Today’s expanding external attack surface has become a playground for cybercriminals and nation-state actors alike, posing a growing threat to US public sector organizations. Thankfully, the external cybersecurity market is maturing to better address these threats at a time when government agencies are starting to strategize their response to external risks.
Understanding External Risks
The federal government is a prime target for external threat actors seeking to diminish the government’s reputation and erode public trust. Given its often sensitive missions involving confidential data, maintaining reliable data and truthful messaging is critical to achieving its core mission — to serve and protect its citizens.
Historically, security vendors have offered an array of services essential to understanding an agency’s external risk, including:
- Raw and enriched threat intelligence feeds offering streams of compromised accounts, botnet data, and known indicators of malicious activity;
- Monitoring agency brands, social accounts, domains, personnel, locations, and other external assets across the surface, deep, and dark web;
- Vetting social and digital channels for alerts about imminent physical threats to protected agency personnel, locations, and other assets;
- Takedown and remediation services to remove impersonations, retrieve stolen data, block or take down fraudulent or phishing websites.
Additionally, some services scan and analyze an agency’s owned assets from a completely external perspective, providing teams with an attackers’-eye-view of shadow IT, open ports, vulnerabilities, etc.
With the explosion of cyber tools, security teams want fewer, better solutions. As Gartner®1 indicates in its recent 2023 Market Guide for Security Threat Intelligence Products and Services, “Increased end-user demand for vendor consolidation in all security markets has led to the inclusion of TI features from adjacent markets in security threat intelligence, namely DRPS and EASM.”
Thankfully, the external cybersecurity market is starting to take shape. Providers now generally fall into one or more of three categories of external cybersecurity solutions: TI (Threat Intelligence), DRPS (Digital Risk Protection Services), and EASM (External Attack Surface Management). This should provide some relief for those trying to navigate the market’s overwhelming diversity of offerings.
Gartner actually illustrates this market growth process in great detail with this graphic2:
The end goal is the ability to deliver highly curated external threat and risk information through a centralized console. “Highly curated” implies that deep rationalization, correlation, and validation are taking place at the intersection of these information streams. This is where the market needs to be if we want to see progress in reducing external threat risk.
Security and risk management leaders should use this research to select the right security threat intelligence products and services and to understand and respond more efficiently to the threat landscape.
External Threats Set to Intensify
A focused approach on external cybersecurity not only makes sense from a market growth perspective, but it also provides a framework for how public sector organizations should be thinking about cybersecurity in general. Most agencies have focused on compliance for so long that when the number of external threats started to increase rapidly, they were not always prepared to shift their attention beyond the network perimeter.
At the same time, the government’s rapid move to a heavier reliance on cloud, social media, and a remote workforce has changed the scope and scale of its existing security infrastructure faster than government security strategies and procurement could adapt. Agencies must now increase their focus on protecting against threats originating outside of a traditional network environment.
CALLOUT BOX: According to Biden’s National Cybersecurity Strategy, “…our rapidly evolving (digital) world demands a more intentional, more coordinated, and more well-resourced approach to cyber defense.”
When agencies move away from solely defending their network and consider the seemingly infinite number of possible threats from the outside, they typically need to build upon their existing security stack with cyber intelligence tools that enable advanced threat visibility and disruption capabilities. Ideally, these tools, in combination with existing agency cyber telemetry will provide a complete external threat perspective — from the inside looking out and the outside looking in.
What to Expect Next
ZeroFox’s recent acquisition of LookingGlass Cyber Solutions represents an exciting time for the external cybersecurity market. Public Sector customers can expect something from ZeroFox in the near future unlike offerings from any other vendor – all three external cybersecurity solutions (DRPS, TI, and EASM) in one platform.
ZeroFox recommends the following to make the best use of external cybersecurity solutions, cyber intelligence products, data, and services available to the public sector:
- Create efficiencies for threat hunters by building a threat intelligence program that correlates multiple threat intelligence feeds against attack surfaces of interest to the agency.
- Leverage common platforms where multiple internal teams can collaborate and identify threats from multiple external vectors as well as threats to the organization’s reputation and overall mission security — not just data.
- Focus on intelligence providers that use advanced curation techniques to provide highly actionable insights.
- Gartner is a registered trademark and service mark of Gartner, Inc. and its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product, or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designations. Gartner research publications consist of the opinions of the Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, concerning this research, including any warranties of merchantability or fitness for a particular purpose
- Gartner, Market Guide for Security Threat Intelligence Products and Services, By Jonathan Nunez, Ruggero Contu, Mitchell Schneider, 4 May 2023
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request. ↩︎
Tags: External Cybersecurity