Cybersecurity guidance
CISA, Partners Issue Remote Access Software Security Guidance
The Cybersecurity and Information Security Agency and its partners have released the Guide to Securing Remote Access Software, which informs organizations on how to identify and defend against threat actors working to exploit remote access software vulnerabilities.
The joint guide covers common exploitation methods and tactics, techniques and procedures hackers use to infiltrate systems. It also includes recommendations and best practices to help IT, operational technology and industrial control systems professionals and organizations stop threat actors, CISA said Tuesday.
Eric Goldstein, executive assistant director of cybersecurity at CISA, said collaborations will ensure that hackers will be identified and their attempts to exploit remote access software will be quashed. Bryan Vorndan, assistant director of the FBI Cyber Division, shared that information sharing would help improve cyber defense networks and mitigate future cyberattacks.
The agencies’ emphasis on information sharing is not new, with CISA and the U.S. Cyber Command previously touting the importance of the practice. Speaking at the RSA Conference in late April, Goldstein and Cyber National Mission Force commander William Hartman shared that opening data channels across agencies and private companies helps with incident responses and threat identification.
The release of the guidance follows the CISA’s publication of guidelines for secure cloud use based on the Trusted Internet Connections framework. The “TIC 3.0 Cloud Use Case” document informs federal agencies on security and telemetry practices for various as-a-service models for cloud offerings.
Category: Cybersecurity