Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Security Advice for Government Agencies in the Age of COVID-19

As COVID-19 drives many government agencies to quickly migrate from a centralized to remote workforce, new cybersecurity questions arise. Here are steps government agencies can take to manage these new cyber risks. 

Formerly office-bound employees are using personal devices in today’s necessity-driven remote work environment, introducing new BYOD challenges. This immediate expansion of the attack surface introduces new uncertainties and increased risk, raising important questions:

  • How can we manage and secure these new assets?
  • How can we make sure cybersecurity gaps don’t emerge in such an uncertain environment? 
  • How can our security team keep up with the explosion of assets and vulnerabilities?

These types of questions must be addressed promptly and directly to prevent the potentially catastrophic consequences of cyberattacks. Here are some steps government agencies can take right now to manage these new cyber risks. 

#1. Take stock of newly connected remote assets, including personal devices 

Knowing where your organization is potentially exposed means knowing all your assets. With so many employees teleworking, it’s imperative to understand which new devices are now connecting to the network, even if intermittently. This is especially important given the sudden increase in virtual meetings. One immediate step Tenable customers can take is to use Nessus Agents to expand their visibility into the expanded attack surface and quickly assess new, unprotected assets, including personal laptops, phones and more, which are likely not part of the company’s security or vulnerability management program.

Nessus Agents are lightweight scanners you install locally on hosts to supplement traditional network-based scanning or to provide visibility into assets missed by traditional scanning. They collect vulnerability, compliance and system data and send that information back to a manager for analysis. You can scan hosts without using credentials and run large-scale concurrent agent scans with little network impact.

Although Nessus Agents provide a subset of the coverage in a traditional network scan, they can be useful if you need to:

  • Scan transient endpoints that are not always connected to the local network. With schedule-based traditional network scanning, these devices are often missed, causing gaps in visibility. Nessus Agents allow for reliable compliance audits and local vulnerability checks to be performed on these devices, providing some visibility where there previously was none.
  • Scan assets for which you do not have credentials or could not easily obtain credentials. When installed on the local system, Nessus Agents can run the local checks.
  • Improve overall scan performance. Since agents operate in parallel using local resources to perform local checks, the network scan can be reduced to just remote network checks, speeding scan completion time.

#2. Focus on cyber hygiene fundamentals

As change accelerates and new challenges emerge daily, it is beneficial to stop and review the basics. We revisited past Tenable advisories regarding the importance of maintaining sound cyber hygiene in state, local, tribal and territorial governments, and found these important and still relevant top five priorities that provide another way to look at the challenges of the current situation:

  1. Count: Know what’s connected to – and running on – your network (as discussed in #1 above, this is the primary and most important step)
  2. Configure: Implement key security settings to help protect your systems 
  3. Control: Limit and manage those who have admin privileges for security settings 
  4. Patch: Regularly update all apps, software and operating systems 
  5. Repeat: Regularly revisit these top priorities and your organization’s security policy to form a solid foundation of cybersecurity 

Now, more than ever, sharpening the focus on these basic cybersecurity fundamentals is the most essential action a government agency can take to protect its network environment.

#3. Focus first on what matters most

Even in the best of times, patching every vulnerability in every network device is an impossible dream. In the current environment, with networks expanding and resources being strained to the breaking point, many vulnerabilities are likely to remain unpatched for prolonged periods of time. But, here’s the good news: You don’t have to patch every vulnerability to effectively reduce your risk. You just need to patch the vulnerabilities that matter. Predictive Prioritization can help you become more secure by guiding you to the vulnerabilities that matter most.

Predictive Prioritization is a data science-based process that goes beyond CVSS and re-prioritizes each vulnerability based on the likelihood it will be leveraged in a cyberattack. Predictive Prioritization assigns a Vulnerability Priority Rating (VPR) for every disclosed vulnerability, including vulnerabilities that have yet to be published in the U.S. National Vulnerability Database (NVD). Now, here’s even better news: If you are a current Tenable.sc or Tenable.io customer, you already have this capability. To learn more about it, and for help in getting the most out of what you already have, please ask your Tenable customer success manager or join our office hours

More information to help secure government telework

Working to adapt your vulnerability management efforts to effectively secure growing telework environments? Here are resources to help you:

For Tenable.io and Tenable.sc customers

For more information on securing your remote workforce, read the blog post, “We’re Here to Help: Securing Your Remote Workforce

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training