SCIF, a term typically reserved for government and military jargon, has become a commonplace civilian acronym in the last few months as journalists painstakingly detail how Sensitive Compartmented Information Facilities are the only places that individuals with the appropriate security clearance can process Sensitive Compartmented Information (SCI) types of classified information.
Due to the highly-sensitive nature of the information being processed, there are strict security protocols builders have to employ in creating these physical structures and stringent governance of how they are used and monitored. Different levels of clearance have different levels of monitoring and chain-of-custody policies associated with access.
However, there are occasions when these so-called “spy-proof” structures are not infallible – why? Because there is no visibility into what authorized users are doing with the sensitive information of which they are privy until it’s too late.
Snowden, Manning, and Winner: All Caught Too Late
Edward Snowden removed data from an NSA facility via a portable device, Chelsea Manning slowly and patiently transferred classified information to a personal computer and added unauthorized software to a classified computer system, and Reality Winner printed out an NSA report on Russian hacking.
Each were all eventually caught, and we all know the fallout and consequences. However, the fundamental issue of data misuse still remains. Some say we need to crack down on authorized users. Others feel that too much information is categorized as “classified,” thus making it difficult to prioritize truly sensitive information.
The root cause of this problem is the lack of electronic surveillance to track chain of custody and use of data.
Like a Physical SCIF, Agencies Can Use Carbon Black to Spy-Proof Their Endpoints
When you think about the physical process of accessing a SCIF and processing the classified information inside, you see there’s a surveillance camera, an access log sheet, physical enforcement of device policies, a monitor watching to see what’s being done with the information, and ensuring authorized individuals are not removing anything they should not be removing. This approach encompasses real-time monitoring of user behavior, asset management, policy enforcement, and a recording of the event as it unfolds through physical logs and notes of the activity.
Carbon Black takes the same security approach as a SCIF and places it on the endpoint. Like a surveillance camera, Cb Response provides instant visibility and real-time monitoring capabilities into what’s happening on your endpoints.
Like a SCIF security guard, Cb Response can detect suspicious behavior and anomalous activity and immediately take action to stop it. Cb Response also provides centralized recording. The solution records and stores everything so you have the information you need at your fingertips to provide auditing information, chain of custody evidence, and capture all threat activity.
Focus your EO Strategy on Insider Threats for Quick Wins Using Cb Response
The executive branch has spent years developing a “whole-of-government” strategy to improve the health of all federal information-technology assets and networks, and has set in motion with President Trump’s signing of Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” an aggressive timeline for agencies to strengthen their cybersecurity posture and holding agency leaders accountable for getting it done.
But let’s face it, the government moves slowly, and this approach may never really solve the problem with insider threats. With jobs on the line, agency leaders need quick security wins by turning their endpoints into digital SCIFs with Cb Response.
The Carbon Black team is at the Gartner Risk and Security Summit, June 12-15.
See Cb Response in action by attending the session and visiting our booth at #721.
In the meantime, get a preview of how Cb Response works.