Over the last several years, federal agencies have been driving digital transformation efforts with the vision of improving customer experiences, national cybersecurity, and data sharing capabilities. However, in doing so agencies have also expanded the attack surface of their network. With attack surface management, federal agencies can discover and address potential vulnerabilities faster to strengthen defenses when modernizing services.
In a recent interview with Federal News Network, Michael Sieber, Senior Director of Cybersecurity at Maximus, explained why attack surface management plays a critical role when modernizing services on an agency’s network. “Attack surface management is part of defense in depth, where you’re trying to make sure that you can see your entire network, understand what vulnerabilities are present, and prioritize mitigation based on risk,” Sieber said. “You’re addressing the high-risk items first and then mitigating so that there is less attack room for an adversary to come in and gain access to your network.”
However, these networks have gotten more complex and dynamic as agencies have moved to hybrid or multi-cloud networks. In a hybrid environment, an agency’s attack surface is continuously expanding and shrinking. In addition, digital transformation efforts have integrated technology into new and existing systems and applications, which “creates the potential for misconfigurations and the chance of introducing vulnerabilities” into the network.
Attack surface management provides agencies with the dynamic ability to “understand the current boundaries of their networks” and “proactively secure that constantly shifting environment.” With attack surface management, agencies can categorize endpoints on their network, identify and prioritize vulnerabilities, and maintain enterprise-wide visibility that allows them to adapt their cybersecurity posture when necessary.
Since these networks are so dynamic and complex, it’s impossible for an agency’s cybersecurity team to maintain it effectively. Sieber noted that it’s essential for agencies to leverage automation and AI to help them manage their networks effectively.
“If you look at a security operations center, there’s so much information for them to track that it’s impossible for them to ingest data manually,” Sieber said. “You have to take advantage of tools and make sure that those tools are giving you a common operating picture so that you can understand what your network looks like, where your weaknesses are and mitigate any vulnerabilities … Artificial intelligence can help you digest a lot of that data and then get rid of the noise, so you can clearly understand what the threats are and pay attention to the things that really matter.”
The attack surface of federal agencies will continue to expand over the years, as agencies find new ways to integrate innovative technology that drives mission outcomes. By leveraging attack surface management, agencies can effectively strengthen defenses throughout every iteration of their modernization journey.
To learn more about how attack surface management can help to strengthen defenses when modernizing government, read the full interview here.