Billington Cybersecurity Summit: Situational Awareness and Cyber Resiliency

Victor Limongelli

I was pleased to have the opportunity to participate on a panel at the 5^th Annual Billington Cybersecurity Summit, a very well attended event in Washington, DC yesterday. At the Summit’s opening keynote, Admiral Michael Rogers, Commander of U.S. Cyber Command and Director of the National Security Agency, made a strong call for the adoption within cybersecurity of the military concept of “situational awareness,” both in government agencies and in corporate America. This, he said, can be achieved through understanding normal behavior across a network and on endpoints and having a way to quickly visualize anomalies. 

Later in the day, Dr. Phyllis Schneck, the Deputy Undersecretary for Cybersecurity for the National Protection and Programs Directorate within the Department of Homeland Security, advocated for continued integrations between security technologies. We at Guidance Software have long believed in the importance of integrating security tools—no single product can meet all needs—and you can see evidence of our commitment to this approach in the many out-of-the-box integrations between EnCase Cybersecurity and other industry-leading security tools such as HP ArcSight, the BlueCoat Security Analytics Platform, as well as new ones that will be announced soon. Dr. Schneck also pointed out that the private sector and specialized technology vendors can play a vital role in educating the government about the latest developments in attack methodologies and the technologies that can be used to combat them.

My own panel was called “What’s Next in Cyber Resiliency? CISO/Cyber Leaders’ Views,” and was skillfully moderated by retired Rear Admiral Mike Brown, now vice president and general manager of the Global Public Sector at RSA. I was joined on the panel by two accomplished and insightful co-panelists: Chandra McMahon, vice president of commercial markets at Lockheed Martin; and Dr. Michael Papay, vice president and chief information security officer at Northrop Grumman.

Preparation Enables Agility: Key Takeaways from the Panel

As a panel, we discussed the best new ideas on how industry, government, and academia can work together to improve our nation’s cybersecurity posture. The most important concept was this: the characteristic of “cyber resiliency” should be the ultimate goal of any organization.

Cyber resiliency refers to the ability to quickly recover from an attack by performing swift and effective remediation, and returning the environment to a healthy state. And a necessary component of resiliency is understanding where your organization’s valuable information is stored (which helps determine the potential impact of an attack).  

Why start with the idea of responding to an attack? What about prevention? No one is discounting prevention. But building cyber resiliency starts with the premise that attackers will get in, that smart organizations operate under an “assumption of compromise,” and that they plan their response and remediation capabilities accordingly.

Finally, cyber resiliency is not just for the largest organizations. Next-generation endpoint security products must address the needs of “the everyday SOC analyst, not just ‘ninja warriors’,” and their pricing must become more affordable so that small- and medium-sized businesses—as well as Fortune 500 companies and large governmental agencies—can protect their intellectual property, customer and financial data, and overall viability.

Comments? I welcome discussion in the section below, whether on this topic or on one you would like to see us write about in the Endpoint Intelligence blog.

Victor Limongelli is president and CEO of Guidance Software, Inc. He is a frequent speaker at security and legal events.