Category: Security

Don’t Be a Cyberwar Victim. Become Digitally Resilient.
Digital resilience is more than just a good idea, and it should be more than just another IT cost center. In fact, digital resilience supports the business and just happens to be your organization’s best...
Public, Private Sector Collaboration Is Key To Combating Cybersecurity Issues
The Colonial Pipeline ransomware attack showcased the growing vulnerability gaps when it comes to national cybersecurity. Combined with the whirlwind of activity related to the SolarWinds breach, there will be a surge of new cybersecurity...
For the U.S. Defense Dept., the Future of Data Management Is Zero Trust
The future of federal cybersecurity is zero trust. In February, the U.S. National Security Agency (NSA) released guidance encouraging intelligence organizations to adopt a zero-trust security model. The NSA also detailed what zero trust is,...
What Does the Cybersecurity Maturity Model Certification (CMMC) Mean for My Business?
There’s plenty of talk right now among the defense community about the Cybersecurity Maturity Model Certification (CMMC). And with good reason. The certification demands significant changes of government contractors working directly for the Department of...
The Colonial Pipeline Cyberattack Emphasizes What Americans Want — Government to Prioritize Cybersecurity
A new Tanium poll finds support for more private sector involvement. But spending must be targeted in the right areas. President Biden signed an executive order on cybersecurity last week following a ransomware attack on...
Biden’s Executive Order Stresses Need for Federal Government to Make “Bold Changes” in Cybersecurity
Days after the Colonial Pipeline cyberattack crippled our nation’s gas supply, President Biden signed an executive order aimed at improving America’s cybersecurity and protecting federal government networks. While the executive order is focused on the...
Is Your Agency Prepared For Software End of Life?
Federal agencies have a software accumulation problem. The problem is not new, but it gets worse with each passing year. The issue stems from near countless options for software that agencies can choose from. IT...
Do Agencies Need Next Generation Software, Or Are They Just Chasing Diminishing Returns?
When federal agencies experience a breach, they usually favor various types of compensating controls specifically engineered to mitigate the potential damage of the breach. These types of controls often result in tool sprawl. They also...
Strengthening Federal Technology Risk Management
The transition to remote working has expanded agency threat surfaces — and it’s not just cybersecurity risk that agency IT teams have to deal with; it’s increased risks to data, the mission and staff.  People...
How to Strengthen Federal Endpoints and Networks With Preventative Security
Agencies have long relied on reactive security (compensating security controls) vs. preventive security (baseline security controls) to protect their information systems. As a result, many end up with tool sprawl — adopting too many one-off...
How Agencies Can Improve FITARA Cyber Scores With Real-Time Data
The scores from the latest Federal Information Technology Acquisition Reform Act (FITARA) are out. Good news: it showed overall improvements for all agencies. Surprising news: not one agency’s cyber score changed from the previous scorecard. The cyber category consists...
Tanium Provides Endpoint Visibility and Intelligence for Google’s BeyondCorp Enterprise
Once upon a time, network security was about letting the good guys in and keeping the bad guys out. But we’re living in a different world now.  Cyberattacks are sophisticated and targeted. Bad actors aren’t...
Continuous Diagnostics and Mitigation (CDM) and Zero Trust Are the Building Blocks of Cybersecurity
As the distributed workforce grows, federal agencies face a broader threat landscape. Bad actors are gaining access to more user credentials than ever before, with their algorithms outperforming humans 1,000 to one. In this new...
Experts Share Advice on Getting Started With Zero Trust for Remote Infrastructures
During the Cyber Security Experts Panel at CDM Central last month, I joined government experts from the U.S. Small Business Administration and Department of Health and Human Services — along with fellow industry experts — to discuss what...
How a Federal Telework Bill Can Help Modernize and Secure Remote Work
As federal telework continues, agencies are looking to allocate funds and modernize remote environments for the future. The Pandemic Federal Telework Act, if passed, would direct federal agencies to allow eligible employees to telework full-time...
Strategies for Optimizing Remote Work in 2021
In 2020, the federal sector’s priority was business continuity, when the pandemic forced a new world of remote work. But now that the dust has settled, 2021 presents a crucial opportunity for the government to...
Zerologon Needs More Than a Patch: How Federal IT Teams can Remediate This Vulnerability
The Zerologon vulnerability that spurred a rare emergency order by the Cybersecurity and Infrastructure Security Agency (CISA) continues to pose a threat – specifically to the federal civilian executive branch.  CISA requires all federal agencies to immediately...
Securing Federal Telework with Zero Trust
The network perimeter is dissolving. As a result of the pandemic, widespread telework is likely here to stay. As a result, federal agencies need more robust IT architecture and stronger defenses to keep systems secure....
Tanium Converge: Advancing Endpoint Security for Federal Agencies
The Tanium Converge 2020 conference brought together customers, thought leaders, and industry experts to discuss the growing need for better endpoint management in today’s challenging and unpredictable business environment.  Certainly being ready for whatever comes...
Dealing With Kimsuky: How to Protect Federal Endpoints and Networks From Advanced Persistent Threats
Federal remote workers rely on virtual desktop infrastructures like Remote Desktop Protocol (RDP) to gain access to and visibility of the agency network server. Protecting those endpoints from the growing number of potential cyber threats...