System Hardening

The United States Defense Information Systems Agency (DISA) created and maintains a library of security guidelines for the Department of Defense (DoD) Information Systems. These guidelines called Security Technical Implementation Guides or (STIGs) identify configuration settings and procedures that organizations should apply to improve the security of their networks and systems. Many federal government agencies, as well as Cleared Defense Contractors (CDC), require that systems comply with these guidelines as part of the deployment and operational certification of the system.

SecureStrux has seasoned Cyber Assessors and Engineers that have been securing enclaves, networks, and systems for the DoD and those who are required to meet Defense requirements for over 20 years. Many of our team members were pioneers with DISA when STIGs were just being developed and even helped write a few along the way.  As these standards and processes have matured, we continued to work with DISA to help maintain these guides and use them to harden systems by either “baking” security in upfront before deployment, or reverse-engineering systems and networks when needed so that they would be compliant and sustainably secure.

Below is a sample of some of the systems and networks we have in-depth knowledge and experience hardening:

STIGs on IASE site

When there is a system or network appliance that does not have a STIG developed specifically for their technology then they should align to one of the published DoD Security Requirements Guides (SRGs) While the published SRGs map to common security areas, SecureStrux provides additional recommendations and guidelines for emerging technologies like systems that might not have a formal STIG or SRG created yet.

SecureStrux cyber hardening addresses securing various threats and challenges across multiple domains, networks, and systems. Cyber hardening involves assessing platforms, mission systems, network systems, and other at-risk solutions, and then applying proven cyber models to help clients defend their networks, mitigate threats, protect their platforms, and continuously assess their systems – both from an internal and external perspective.  

Our goal when hardening and securing systems is to provide our clients with a cyber-resilient environment and to reduce the consequences of attacks. We believe an important aspect of resiliency is cyber hardening and reducing the attack surface of a system and increasing the difficulty of system access and exploitation.

SecureStrux applies a four-step methodology to securing and hardening our client’s network architecture and the systems that support it.

  • The first step involves an architectural review to seek out security flaws that an attacker could exploit to disrupt normal operation.
  • Once these flaws are identified, they’re prioritized from critical to low
  • We then look at the defense-in-depth risk-management techniques – such as fixing vulnerable software, adding security tools, developing policies, adding hardware, and then training client personnel so they can maintain the process.
  • Finally, tests are run to ensure that the mitigation is effective and steps taken have not introduced new flaws.

SecureStrux actively works with its clients to enhance defense-in-depth strategies with solid system-administration practices – also known as cyber hygiene – supported with custom-developed automation tools.

Our experience is that It is difficult for clients to scale up their staff to mitigate evolving attack techniques.  Adding more cyber expertise or system administrators to protect their networks would be ideal, but it isn’t always feasible. There’s a shortage of skilled personnel, and competition for them is high. One cost-efficient way to maneuver around the shortage in skilled personnel is to defend against attacks by leveraging automation tools and analytics as force multipliers which reduce the time it takes to monitor compliance.

The Defense Industry and the cyber community at large face myriad cyber hardening challenges. Among the worst aspects: protecting such a wide variety of platforms, the age of the technology involved.  It is difficult to hire one or two cybersecurity personnel to maintain and monitor compliance for all the different platforms.

Industry faces new adversaries on a daily basis. The variety of systems and platforms that must be defended are a challenge. The size, scale, and complexity of these systems – combined with the need to keep them operational and protected – are also a challenge. Legacy hardware and software pose yet another problem.

A significant cyber hardening challenge for many is that they must operate in large, complex, and heterogeneous network systems that are deployed globally, often in areas with limited infrastructure. It doesn’t lend itself well too many commercial cybersecurity tools or methods, so the DoD must assess each solution individually to ensure it enhances cybersecurity without degrading critical mission functions.

To be most effective, cyber-hardening has to be “baked in” from the initial concept of a system. For systems already in operation, the risks are identified and mitigated before adversaries can exploit the vulnerability.

For more informati0n complete the form below