Federal Cybersecurity Threats Demand an Analytics-Driven Detection and Response

By Dolan Sullivan, Vice President of Federal at Aruba, a Hewlett Packard Enterprise company
Share Post

Federal networks are under siege. Bad actors want to steal classified information or other high-value data like Social Security numbers, research data, healthcare records or soldier training information. Cyberattacks can disrupt mission operations, foment geopolitical turmoil and provide a big payday for criminals.

Cybersecurity is a top priority for Federal CIOs. Insider threat, training and workforce development, and phishing were identified as the most pressing cyber threats, according to Grant Thorton's 2017 Federal CIO Survey.

As Federal CIOs modernize IT systems to increase efficiency and enhance digital services, they are also enhancing cybersecurity. The shift to mobile and cloud have streamlined operations and lowered burdensome operations and maintenance costs, but these same innovations have also rendered the time-tested perimeter-focused security approach insufficient.


Ensuring cybersecurity has always been mission-critical, but with more users, more devices and more data in more places, it's exponentially more difficult. Whether through phishing, ransomware or other malware aimed at personnel and their devices, attackers are successfully breaching the network perimeter undetected. There are threats from within as well: Attackers may be disgruntled staff, dismayed with the Administration, or simply finding out what they can get away with. The proliferation of smart, connected IoT devices further expand the attack surface. Cyber risks – and successful attacks – are rising.

Without clear visibility into attack behaviors inside the network, attackers are free to steal or destroy sensitive data or disrupt operations. The dwell time of malware is significant: Cyberattackers operate undetected for an average of 99 days, according to the 2017 Mandiant M-Trends Report.

Now factor in the widespread shortage of cybersecurity professionals. Industry experts predict 3.5 million unfilled cybersecurity jobs by 2025, up from 1 million openings in 2016. The surging need is not a surprise, either, as four years ago, the RAND Corporation called the "shortage of cybersecurity professionals a risk to national security."

The cybersecurity skills shortage impacts both public and private sectors, but recruiting and retaining qualified cybersecurity personnel has always been challenging for government agencies, given the long hiring process and pay that isn't equitable with the private sector. The cybersecurity problem is getting harder, and there are fewer experts available.

It's Time for Analytics-Driven Active Cyberattack Detection and Response

 Analytics-driven attack detection and response, along with a secure network foundation, can help Federal close the cybersecurity gap.

That is the goal of Aruba 360 Secure Fabric framework. 360 Secure Fabric gives IT teams visibility into active attacks and allows them to identify and mitigate advanced threats. Security and network teams have a seamless path from user and device discovery and access control to analytics-driven attack detection and response, all based on policies set by the organization.

Aruba ClearPass is the keystone of 360 Secure Fabric. ClearPass provides proactive network profiling, access control and policy management. ClearPass covers the entire range of access control – wired and wireless, guest and BYOD onboarding – and provides policy-based remediation and attack response. In January 2018, ClearPass became the first network access control solution in the industry to achieve Common Criteria certification.


Aruba IntroSpect User and Entity Behavior Analytics (UEBA) is an additional key element of the 360 Secure Fabric framework. IntroSpect detects attacks by spotting small changes in user, device or system behavior that often indicate exploits that have evaded traditional security monitoring and analytics. IntroSpect integrates advanced AI-based machine learning, visualizations, and instant forensic insight, so that attacks involving malicious, compromised or negligent users, systems or devices can be found and remediated before damage is done.

To extend the security ecosystem, more than 100 third-party systems can add context to ClearPass and IntroSpect and strengthen network policies. ClearPass natively integrates with firewalls, mobile device management, SIEM, single sign-on and many other solutions to deliver end-to-end visibility and policy enforcement.


360 Secure Fabric is predicated on the Aruba Secure Core, an analytics-ready infrastructure with embedded security. Core security capabilities are built into all of Aruba's wireless access points, switches, routers and controllers. Aruba supports FIPS encryption, and Aruba Mobility Controllers have been Common Criteria-certified since 2014.

Aruba has long been at the forefront of delivering high-performance, highly reliable and secure wired and wireless networks to all parts of the Federal market, and with 360 Secure Fabric, we underscore that commitment.

Go Deeper

Read the blog on ClearPass's new Common Criteria certification by Jon Green, Aruba Federal CTO.

Learn more about IntroSpect UEBA.