* [Blog](https://www.paloaltonetworks.com.au/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/) * [Government](https://www.paloaltonetworks.com.au/blog/category/government/) * Securing Government: Here... # Securing Government: Here's What We Should Learn from 2016 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F03%2Fgov-securing-government-heres-learn-2016%2F) [](https://twitter.com/share?text=Securing+Government%3A+Here%E2%80%99s+What+We+Should+Learn+from+2016&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F03%2Fgov-securing-government-heres-learn-2016%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2017%2F03%2Fgov-securing-government-heres-learn-2016%2F&title=Securing+Government%3A+Here%E2%80%99s+What+We+Should+Learn+from+2016&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2017/03/gov-securing-government-heres-learn-2016/&ts=markdown) \[\](mailto:?subject=Securing Government: Here’s What We Should Learn from 2016) Link copied By [Pamela Warren](https://www.paloaltonetworks.com/blog/author/pwarren/?ts=markdown "Posts by Pamela Warren") Mar 16, 2017 7 minutes [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown) [Automation](https://www.paloaltonetworks.com/blog/tag/automation/?ts=markdown) [CDANS](https://www.paloaltonetworks.com/blog/tag/cdans/?ts=markdown) [defence](https://www.paloaltonetworks.com/blog/tag/defence/?ts=markdown) [defense](https://www.paloaltonetworks.com/blog/tag/defense/?ts=markdown) [Government](https://www.paloaltonetworks.com/blog/tag/government2/?ts=markdown) [Military](https://www.paloaltonetworks.com/blog/tag/military/?ts=markdown) I recently presented about securing government at the 2017 Cyber Defense \& Network Security (CDANS) conference in the United Kingdom. As I was preparing remarks for senior U.S. and EMEA military leadership, and as I've done in years past for this annual conference, I began pondering 2016 in the context of securing our networks. What could I advocate to these leaders that was different than I have advocated in years past? After all, we're seeing some of the same issues -- made even more urgent by our evolving networks into public clouds, and with our data more widely dispersed than ever before. Entering 2017 with more electric grid attacks, a year of pervasive and successful ransomware, attack campaigns of years past that succeeded once again, and now our first ever botnet of things, what could I say to encourage these leaders and help us focus not on the past but on lessons for a very positive start to 2017? Well, as it turns out, quite a bit. What follows are my observations and thoughts for using 2017 to course-correct with both the recognizable patterns and greater attention to best practices to ensure our defense in depth strategies are agile. \*First, let me pose a question to you: Coming out of 2016, what do you feel is the number one way in which attackers are ahead of our enterprise security efforts? I would posit that it's automation -- with collaboration a close second.\*As I looked at some of the 2016 cyber malicious activities and events, the automation theme was pervasive and growing: * *Ransomware* * *Return and use of macros* * *Mirai botnet and the "Botnet of Things" attack* * *"OilRig" campaign* * *"Shamoon 2" attacks* * *Yahoo: biggest breach of one source to date* * *Russian gang amass of 1.2B credentials* I won't use this blog post to repeat the [many details we've already published from the year](https://www.paloaltonetworks.com/blog/unit42/). But I do want to reiterate the good news that I repeated to the audience at CDANS, and even more with the [latest release of our PAN-OS 8.0](https://www.paloaltonetworks.com/products/new/new-panos8-0): you, too, have *automation* available to protect your data and your network assets. (More on that later.) Late in 2016, I commissioned a study of how the U.S. federal government is using automation to improve all aspects of its attack mitigation processes -- from external threat intelligence consumption to what security sensors and capabilities are doing to help. The results, published in MeriTalk's [**"Pedal to the Metal"**](https://www.paloaltonetworks.com/resources/whitepapers/meritalk-pedal-to-the-metal) report, were in some ways disappointing, yet were informative in where I feel Palo Alto Networks can help. Here are some highlights: * Fewer than half of U.S. federal agencies guard against emerging and critical attack vectors, increasingly used as attack entry points. * Most focus on traditional entry points (mail server, internet gateway, web) * 55 percent say their agency is currently not ++automatically++ correlating threat campaign information from *++different locations++* * 30 percent do so manually, and * 25 percent don't do it at all * When faced with a new (unknown) threat... * A low 15 percent can *create*new protections within a few minutes (over a third still take days to take any action) * Only 17 percent can *distribute* new protections within a few minutes * Security operations teams ingest an average of 25 external threat feeds daily * 47 percent: Still purchase feeds only consumed via email * 72 percent: Few hours to a few days to assess presence of unique threat and determine whether actionable * 81 percent: Few hours to a few days to create actionable changes in security posture to protect against a new threat received from external sources * Security operations teams are allocating skilled and limited resources on tasks that can be automated Most don't need *more* data (or people to review it) but the ability to make *faster decisions*from the data they have. But do they understand that? As Einstein said, "We cannot solve our problems with the same thinking we used when we created