Responding to Threats: The Path to Resilience
Reading Time: 4 minutes

The world is becoming increasingly more interconnected. The abundance of information makes it prone to security threats that continue to evolve in both scale and complexity. In response to these threats, the U.S. government has signed Executive Order 14028, which calls for a complete rehabilitation and modernization of cybersecurity policies and procedures in all federal agencies and critical infrastructures, with a focus on detection, response, and resilience.

To more effectively meet that goal, Incident Response, Endpoint Detection and Response, and Information Sharing have been identified in the Order to be of utmost importance. Each of these capabilities plays a vital role in one way or another in proactive and coordinated defense against cyber threats, and in this post, our last of this series, we will cover each of these in turn.

Incident Response (IR) is a key component for dealing with cybersecurity incidents. It makes the process faster while simultaneously increasing the effectiveness of incident resolution. It provides a methodical framework for supervising the reverberations of a cyber intrusion, and it helps to shift the focus on paring down the damage, working towards restoring operations back to normal, and garnering intelligence from the event for better future preparedness.

Key Aspects of IR under Executive Order 14028

  • Groundwork and Discovery: It is essential to be prepared for a breach and discover it in the nascent stages, to limit the level of damage. It is mandatory for agencies to invest in modern detection tools that assist with swift and accurate breach identification identification .
  • Integrated measures: Executive Order 14028 deems it necessary to establish a more centralized, methodical approach for situations that necessitate a federated response to incidents. This includes, but is not limited to, a reliable, well-laid-out process for handling breaches, while making sure that things remain well coordinated between organizations or agencies. This would be groundbreaking: A centralized framework combined with a distributed (yet federated) mechanism that would propel entities to act on their own while remaining in harmony with the broader objectives.
  • Aftermath Analysis: When an incident occurs, after response measures are in place, organizations must study the event and garner information that would help improve defenses against similar situations and refine future IR strategies.

Endpoint Detection and Response (EDR) is a critical technology designed to monitor, detect, and respond to cyber threats on any device or system that acts as a nexus within an organization’s network infrastructure – known as the endpoint level. This includes, but is not limited to, individual PCs / laptops, servers and mobile devices. If any suspicious incidents are initiated from any of the aforementioned, EDR makes it easier to promptly identify them and immediately engage in mitigation.

Key Features of EDR under Executive Order 14028

  • Constant Surveillance: Endpoints are on constant supervision by EDR tools promoting the early identification of anomalous behavior that can indicate a potential security breach.
  • Automated Response: Once a suspicious activity is detected, EDR systems can automatically take measures such as isolating devices that may be compromised or blocking hostile programs, limiting the potential harm.
  • Integration with IR: EDR solutions work hand-in-hand with IR efforts, facilitating the identification of useful data for analyzing the danger and assisting with a coordinated response.

Information Sharing is a crucial element in boosting the collaborative effort for defending against cyber security breaches. Executive Order 14028 mandates the sharing of information between organizations, both in the private and public sectors, so as to come together as a united front to deal with cyber breach incidents. The intelligence obtained from breaches are required to be both accurate and promptly  made available. This will allow for the cultivation of defence strategies to help improve the cybersecurity stance across a variety of different sectors.

Key Aspects of Information Sharing under Executive Order 14028

  • Collaboration Across Organizations: Information sharing across sectors is mandatory between both federal agencies and private enterprises leading to co-operative efforts against cyber threats.
  • Timely Threat Detection: Information-sharing facilitates readiness against threats, to more effectively prevent them, or at least identify them before they do more damage.
  • Secure Exchange of Information: The Executive Order also emphasises the importance of governance when sharing information, so that sensitive data is kept safe and out of the wrong hands while fostering collaboration.

Denodo’s Role in responding to threats

Denodo can provide assistance to respond to cybersecurity threats in alignment with Executive Order 14028. By leveraging logical data management, which uses data virtualization to enable real-time access to distributed data, without having to replicate the data, the Denodo Platform enables reliable access to relevant security data, promoting real-time threat detection, facilitating collaboration, and enabling swift incident response. While the Denodo Platform isn’t considered to be a security tool like an EDR, its capabilities with data integration, analytics, and data virtualization demonstrates its ability to support proactive cybersecurity measures, aligning with the goals of Executive Order 14028. Here are some of the ways in which the Denodo Platform can prove useful:

  • Providing a unified data layer, the Denodo Platform enables organizations to gather paramount information across endpoints such as servers, network logs, etc., aiding in the rapid identification of the scope and impact of a security incident. This promotes data-driven post-incident analysis and enables continuous improvement.
  • The Denodo Platform can be used to track security activities and warrant compliance with government regulations, cybersecurity frameworks, and reporting requirements that come with Executive Order 14028. The Denodo Platform abets in exposing potential weaknesses in security protocols by analyzing the effectiveness of an Incident Response.
  • The Denodo Platform can integrate data from a combination of security tools, logs, and monitoring systems, in real time. Since Executive Order 14028 calls for improving threat detection capabilities, the Denodo Platform can help centralize security logs from different platforms to identify patterns of anomalous activity or potential threats. By enabling real-time data integration, the Denodo Platform helps security teams to correlate data from multiple sources, improving both the speed and accuracy of threat detection.

The steps incorporated in Executive Order 14028 for responding to incidents plays a pivotal role in building an ecosystem that empowers effectiveness and resilience in combating cyber-security threats. The culmination of the components mentioned above will help create a robust defense strategy to fight against these threats. Executive Order 14028 will have a deep, long-lasting impact on the future of cybersecurity, and Denodo is here to facilitate compliance with the order, every step of the way.

Nikhil Nair
Latest posts by Nikhil Nair (see all)
Harsh Mangal
Latest posts by Harsh Mangal (see all)