/\/www.c4isrnet.com\/it-networks\/2020\/10\/12\/establishing-zero-trust-cybersecurity-comes-with-challenges-for-pentagon-it-leadership\/\" target=\"_blank\" rel=\"noopener noreferrer\">teleworking DoD personnel<\/a> has increased from 95,000 to more than 1 million, with connections to the departmentwide virtual private network growing from 49,600 to 440,000 per day.<\/li>\n<\/ul>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\">While these advancements are critical, they and other technology expansions\/shifts will add to the already staggering volume of alerts that SOC teams face daily: Overall, 70 percent of security professionals say alerts have <a href=\"https:\/\/www.sumologic.com\/brief\/state-of-secops\/\" target=\"_blank\" rel=\"noopener noreferrer\">more than doubled<\/a> in the last five years, with nearly 40 percent indicating that their organization encounters at least 1,000 alerts a day.<\/p>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\">It\u2019s clear that agencies must abandon outdated approaches that cannot sufficiently protect DoD networks, and implement the following three-step cycle to effectively respond to modern cybersecurity challenges:<\/p>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\"><b>1. Identify \u2014 and access \u2014 the data you need.<\/b> This includes endpoint data so you know what you are supposed to defend. Then you must identify the host server log and network data that will provide key \u201cclues\u201d in resolving incidents. Host server data, for instance, may say that a potentially troublesome connection never happened, but the network data \u2014 acting essentially as a lie detector \u2014 will tell you that it did.<\/p>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\">Once identified, you have to access it all. If your agency is still using the same routers, switches and bandwidth that it used five or 10 years ago, you won\u2019t be able to keep up with the speed of today\u2019s attacks. It is important to make the business case to fund what may seem like basic IT upgrades, is are in fact critical.<\/p>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\"><b>2. Normalize the data, and then centralize it.<\/b> All data \u201cspeaks\u201d differently. To effectively streamline alert management, you must standardize the formatting of data so it all \u201cspeaks\u201d the same language. This will help you start to piece together \u201cthe story\u201d that the data is telling you so you can confidently conclude whether activity is malicious or benign.<\/p>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\">For example, like the front door of a house, the firewall is supposed to let known, \u201cfriendly\u201d people in and keep out those who are unknown and suspicious, or don\u2019t have a key. The network data tracks those who got past the front door who perhaps shouldn\u2019t have, much like our home security cameras do. The endpoint data tells us whether these parties actually did any damage while they were inside, along with fingerprints they may have left behind.<\/p>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\"><b>3. Execute automated responses.<\/b> Through automation, you establish an instant, \u201cone button\u201d source of information gathering for your queries, with the contextual details you seek at your fingertips. If you receive a domain name system alert, automated processes enable you to quickly review correlated network data to determine that a user connected to a malware-infected site even if the firewall data tells you that the firewall blocked the connection.<\/p>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\">While automation relieves the burden factor for security professionals, it still requires their human input to determine whether suspicious activity should be shut down. Automated tools may identify a site as containing malware, for example, but it actually turns out to be a honeypot that your SOC created as part of a traffic-monitoring exercise. In this situation, you \u201ctell\u201d the automation solution to allow the activity.<\/p>\n<p class=\"o-articleBody__text a-body1 element element-paragraph\">There\u2019s a reason why SOC teams experience excessive stress and frustration, to the point of job burnout: They\u2019re tied to antiquated processes, even as the DoD embraces a new age of innovation. Meanwhile, data only grows more voluminous and disparate. The new age requires a new plan. By normalizing and centralizing data while leveraging automation, you\u2019ll arrive at the \u201ctrue story\u201d behind alerts \u2014 and make more timely, informed and accurate decisions as a result.<\/p>\n<p style=\"text-align: left;\" align=\"justify\"><strong>Fuente: <\/strong><a href=\"https:\/\/www.c4isrnet.com\/opinion\/2020\/10\/12\/a-three-step-cybersecurity-plan-for-the-modern-military\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>https:\/\/www.c4isrnet.com<\/em><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>La creciente actividad de ciberguerra sobre las redes de defensa muestra el costo humano de los desaf\u00edos de ciberseguridad de hoy: los miembros del equipo&hellip; <\/p>\n","protected":false},"author":1,"featured_media":6728,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,23],"tags":[],"_links":{"self":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/6727"}],"collection":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6727"}],"version-history":[{"count":1,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/6727\/revisions"}],"predecessor-version":[{"id":6729,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/6727\/revisions\/6729"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/media\/6728"}],"wp:attachment":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}