them." It's time to embrace innovations in automation, just as we're seeing governments now slowly but surely embrace the cloud. Reduce time to act on anything new hitting your networks. Your goal with today's technology should be under five minutes for new protection to be created and deployed. This could be malware signature creation, detecting and blocking new IP addresses and domains associated with command-and-control infrastructure. When it comes to exploits, they can be stopped immediately -- don't settle for anything less. For government, these changes may seem like radical departures but keep in mind that you can start with incremental change to a long-term goal. Don't be overwhelmed. Perhaps start with one aspect of your network with: 1. Security focused on one location that's more vulnerable 2. Security focused on one aspect of the threat 3. Security focused on one attack vector (internet gateway, north/south into your data center, east/west traffic within your data center, Office 365 and Azure environments, your use of SaaS applications, etc.) 4. Preventing phishing: You can detect if a link in an email is malicious, and then block connections to those sites. 5. Preventing stolen credentials: Now in PAN-OS 8.0, you can block authenticated lateral movement, using multi-factor authentication within the network, from adversaries trying to compromise a network. 6. Reduction of efforts and time to correlate and make actionable use of threat intelligence (from internal and external sources). With our MineMeld tool that's offered as freeware or supported as part of AutoFocus, you can even do correlation, de-duplication, and can create automatic blocklists from your threat intelligence feeds. 7. The people part of the equation. I still hear stories about teams refusing to work together. Resolve to improve teaming between those with security responsibility. Perhaps choose two teams to focus improved communication: start with network and IT security teams, later adding collaboration with DevOps, endpoint and other teams. And don't forget to include the ICS \& SCADA teams, where applicable. For your OT environments, if your country doesn't have regulatory guidelines, use NERC CIPv5 as your baseline, and consider the [Purdue model](https://www.sans.org/reading-room/whitepapers/ICS/secure-architecture-industrial-control-systems-36327). [](https://www.paloaltonetworks.com/blog/wp-content/uploads/2017/03/Pic_1.png) [![pic\_1](https://www.paloaltonetworks.com/blog/wp-content/uploads/2017/03/Pic_1.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2017/03/Pic_1.png) I used a military analogy to which many can relate -- regardless if you were ever part of an airborne mission or are a gamer. Looking out of that cockpit, traversing enemy territory, the timeliness (and accuracy) of the information that you receive is critical. Just as in the physical domain, *every second counts in our cyber domain* . We don't have to repeat the mistakes of 2016. It *++is++* possible to appropriately secure our data and networks -- however we extend them from SaaS to public cloud to remote locations to support our troops, our government operations, and our citizen services. **Let's use 2017 to reclaim control and use automation to*++our++*advantage**-- to reduce the risk to our governments and critical infrastructure and to ensure the resiliency of our digital way of life. To learn more about our other activities at CDANS 2017 this year, please visit: * [CDANS 2017: Keeping Cybersecurity Skills Sharp With Cyber Range](https://www.paloaltonetworks.com/blog/2017/03/gov-cdans-2017-keeping-cybersecurity-skills-sharp-cyber-range/) * [Securing Our Networks with Women in Cyber](https://www.paloaltonetworks.com/blog/2017/03/securing-networks-women-cyber/) And if you haven't had a chance, please read about all of the exciting [enhancements we made in PAN-OS 8.0](https://www.paloaltonetworks.com/products/new/new-panos8-0). ### [![](https://ignite.paloaltonetworks.com/federal/assets/img/masthead_federal.png)](https://ignite.paloaltonetworks.com/federal/federalhome.html) ### Federal Ignite '17 Security Conference: Washington, DC If you are in the U.S. government, come to [Federal Ignite 2017](https://ignite.paloaltonetworks.com/federal/federalhome.html) to learn more about what we're doing for you and your peers to make fast threat prevention through automation a reality. *** ** * ** *** ## Related Blogs ### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [#### New FedRAMP Authorization Secures Remote Access for Federal Agencies](https://www.paloaltonetworks.com.au/blog/sase/2021-fedramp-secure-remote-access/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Google Cloud, Partnered With Palo Alto Networks, Receives US Government Success Memo](https://www.paloaltonetworks.com.au/blog/2021/07/us-diu-cloud-delivered-security/) ### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Palo Alto Networks Extends ISO 27001 Certifications](https://www.paloaltonetworks.com.au/blog/2020/09/policy-iso-27001-certifications/) ### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### CISA Panel: Reflections on Digital Transformation and COVID-19](https://www.paloaltonetworks.com.au/blog/2020/09/policy-cisa-3rd-annual-national-cybersecurity-summit/) ### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Australia's 2020 Cyber Security Strategy](https://www.paloaltonetworks.com.au/blog/2020/08/policy-australia-2020-cyber-security-strategy/) ### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### Virtual JSAC: DoD's Need to Maintain Mission-Critical Remote Work](https://www.paloaltonetworks.com.au/blog/2020/07/policy-remote-warfighter/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language