One of the biggest challenges with cybersecurity is ensuring potential victims have the information they need to help prevent attacks. That’s why the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) created the new Enhanced Cybersecurity Services program. It’s an ambitious partnership in which CISA shares classified intelligence with a few trusted service providers, who in turn will use that information to alert their customers.
Viasat recently became just one of three companies approved to offer ECS services to customers.
While many firms and government entities have their own internal IT security, the ECS program is an order of magnitude different.
“We are literally one of the three providers who can offer you this,” said one Viasat cybersecurity expert who requested anonymity because of the sensitive nature of his work. “Not many organizations have the means to qualify to get this intelligence. “It requires a large investment in classified facilities, technology, cyber experts with clearances and a very rigorous process to get accredited to run this operation. We have spent several years to achieve all of this to become an ECS service provider.”
But the three service providers are not alike. Two offer an external Off-Premises Defense Model, in which customer traffic is rerouted to the service provider’s classified facility. The traffic is compared with CISA-vetted classified threat data, any threats are blocked, and then the traffic continues on to the customer.
Viasat has taken a more innovative path. The company is offering an On-Premises Defense Model, in which Viasat will place its Trusted Cyber Sensors (TCS) system behind the network gateway at customer sites. Rather than network traffic being re-routed to a distant cybersecurity center, Viasat will secure the traffic at the customer’s site.
Viasat curates DHS-provided sensitive and classified cyber threat information, which we operationalize to protect your network. We use a systematic approach to apply specific knowledge of adversary tactics, techniques, and procedures (TTPs) and use the TCS to detect their network behaviors. If a threat is detected, Viasat can immediately alert the customer, and then help with the appropriate response.
Household network example
To help put this in perspective, compare on-premises versus off-premises defense in a typical household network. Off-premises security can only glimpse the traffic that goes in and out of the household router, but not what devices are actually in the home.
“You are only seeing that this router is communicating out to the internet, but you don’t know if it’s a phone, a laptop, or an IOT device behind the router, and therefore it’s hard to track down the culprit or assess the risk,” said the Viasat expert.
In contrast, on-premises defense can identify which specific devices in the network are under attack or infected. “When you put a sensor on the inside of your network, then you can see exactly which devices are misbehaving and go right to the root of the problem.”
Another advantage of on-premises defense is that it doesn’t require the customer to upgrade their network architecture. More significantly, at a time when data breaches pose enormous financial and legal risks, the on-premises model ensures data is screened at the customer’s location. That means their data never leaves their site, as opposed to passing through an external site.
A higher level of protection
Viasat defines its On-Premises Defense system as a premium service for customers who insist on higher levels of protection. For example, while off-premises defense tends to be highly automated, Viasat’s on-premises model adds a human element. Viasat’s 24/7 security operations center and its team of cyber experts – who have high security clearances, and often come from military and intelligence backgrounds – can discern threat patterns that would be missed by an automated detection system.
While this will clearly benefit corporate customers, Viasat’s system could also help protect state and municipal governments from threats from ransomware and phishing attacks that jeopardize daily operations. On-premises defense could, for example, detect a seemingly valid but infected software that has infiltrated the supply chain, doing nefarious activities masquerading as the real thing. Or, Viasat’s human analysts might detect behavior patterns in the attacks and alert officials to which devices are most threatened.
An even more timely and intriguing possibility is election security. U.S. government agencies worry that foreign actors will attempt to disrupt the electoral process, which means state and local governments will need to secure their voting systems.
ECS and Viasat’s on-premises cybersecurity could add that extra layer of security to reassure election officials and the public.
“It would be an excellent early-warning system,” says the Viasat expert.