Governments need more visibility to protect critical networks

By Tanium

Real-time endpoint management that uses AI is the future of securing complex government networks as digital public services take root, says cybersecurity leader Tanium’s Chris Cruz.

There is an urgent need for governments to have greater oversight over potential cyber incidents that can affect government networks.

Today, bad actors are increasingly targeting supply chain and vendor networks which sit next to and collaborate with government infrastructure. These can provide indirect access to otherwise highly protected government systems, says Tanium’s Chief Information Officer for Public Sector, Chris Cruz.


“Governments must address the ongoing risks of cyber-crime as we see an uptick in the stealing of credentials by infecting systems with malware, ransomware, and phishing attacks,” he adds.


Converged endpoint management systems (XEM) can help agencies secure these endpoints and manage risks through real-time data hosted on a single platform.

This concept has been pioneered by Tanium as a new way for cybersecurity leaders to manage complex networks.

AI-based approach the future of cyber


Autonomous endpoint management is both a new category for and the future of, managing the enterprise ecosystem, he says.

Tanium’s Chief Information Officer for Public Sector, Chris Cruz

“At Tanium we have pioneered a new artificial intelligence (AI)-based approach that we term Autonomous Endpoint Management. This system uses AI to enhance the power of real-time threat assessment, making it easier to query and analyse data across millions of endpoints in natural language and apply updates and changes at speed and scale,” Cruz says


This allows automated patching and “ends the need for patch Tuesdays,” he adds.


Tanium’s XEM will also use machine learning (ML) to automate critical workflows, leading to greater efficiencies across the security operations (SecOps) domain and reducing the attack vector.


“Going through manual processes to check for breaches takes time – but in cybersecurity, time is not your friend. Having data and tools that talk to each other are critical to managing and mitigating modern cyber risks,” Cruz says.


Autonomous endpoint management can help agencies gain a more exact view of any potential vulnerabilities or weaknesses that enable a potential attack, thus improving the security posture and shrinking the potential attack surface.


This can free up the human workforce for more critical tasks, giving peace of mind to CISOs, CIOs and CTOs in the public sector, Cruz adds.

Endpoint visibility across a single platform


Beyond tapping on AI to supercharge endpoint management, Cruz recommends adopting a platform approach to ensure complete endpoint visibility.


Cruz notes that many government organisations still employ a wide range of disparate tools and manual processes, not to mention services from third-party vendors, to protect their environments.


As a result, they have disparate endpoint solutions that are manually intensive, duplicate efforts, and can lead to false positives. More importantly, this can result in incomplete visibility – setting the organisation up for an incident.


Given the complex environment that most governmental agencies work in, “it is critical to manage and have the flexibility to observe every endpoint that accesses the network in real-time. At Tanium, we believe that visibility is the first line of defence for any public sector organisation,” Cruz says.


And what is not seen cannot be managed.


“Our platform approach, XEM, unifies IT operations and security teams on a single platform and provides a unified console built from the ground up, that gives real-time visibility, control, and remediation,” Cruz notes.


Real-time data provides security and operations teams with key information to address and mitigate vulnerabilities expediently and keep critical malware, like ransomware, from infecting the entire network, says Cruz.

Analyse every endpoint instantly


XEM, which is an industry first, makes it possible to analyse data on every endpoint in real-time and apply updates at speed and scale, he adds. XEM can also be integrated with other solutions, like a Security Information and Event Management (SIEM) system, to better manage an enterprise network, says Cruz.


It provides oversight of every unmanaged endpoint in the environment and sniper-patches those critical vulnerabilities before they negatively affect the network and cause undue harm, he says.


Cruz notes that the cybersecurity challenges faced by governments “are vast and complex.”


Government agencies are the target of sophisticated cyber threat actors including state-sponsored hacking groups, hacktivists, and organised crime that intend to steal sensitive data or disrupt critical functions.


“Governments can effectively mitigate these risks by making cybersecurity a priority, adopt an enterprise SecOps platform to effectively find and remediate vulnerabilities, build a culture of cyber preparedness, and enlist third-party expertise to reinforce and manage risk and issues expediently,” says Cruz.