Using Cyber Smarts by Protecting Data Integrity with the Right Solutions

COVID-19 has moved more people to work remotely which has opened the doors even wider for cybersecurity threats. And October 2020 is National Cybersecurity Awareness Month (NCSAM). This year’s theme, “Do Your Part, #BeCyberSmart”, accentuates the importance of keeping your data safe and secure.  

Organizations must apply best practices to achieve data security by controlling confidentiality, integrity, and availability in alignment with the organization’s risk strategy. This means a reliable, consistent, and secure way to access and use data while preventing unauthorized access, corruption, and denial of services. Furthermore, organizations must being able to detect, respond, and recover quickly once an incident occurs. These concepts are described in the National Institute of Standards and Technology (NIST) cybersecurity framework (CSF).

Data Integrity with NCCoE Guidance and ArcSight

Following this framework methodology, the Data Security program at the National Cybersecurity Center of Excellence (NCCoE) has produced guidance for data integrity and data confidentiality, consisting of a series of publications that work together to identify, protect, detect, respond to and recover from critical cybersecurity events. On Oct. 1, 2020, they released the Data Integrity Cybersecurity White Paper.

Micro Focus partnered with the NCCoE on three NIST 1800 series publications releases: SP1800-25, SP1800-26, and SP1800-11. Micro Focus’s ArcSight provided key solution support for the publications, including:

·        Monitoring, auditing, and logging capabilities configurable to corporate policy for data changes on a system, database metadata, and content modifications.

·        Logs, detection, and reporting, in the event of changes to data on a system, malware detection across the enterprise, and enterprise health.

·        Ability to send security alerts and notifications based on organizational policy.

·        Analytic capabilities to determine the impact of integrity events.

Achieving Cyber Resiliency in Your Enterprise

Data is one of the most valuable assets for today’s enterprises, along with its people (identities) and applications. A federal edition of a data threat report released in 2019 stated that “Digital Transformation is leaving its mark throughout the U.S. Federal Government, with profound impacts on information and data security...,” and it also specified that 60% of U.S. Federal Government respondent reported being breached. The same report indicated that even though network security still their main focus, emphasis in data and application security are almost equal to network security. It also reported that the leading data security concerns were sensitive data discovery and classification, and data protection by role. Other leading concerns among Federal Government respondents were user account credentials compromise, and exposure of sensitive data.

Micro Focus security solutions include a comprehensive portfolio of data security products that helps organizations identify and protect, detect, respond, and recover in the event of cybersecurity incidents. Likewise, these solutions enable organizations to continuously and intelligently deliver an intended outcome despite adverse cyber events -- what Micro Focus refers to as Cyber Resilience.

NIST defines cybersecurity as “prevention of damage to, protection of, and restoration of computers … including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.” Cyber Resiliency expands those goals. Per NIST’s definition of cyber resiliency, the main aspects are to “anticipate, withstand, recover … and adapt …” This means going beyond technology and information, and into operations and processes.

If I look at the fundamental concepts of cyber resiliency, this is the way I would describe them. “Anticipate” -- indicates to remain vigilant, prepared, and not reactionary. “Withstand” -- operations must go on, regardless of any incident impact. “Recover” -- returning to normal operations and full functionality as soon as possible. Finally, “Adapt” refers to using what you have learned from an incident to be ready for when the next incident may occur. Yet, these concepts do not replace those from the CSF but instead supplement them.

Micro Focus delivers flexible and modular solutions that help organizations to achieve such resiliency. Being able to identify your data, classify it, apply policies to it, and protect it, regardless if it is structured or unstructured, not only at rest or in transit but also in use without security gaps. Furthermore, our solutions expand the traditional cybersecurity perimeter with an adaptive, identity centric roles based access control approach, by only allowing data access to authorized and authenticated individuals, which is paramount to help organizations adapt to the Zero Trust model. Micro Focus identity, governance and access management solution govern, adapt and learn user behavior of your applications and data access to ensure identities are compliant, authenticated and authorized, especially for privileged individuals, all while providing an integrated end-user friendly, frictionless advanced authentication framework.

As data and identities have increased in organizations, so have the number of applications and the pace at which they're developed and deployed, making applications security a critical component that must be considered. From identifying vulnerabilities in your applications and coaching your developers on how to write secure code, to protecting those applications that have not or cannot be secured - Micro Focus application security solution offers end-to-end application security solutions with the flexibility of testing at scale while covering the entire software development lifecycle.

Now that most organizations must adapt to this new “work from home” paradigm, this puts companies in a difficult position when trying to maintain a robust security posture. This requires a smart solution driven by machine learning (ML) and artificial intelligence. Micro Focus Next-Gen security operations solution is based on the concept of layered analytics, which leverages the power of real-time detection and the intelligence of unsupervised ML, while also connecting the dots between the people, technology, and processes with integrated Security Orchestration, Automation, and Response (SOAR).

Conclusion

Not all Micro Focus solutions are covered since its portfolio is quite large, yet in this NCSAM, I wanted to highlight some of the most significant solutions that it has to offer to protect what it is more important to any organization. From cloud, virtual, on-prem., or any hybrid deployment, Micro Focus solutions help enterprises achieve cyber resiliency through their digital transformation and beyond. Check out Micro Focus security, risk and governance solutions to learn more about it, or better yet, reach out to MFGS, Inc. for more information.