NIST SP 800-137

From: Press Release

SUNNYVALE, CA –  Fortinet® (NASDAQ: FTNT) a world leader in high-performance network security today unveiled a major update to the company’s FortiOS network security operating system that powers the FortiGate platform. This release incorporates numerous innovations that strengthen Fortinet’s Advanced Threat Protection Framework, providing enterprises with a cohesive and coordinated way to combat Advanced Persistent Threats (APTs), zero-day attacks and other sophisticated malware. This Framework uniquely combines Fortinet’s new and established technologies with FortiGuard’s threat research and response to address increasingly complex cyber threats and reduce the risk of network breach and data loss.

Editor’s Note: For information on anti-money laundering regulatory policy, please see the CRE paper, “Unwarrented Deputization: Increased Delegation of Law Enforcement Duties to Financial Institutions” available here.

From: Nextgov

By Aliya Sternstein

The federal government has tapped data surveillance provider Palantir to help civilian intelligence agencies collaborate on money laundering investigations.

The five-year $9.9 million sole source contract follows independent efforts by the departments of Justice, Treasury and Homeland Security to use the tools, according to contracting documets. 

Primarily, feds need the technology to quickly spot puzzle pieces that are not easy to search, such as personnel records and corporate organization charts.

From: GCN

By William Jackson

The threat landscape for government enterprises is evolving rapidly and the stakes are ratcheting higher as public and private sector organizations become more dependent on distributed computing resources and remote access.

As a result, the focus in cybersecurity is moving away from the perimeter and the point security tools traditionally deployed there and toward the use of analytics and monitoring to provide visibility and rapid response.

“Advancements have introduced thousands of applications, threats and vulnerabilities into communications networks, which are increasingly hidden from traditional network security devices,” the National Security Telecommunications Advisory Committee said in a 2013 report to the president.

From: CIO

The evolving nature of cyberattacks demands a more dynamic response, according to government CIOs making an effort to implement real-time, continuous monitoring and reporting for security issues.

By Kenneth Corbin

As federal agencies struggle to keep pace with the mounting threats to their far-flung digital systems, IT professionals must move away from treating security as a compliance exercise and adopt dynamic, real-time monitoring, government CIOs said in a recent panel discussion.

In many agencies, that shift toward continuous monitoring is already well underway, as CIOs have been working to further automate their systems so that networked assets scan for and report potential security incidents.

From: Federal Times

By NICOLE BLAKE JOHNSON

Competition under the Homeland Security Department’s $6 billion cyber contract will be especially fierce over the coming months, with fewer than expected awards for continuous monitoring products and services.

Rather than selecting multiple winners for its upcoming string of task orders, DHS is expected to make single awards. The next six task orders will cover products and services needs for multiple agencies, which will mean big business for the winning vendors.

From: Federal Times

By NICOLE BLAKE JOHNSON

The Homeland Security Department is laying the foundation for a next-generation security operations center, one with more sophisticated technologies for thwarting cyberattacks.

The Next Generation Enterprise Security Operations Center, or NextGen ESOC for short, would revamp DHS’ current security operations center, which today provides 24/7 continuous monitoring, analysis and reporting of DHS security events as well as other services, according to a request for information to industry.

From: Defense Systems/Commentary

By Chris  LaPoint

When people think of the term “inside job,” they typically envision a “Thomas Crown Affair”-type Hollywood thriller, filled with crooks using their wits and technology to stealthily make off with stolen goods under the cover of night.

For DOD IT teams, the reality of an insider threat may be far more mundane, though no less critical. In a recent survey by my company, SolarWinds, 53 percent of DOD respondents said that careless or untrained inside resources posed a serious threat to security – a higher percentage than the usual suspects, including foreign governments, terrorists or external hackers. Insider data leakage and theft were also mentioned as top concerns by a significant number of respondents.