While much of the focus on cybersecurity risks has been focused on prevention and detection, many organizations are quickly discovering that threat hunting is the next step in the evolution of their security operations center (SOC).

Metadata. It’s not a word that springs to mind when you think about detecting and stopping attacks on your networks and endpoints. If you’re investigating an attack you probably pull logs files and Netflow data to try and make sense of what’s going on. Nothing wrong with that. But as with all things cybersecurity, there’s always more you can do. And that’s where metadata comes in.

As incidents of government data breaches increase and threat landscapes grow, savvy federal, state and local government agencies should take a look at how data loss prevention technologies can help them discover, monitor, and protect sensitive data across clouds, mobile devices, and on-premise.

What is Data Loss Prevention?

Fighting hackers is hard enough, but a huge shortage of cyber workers could leave the government exposed. According to numbers from the Bureau of Labor Statistics, there were more than 209,000 unfilled cybersecurity jobs in the U.S. in 2016, although the number could be as high as 350,000.

Cyberattacks on the application layer are becoming more commonplace than attacks on servers, according to a survey of IT professionals by DLT partner, Veracode. The problem is that traditional security methods are largely ineffective against these application layer attacks. But despite this increase, it’s important to maintain perspective.

Compromised credentials are a leading cause of security breaches.  According to Verizon’s 2015 Data Breach Investigations Report, 95% of security incidents involved stealing credentials from customer devices, and using them to web applications.  So many stolen credentials are available to hackers, generally on the Dark Web, that passwords are no longer effective.

Although still in its infancy in the public sector, making the shift to DevOps methodologies is starting to catch on with many government agencies, including the U.S. Citizenship and Immigration Services, the EPA, and Nuclear Regulatory Commission.

As you may know, with DevOps, IT tasks and application deployment that would normally take months or years, now take weeks.

But Rome wasn’t built in a day.

CAD files are highly valued and frequently shared and exchanged. But CAD files often contain confidential information and IP which can have legal data protection obligations. To protect these files collaborators may use email encryption programs, network file share access control, secure file transfer protocol, mobile device management, enterprise and cloud-based content management, and so on.

The history of hacking shows that bad actors use good technologies for bad purposes.  Machine learning is no different: it has never been easier for white hats and black hats to obtain and learn the tools of the machine learning trade. Software is readily available at little or no cost, and machine learning tutorials are just as easy to obtain.

Last month's ICIT Winter Summit hosted a packed house of cybersecurity thought leaders from the industry and the public sector. The summit convened with an opening keynote on Securing the Cyber Frontline from Brigadier General (Ret.) Greg Touhill, former Federal CISO.