Securing the government enterprise: The case for managed security services
January 12, 2021
January 12, 2021
Federal government agencies face unique and growing challenges in securing their enterprise from cyberattacks. They have a higher threat profile than many of their commercial counterparts, coupled with institutional constraints in acquiring, hiring, and implementing the critical resources needed to fully protect their agency.
Against these challenges, managed security services like extended detection and response (XDR) can dramatically improve their overall cyber resilience, enabling them to detect, defeat, and recover from increasingly sophisticated attacks faster and more confidently.
By standardizing and automating core security operations and integrating streaming analytics and threat intelligence, XDR can improve overall performance, financial predictability, and cost-effectiveness. For example, federal agencies can reduce security operations center (SOC) costs by a third or more with a managed option. The end result is enabling a more strategic, agile, and sustainable approach to cybersecurity, empowering federal agencies to stay ahead of threats and operate with greater assurance.
Federal agencies face a host of inherent constraints that make protecting their networks and infrastructure both costly and challenging. These factors include an inability to readily hire qualified talent, an overly complicated IT architecture and environment that is expensive and difficult to protect, pervasive compliance mandates, and a procurement system not conducive to agility.
These factors leave too many federal agencies reliant on highly manual processes, outdated technologies, and understaffed and undertrained security operations centers (SOC) to protect their exceedingly fragmented environment against a growing number of more sophisticated attacks. Given the exposure they face, where even one successful attack is too many, these challenges are unacceptable risk in far too many cases.
Federal agencies are also shifting their focus from perimeter security to more adaptive approaches like zero trust that offer more multifaceted and pervasive defenses. This is driven by the need to protect their increasingly distributed and virtual cloud-based environments from more numerous and cunning cyber-attacks. Continued reliance on firewalls and similar border protections alone leaves the enterprise vulnerable and unprotected.
These frameworks argue that trust in the security of the network is misplaced, with organizations requiring a more data-centric strategy instead. This means implementing a layered, risk-based approach using integrated threat intelligence, automation and analytics to more quickly detect and eradicate threats anywhere in the environment.
What they have discovered is that adversaries will eventually breach an agency. As a result, there is increasing recognition that detection and response speed is the new battlefield, as this can dramatically reduce the potential damage and impact. According to Accenture research, cybersecurity leaders detect and mitigate attacks faster, which means they are four times less likely to suffer a significant breach, and their cost to defend and mitigate a successful attack is 72 percent lower.
Managed security services like extended detection and response (XDR) can dramatically improve agencies’ overall cyber resilience, enabling them to detect, defeat, and recover from increasingly sophisticated attacks faster and more confidently.
Approaches like XDR [or earlier managed detection and response (MDR)] industrialize this next-generation security operations center into either Software-as-a-Service (SaaS) or fully managed service offerings. It takes advantage of a platform-based approach that integrates specialized cybersecurity tools together to provide a highly automated, insight-driven, active cyber defense. When adopted as a managed service, agencies further benefit from teams of highly trained cyber analysts using established best practices to address the full cybersecurity lifecycle.
XDR is built for zero trust, as it brings all of the pillars of trust together as an integrated security model. And as we will discover, XDR is the rare solution that can deliver, as a managed service, significantly better protection at lower (and more predictable) cost. It also allows federal agencies to extend coverage very quickly while increasing their operational maturity.
As a cloud-based, open platform, agencies can automatically deploy Accenture’s federal offering across a variety of environments for 24/7/365 continuous monitoring in just hours and it’s fully operational in 90 days. It can provide up to 100% enterprise and ecosystem coverage, including Internet-of-Thing (IoT) and operational technology (OT) systems.
90
Accenture XDR for Government is fully operational in 90 days, but can be deployed across a variety of environments for 24/7/365 continuous monitoring in just hours.
100%
It can provide up to 100% enterprise and ecosystem coverage, including Internet-of-Thing (IoT) and operational technology (OT) systems.
The integration of end-to-end monitoring, real-time threat intelligence, and preprogrammed incident responses means that the preponderance of low-level and repetitive alerts are handled automatically. In the case of Accenture XDR for Government, up to 80 percent or more of these event alerts are resolved, with a 95 percent true positive rate (vs. 75 percent industry average), without human intervention. The remaining alerts are sent to tier 2 and 3 analysts. This approach ensures 100% alert coverage and continuous vigilance while decreasing alert fatigue, which is a hidden threat in many organizations.
Accenture XDR for Government also delivers faster incident response and remediation. It detects an incident in production environments, on average, in under one minute and offers service level objective (SLO) defined response time of fifteen minutes or less. It also follows US-CERT SLA and reporting requirements. This performance compares very favorably with an industry average of often days or weeks to detect, respond, and remediate attacks and breaches.
A recent Ponemon Institute report, The Cybersecurity Illusion: Enterprise Security Remains Reactive, showed that only 24 percent of organizations have a robust cyber metrics program in place, and only 60 percent tracked any meaningful metrics at all. Accenture XDR for Government works to fill this gap by mapping all detections to the MITRE ATT&CK framework for further analysis, while a customer portal provides a real-time view of an agency’s security posture. This approach builds collective knowledge of the threat environment's true nature and sets the stage for continuous performance improvement.
The end result is that managed security services like Accenture’s federal offering not only provide more extensive coverage with better threat detection and faster remediation in many cases, but this improved performance is backed by measurable key performance indicators (KPI) and enforceable SLAs.
Consider, for example, a 3,000-person federal agency with 5,000 endpoints under management. Analysis indicates that they could achieve a $3.4M cumulative net benefit over the first three years of implementing Accenture XDR for Government. These benefits include a 32 percent reduction in operating costs that creates $1.5M in direct cost savings and avoidance. The added value derives from quantifiable performance improvements and risk reduction.
Another agency with 4,500 employees forecasted $10M in hard cost savings over five years with Accenture XDR for Government. The agency would also enjoy a $5M added value benefit from automated incident response and integrating threat intelligence to improve operational efficiency and effectiveness.
This makes Accenture XDR for Government the rare solution that delivers better performance and protection at less cost. It is also the only XDR solution offered as a managed service with current FedRAMP authorization for deployment within a federal environment.
The expanded use of managed security services will grow in federal agencies as it did with other outsourced technologies. The undeniable business case will ultimately push the service-model forward. Government agencies already benefit from outsourced services. It is time the security stack joins the other groundbreaking technologies agencies benefit from because of the “as-a-service” model.
Federal agencies’ unique cybersecurity challenges leave them vulnerable to increasingly sophisticated attacks. Learn how managed security services can help.
20 minute read
10 minute read