Justin Falck, head of product for endpoint security at Broadcom, said government agencies can become more proactive in detecting, preventing and responding to security risks and breaches by having real-time visibility into data and endpoints across their network.
“That visibility is a crucial first step in the shift to threat-informed prioritization of risks,” Falck wrote in an article published on Carahsoft.com.
Investing in Threat Prevention, Detection & Response Tools
“The best defensive posture is highly adaptive and can be achieved by investing in solutions that integrate threat prevention, detection and response and that learn from every incident,” Falck said.
“Such tools prioritize threats based on ease of exploitability and potential impact. That kind of insight helps agencies focus on what really matters. And they should continuously validate their security controls via red team exercises,” he added.
In this piece, Falck stated that agencies need to have a strong ability to detect and respond to breaches to prevent unauthorized data access.
“A highly adaptive defensive posture means that when a breach happens, agencies know exactly what the attacker did, how to stop the attack and what to do to keep such an incident from happening again,” he noted.
Integrating Data Protection With Threat Prevention
The Broadcom executive said organizations should incorporate data protection into threat prevention efforts because such activities “are two sides of the same coin.”
“By combining data protection with threat prevention, detection and response, defenders will receive better detection signals and can more easily prioritize the way they respond to potential attacks that target critical data,” Falck said. “In addition, when defenders reduce the possibility of losing sensitive data, they improve their ability stay in compliance with government security policies.”
According to Falck, threat detection and response are core requirements of multiple executive orders, the Federal Information Security Modernization Act and the National Institute of Standards and Technology’s security standards.
He noted that such directives stress the need for organizations to ensure the integrity and availability of data.
