Cyber-Hunting the Adlumin Way

cyber-hunting-adluminImagine if the U.S. Office of Personnel Management (OPM) had the cyber-hunting tools to both detect cyber-attacks in progress and view where the hackers were on its networks in real time.

Chances are they could have responded to the 2014-2015 breaches before these malicious intruders snatched the personal information of 22 million federal employees.

An upcoming White House report alleges that the OPM is not the only agency in the dark about cyber attacks: most don’t know where the attacks are coming from and have trouble building trend data to make risk-based decisions as a result.

“It was no surprise to use really in terms of the incident reporting framework….that most agencies didn’t have a handle on where the threat was coming from,” Joshua Moses, director of cybersecurity performance and risk management at the Office of Management and Budget, said at an Oct. 25 meeting of a federal advisory group. “Nearly a third of the incidents that were reported to Homeland Security last year did not have that associated attack vector, threat vector in the reporting.”

FCW Magazine reported that the report’s findings closely mirror what will be shown in the consolidated Federal Information Security Management Act compliance report due out from OMB in March 2018 and will drive plans to improve cybersecurity to make sure that agency efforts are aligned with the National Institute of Standards and Technology’s (NIST) cybersecurity framework.

Now, instead of simply managing firewall, intrusion detection systems, SIEMs and other after-incident detection tools, federal cyber-hunters have a new platform to proactively search through their agency networks to detect and isolate advanced threats.

Sword & Shield Federal has partnered with Adlumin to provide a User & Entity Behavior Analytics (UEBA) platform that deploys in minutes using whatever methodology an organization uses to deploy software (e.g. GPO, SCCM, or Big Fix). The Adlumin platform rests in either Amazon EC2 or Amazon Web Services (AWS) GovCloud allowing for specialized development easily accomplished via Cloud deployments. It is designed to make every member of the security team effective by automating incident response investigations using data science and machine learning.

“We need to maintain a state where the reliance on a security analyst’s expertise to find threats becomes obsolete, which means smarter technology,” said Adlumin Co-Founder and CEO Robert Johnston. “The amount of data a security analyst must sift through to find threats is 100 times what it was 5 years ago and there is seemingly not enough experts to go around. We have to use technology to make every member of the security team effective.”

Johnson developed this proprietary technology as a result of his work on the Democratic National Committee’s hack when he was an analyst with CrowdStrike. The automated cyber-hunting technology provides intelligence-agency grade human though process and replicates the data analytics Johnston learns from other data breaches.

The result is that Sword & Shield Federal and Adlumin works as an agency’s virtual Blue Team to alert and stop malicious activity whether it is coming from an external source or an insider threat.

“Bad Actors perpetrating an attack can take many forms, and organizations have become adept at being on guard for traditional perimeter attacks that raise alarms,” said Sword & Shield Federal Account Executive Scott Bradley. “Most often perimeter attacks are a slight of hand, causing organizations to throw a strained number of limited resources in the direction of the visible attack while sensitive data is exfiltrated in a different direction.  The Adlumin Platform provides automated tools to monitor critical systems across hybrid networks, and protects sensitive data from exfiltration.”

The platform also helps agencies comply with laws such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Payment Card Industry (PCI) and NIST.

For more information on the UEBA platform or to speak with us about any of your federal cybersecurity needs, please contact us at federal@swordshield.com or by calling 800-860-0075. You may also request a consultation on our website. Contracting officers can use this form and Program Managers can use this form to ensure you are routed to the appropriate customer service representative.


Related: Johnston Talks CyberSecurity Talent and the DNC Breach at the EDGE2017 Security Conference


Comments are closed.