February 15, 2021
Agencies have long relied on reactive security (compensating security controls) vs. preventive security (baseline security controls) to protect their information systems. As a result, many end up with tool sprawl — adopting too many one-off specialized solutions that complicate risk decision making, fail to scale and fall apart in a borderless environment. This also impacts productivity, complicates management workflows and dramatically inflates costs.
This problem is even greater with the dramatic shift to remote workforces. As a result, the rise in cyber attacks, particularly ransomware, on government employees makes the “reactive security status quo” a challenge.
In a recent Washington Technology article, I discuss how agencies can work to protect endpoints by rationalizing tools and adjusting security approaches. By reevaluating priorities and the toolset, federal IT teams free up funds for strategic IT priorities and modernization.
Compensating controls are mechanisms engineered to respond after a threat makes landing at the point of discovery or execution, rather than preventing the threat. This control intervenes in normal execution and seeks to determine the safety of the action being attempted. Too often, IT teams use these controls as a safety net, as they’re easier to install and not as difficult to manage as baseline controls.
But this approach fails. Compensating controls shouldn’t be an agency’s primary defense but rather in place for the rare occasion in which proper baseline controls around privileged access and code execution don’t cover the threat (which is incredibly rare).
In addition, compensating controls are extremely costly because there’s no finish line. As adversaries evolve, they lean on increasingly advanced tactics to infiltrate federal systems — and with compensating controls, IT teams won’t know about a breach until it occurs.
Instead, agencies should reevaluate their approach to cyber hygiene. It starts with implementing and managing proper baseline controls as mandated by the National Institute of Standards and Technology (NIST). Baseline controls have the ability to protect and secure endpoints regardless of where they reside and conduct risk-based assessments to tailor the right level of controls to the environment.
As agencies strengthen preventive security with baseline controls, they should adopt a holistic management approach. Tanium’s unified endpoint management and security platform uses comprehensive, accurate, and real-time data from a single source to reduce risk and improve security. With one platform for management and security, agencies can justify future budget requests for critical security activities — all while having a comprehensive view of the security landscape to make strategic business decisions.