On March 1st, 2023 the White House published an official update to the National Cybersecurity Strategy. This document further defines the nation’s focus on critical cybersecurity issues, and builds on the groundwork set forth in previous executive actions such as Executive Order 14028, Improving the Nation’s Cybersecurity and the Executive Order on America’s Supply Chains. The document covers quite a bit of ground and is organized around the following “pillars”.
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships
The strategy notably puts emphasis both on operational defenses as well as supply chain risk mitigation. Eclypsium is one of the relatively rare solutions that excels in both areas. So while the National Cybersecurity Strategy is naturally far larger than any single solution, let’s take a look at a few ways organizations can use Eclypsium to better align with the strategy.
1 – Establish System Transparency for Critical Systems
“Departments and agencies will direct RD&D projects to advance cybersecurity and resilience in areas such as artificial intelligence, operational technologies and industrial control systems, cloud infrastructure, telecommunications, encryption, system transparency, and data analytics used in critical infrastructure.”
“System transparency” is a great term and it really encapsulates one of the key things that Eclypsium brings to an organization’s security practice. Simple, automated scans make it possible to see exactly what is actually inside a given system including all critical software, firmware, and components. Staff can easily verify the integrity and provenance of an entire system and all its critical components. And Eclypsium can do this for a wide range of assets including laptops, cloud infrastructure, servers, networking gear, and other types of infrastructure. It also can audit the internal components such as the Trusted Platform Module (TPM) that is critical to protecting the integrity of encryption on a given device.
2 – Proactively Audit Acquired Technology
“Markets impose inadequate costs on – and often reward – those entities that introduce vulnerable products or services into our digital ecosystem. Too many vendors ignore best practices for secure development, ship products with insecure default configurations or known vulnerabilities, and integrate third-party software of unvetted or unknown provenance.”
Supply chain security is unsurprisingly a major component of the National Cybersecurity Strategy. And while the plan calls out the need to shift supply chains away from untrusted countries, supply chains will remain inherently complex and prone to vulnerabilities, misconfigurations, and infiltration by adversaries. Eclypsium gives organizations a simple, automated way to detect and mitigate these risks. This includes the ability to proactively verify the authenticity and integrity of components, to find outdated or vulnerable code or components, and to verify that all critical systems and protections are properly configured and working together at the system level.
3 – Protect Infrastructure Targeted by Ransomware
“The Joint Ransomware Task Force (JRTF), co-chaired by CISA and the Federal Bureau of Investigation (FBI), will coordinate, deconflict, and synchronize existing interagency efforts to disrupt ransomware operations and provide support to private sector and SLTT efforts to increase their protections against ransomware.”
While the strategy calls out the need for government agencies to take the fight directly to ransomware operators, it also calls out that organizations need better protections against these attacks as well. In particular, ransomware groups have heavily targeted high-value appliances, networking gear, and other infrastructure that often go unpatched or aren’t managed directly by standard IT or vulnerability management processes. Eclypsium brings a complete approach to protecting these devices by proactively finding systems that have vulnerabilities that are targeted by ransomware actors, verifying the integrity of these systems to ensure they have not been compromised, and helping to apply patches and updates to reduce the organization’s attack surface.
4 – Modernize Organizational Infrastructure
“OMB will lead development of a multi-year lifecycle plan to accelerate FCEB technology modernization, prioritizing Federal efforts on eliminating legacy systems which are costly to maintain and difficult to defend.”
Eclypsium provides a lifecycle approach for the discovery, monitoring, and replacement of outdated infrastructure. Discovery begins by actually finding devices within an enterprise or agency environment, then identifying the software and components within the newly discovered system. Eclypsium can identify systems that are outdated or vulnerable. If updates are not available or the system can’t be patched, Eclypsium can monitor the integrity of the system to identify any signs of compromise. When it comes time to replace an outdated system, Eclypsium scans can provide insight into prospective products and vendors to find vulnerabilities and audit the quality of the technology supply chain.
5 – Add Critical Code Verification to Incident Response Efforts
“Regulators are encouraged to build incident review processes into regulatory frameworks. CISA and law enforcement agencies are encouraged to build processes and routinely extract lessons learned from their investigations and incident response activities. Private companies are likewise encouraged to undertake these reviews and share findings…”
Sophisticated state-sponsored threat actors, particularly those from Russia, have targeted critical code within systems as a way to maintain persistence within a device even after a compromise is discovered. For example, implants within firmware or physical components can be introduced via malware infections or in the supply chain, and this malicious code will often remain even through a complete reinstallation of the host operating system. Eclypsium allows organizations to verify the integrity of all critical code as part of an incident investigation, response, and recovery. This can let teams know conclusively how deep an adversary was able to get on a given system while ensuring that all devices are clean before being returned to service.
Naturally, these are just a few of the ways that Eclypsium can support the National Cybersecurity Strategy. Ensuring the integrity and security of critical code and systems is a fundamental requirement of any security strategy, and Eclypsium makes the process simple, automated, and consistent across all types of infrastructure from end-user laptops, to cloud infrastructure, to the appliances that support an organization’s network and applications. Contact us at [email protected] with any questions or to learn more.
