U.S. government agencies can never be sure how many undetected cybersecurity compromises are in their networks—and what harms are in the offing. Stealthy cyber threats bombard Federal Civilian Executive Branch (FCEB) agencies around the clock. Attackers rapidly innovate, outpacing advances in defenses. Moreover, finding malicious actors is hard. The scale of the problem is daunting. To push back on this uncertainty, organizations hunt threats in their own networks, but implementing threat hunting on a federal scale is a unique challenge. The Cybersecurity and Infrastructure Security Agency (CISA) will need a creative solution from industry to achieve mission-critical objectives.
Our report,Cyber Threat Hunting at Scale Across .Gov, explains what leaders need to know to get started:
- Booz Allen recommends building on the foundation of the Continuous Diagnostics and Mitigation (CDM) approach and leveraging past investments in current capabilities. FCEB agencies should centralize, retain, and hunt through their own data at the agency level, leveraging analytics and processes provided by CISA. We call this solution "distributed threat hunt."
- Distributed FCEB agency teams would independently stalk cyber threats in their own environments with smart automation, shared analytics, and near-simultaneous operations.
- We explain how this approach would empower FCEB agencies and how key functions should be distributed. Our report also includes three steps leaders can take now to begin deploying distributed threat hunt at scale.
By smartly increasing the scale of cyber threat hunting across federal networks, CISA and FCEB agencies can turn the tables on sophisticated, determined adversaries set on harming U.S. national security. Now is the time to detect, identify, and mitigate cyber threats across the .gov domain by harnessing the power of distributed capabilities.