Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Security Advice for Government Agencies in the Age of COVID-19

As COVID-19 drives many government agencies to quickly migrate from a centralized to remote workforce, new cybersecurity questions arise. Here are steps government agencies can take to manage these new cyber risks. 

Formerly office-bound employees are using personal devices in today’s necessity-driven remote work environment, introducing new BYOD challenges. This immediate expansion of the attack surface introduces new uncertainties and increased risk, raising important questions:

  • How can we manage and secure these new assets?
  • How can we make sure cybersecurity gaps don’t emerge in such an uncertain environment? 
  • How can our security team keep up with the explosion of assets and vulnerabilities?

These types of questions must be addressed promptly and directly to prevent the potentially catastrophic consequences of cyberattacks. Here are some steps government agencies can take right now to manage these new cyber risks. 

#1. Take stock of newly connected remote assets, including personal devices 

Knowing where your organization is potentially exposed means knowing all your assets. With so many employees teleworking, it’s imperative to understand which new devices are now connecting to the network, even if intermittently. This is especially important given the sudden increase in virtual meetings. One immediate step Tenable customers can take is to use Nessus Agents to expand their visibility into the expanded attack surface and quickly assess new, unprotected assets, including personal laptops, phones and more, which are likely not part of the company’s security or vulnerability management program.

Nessus Agents are lightweight scanners you install locally on hosts to supplement traditional network-based scanning or to provide visibility into assets missed by traditional scanning. They collect vulnerability, compliance and system data and send that information back to a manager for analysis. You can scan hosts without using credentials and run large-scale concurrent agent scans with little network impact.

Although Nessus Agents provide a subset of the coverage in a traditional network scan, they can be useful if you need to:

  • Scan transient endpoints that are not always connected to the local network. With schedule-based traditional network scanning, these devices are often missed, causing gaps in visibility. Nessus Agents allow for reliable compliance audits and local vulnerability checks to be performed on these devices, providing some visibility where there previously was none.
  • Scan assets for which you do not have credentials or could not easily obtain credentials. When installed on the local system, Nessus Agents can run the local checks.
  • Improve overall scan performance. Since agents operate in parallel using local resources to perform local checks, the network scan can be reduced to just remote network checks, speeding scan completion time.

#2. Focus on cyber hygiene fundamentals

As change accelerates and new challenges emerge daily, it is beneficial to stop and review the basics. We revisited past Tenable advisories regarding the importance of maintaining sound cyber hygiene in state, local, tribal and territorial governments, and found these important and still relevant top five priorities that provide another way to look at the challenges of the current situation:

  1. Count: Know what’s connected to – and running on – your network (as discussed in #1 above, this is the primary and most important step)
  2. Configure: Implement key security settings to help protect your systems 
  3. Control: Limit and manage those who have admin privileges for security settings 
  4. Patch: Regularly update all apps, software and operating systems 
  5. Repeat: Regularly revisit these top priorities and your organization’s security policy to form a solid foundation of cybersecurity 

Now, more than ever, sharpening the focus on these basic cybersecurity fundamentals is the most essential action a government agency can take to protect its network environment.

#3. Focus first on what matters most

Even in the best of times, patching every vulnerability in every network device is an impossible dream. In the current environment, with networks expanding and resources being strained to the breaking point, many vulnerabilities are likely to remain unpatched for prolonged periods of time. But, here’s the good news: You don’t have to patch every vulnerability to effectively reduce your risk. You just need to patch the vulnerabilities that matter. Predictive Prioritization can help you become more secure by guiding you to the vulnerabilities that matter most.

Predictive Prioritization is a data science-based process that goes beyond CVSS and re-prioritizes each vulnerability based on the likelihood it will be leveraged in a cyberattack. Predictive Prioritization assigns a Vulnerability Priority Rating (VPR) for every disclosed vulnerability, including vulnerabilities that have yet to be published in the U.S. National Vulnerability Database (NVD). Now, here’s even better news: If you are a current Tenable.sc or Tenable.io customer, you already have this capability. To learn more about it, and for help in getting the most out of what you already have, please ask your Tenable customer success manager or join our office hours

More information to help secure government telework

Working to adapt your vulnerability management efforts to effectively secure growing telework environments? Here are resources to help you:

For Tenable.io and Tenable.sc customers

For more information on securing your remote workforce, read the blog post, “We’re Here to Help: Securing Your Remote Workforce

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.