We invite you to watch our webinar that occurred on May 24th, which aimed to provide solutions to the challenges posed by implementing current mandates, executive orders, and the new cybersecurity strategy. Navigating the complexities of implementing these measures can be a daunting task, and we at Veracode understand the difficulties faced by government agencies. Our esteemed panelists, Sam King, Chris Wysopal, and John Zangardi, are industry...

Public sector organizations wisely invested in Intrusion Detection Systems (IDS) to meet security requirements sufficient for the perimeter-based cyber threats of the time. However, today’s threat landscape is growing more complex and nefarious. As the urgency grows to combat modern advanced threats by adopting a Zero Trust security framework, public sector security teams find that standalone legacy IDS comes up short. Others may not yet...

The rise of cyber attacks signals the current approach to security isn’t working, and the industry must make a radical shift to ensure protection of its most important asset – data. Enter Zero Trust. A defined roadmap and lack of cohesive security solutions places the burden of technology integration and partner orchestration on the customer. This results in organizations implementing a self-defined approach made up of an assortme...

Zero Trust Architectures have become a focal point for the US Government in their efforts to improve the nation’s cybersecurity posture. Traditionally providing secure access to applications, including those hosted in the cloud, has forced agencies to make arduous compromises. They’ve needed to either sacrifice security for performance when bypassing security inspection, or performance for security by routing traffic through massiv...

Ever since the dawn of the internet, its usefulness lies in the data it handles, whether moving it, storing it, or calculating with it. As a result, just as Willie Horton once said he robbed banks because “that’s where the money is,” many of today’s cyber bad actors target agencies’ data because they can monetize it. As a result, cybersecurity is akin to the 20th century Cold War. On the one hand, bad actors ...

Cybercrime is evolving at the speed of innovation, sometimes outpacing the progress of cybersecurity. Cybercrime often has the advantage as it is highly motivated and not bound by the many required compliance and regulatory mandates that businesses face. Threat intelligence can be a useful ally, enriching the process of audit and assessment, and providing proof of security controls and policy enforcement that is required for security and comp...

In the last three years, the number of released cybersecurity mandates has doubled. From EO 14028, to BOD 23-01, 02, and (likely soon) 03, not to mention M-21-31 and M-22-09, these mandates are rarely backed with funding or staffing to help meet the reporting requirements. Rarely do agencies have the tools to report outcomes easily and in a trustworthy way. The result? Many agency CISOs and CIOs are left to fulfill an onslaught of mandates wi...

As the vulnerability of industrial control systems (ICS) to cyberattacks continues to have a clear impact on infrastructure security, emerging security solutions are essential to the future of industrial cybersecurity. MOSAICS – More Operational Situational Awareness for Industrial Control Systems – is the working prototype demonstrating an integrated capability for ICS operational defense. This roundtable discussion pulls together...

After the events of the past few years, security is in the forefront of election officials’ minds. The individual states are responsible for conducting elections, so the National Association of Counties (NACo) at its annual legislative conference just conducted a series of workshops and panels on the range of threats facing election workers and voters alike. While physical threats, intimidation and harassment are primary concerns, there...