The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel
Malware Monitoring

Continuous Malware Monitoring Is Critical for Government Agencies

Government agencies are among the most popular targets for cyber attacks. According to a 2019 Senate report, cyber attacks on government agencies have increased by more than 1,300 percent over the past 15 years, with a high-water mark of 35,277 incidents in 2017. Another recent study finds that nearly 70 percent of all ransomware attacks in the U.S. last year targeted government entities.

To combat the threat, public-sector agencies need security tools that provide increased visibility into their distributed networks, along with the mechanisms for detecting, containing, and remediating threats. That’s why many are implementing advanced solutions featuring continuous malware monitoring.

Valuable Data, Archaic Security

High-value data is a main reason agencies are targeted. In addition to data about the people they employ and serve, agencies store a great deal of sensitive information about the many businesses that do contract work for the government.

A dependence on antiquated technology makes many public-sector organizations easy marks. For example, many key government benefits applications were written in COBOL, an Eisenhower-era programming language. These legacy apps often predate the Internet and lack any appreciable security features. What’s more, they are dependent on legacy hardware, operating systems, and database structures that introduce even more vulnerabilities.

Analysts warn that these systems are particularly vulnerable to attacks designed to remain active but unnoticed for long periods of time. Advanced persistent threats (APTs) and network resident threats (NRTs) both feature stealthy malware that remains undetected for weeks or months, moving laterally throughout the network to harvest credentials and sensitive data. Eventually, this data is exfiltrated to a command-and-control server.

APTs and NRTs are often difficult to identify initially because they are concealed inside another file that seems legitimate. Using techniques such as steganography, criminals can hide executable files inside a seemingly harmless document, text message, video, or image. It could be days, weeks, or months before the malicious payload is eventually launched.

Conventional malware monitoring solutions provide limited protection from APTs and NRTs. Those tools were built for preventive measures, blocking known malware as it tries to enter the network. If a new or disguised piece of malware gets into the network, basic monitoring tools offer little to no visibility.

Always On Guard

Solutions such as Cisco Advanced Malware Protection (AMP) not only create a stronger first line of defense, they also use continuous monitoring and analysis to keep tabs on potential problems over time. Rather than blocking only known malware, Cisco AMP uses sophisticated detection engines, one-to-one signature matching, and machine learning techniques to catch known and unknown malware before it enters the network. It then continues to watch, analyze, and record the activities of files that are initially deemed safe.

Continuous monitoring ensures that APTs and NRTs remain under surveillance. If malicious behavior is spotted later, AMP generates an alert through its browser-based management console. The alert contains a dynamic analysis of the threat and a complete ancestry of file activity that describes where the file came from, where it’s been and what it’s doing. The threat can then be contained and neutralized with just a few mouse clicks.

The combination of sensitive data and outdated technology makes government agencies an inviting target for cyber-criminals, and the consequences of a data breach can be significant. Advanced solutions such as Cisco AMP that feature continuous malware monitoring can significantly reduce the risk of such stealthy attacks.

The Cerium Difference

Cerium differentiates itself in the state and local government and education (SLED) sector with a strong, cohesive Cisco portfolio and some of the most highly-certified and skilled Cisco experts in the industry.

Cisco’s NASPO ValuePoint DataCom Contract

Because of Cerium’s technical and resource investments, and our strategic business plan for better serving state and local agencies, and education, Cerium is able to offer public-sector clients Cisco networking and converged infrastructure technologies under this contract.   Read More

Recent Posts

PuTTY SSH Client Flaw

CVE-2024-31497 is a vulnerability in PuTTY versions 0.68 through 0.80. PuTTY is a popular open-source terminal emulator, serial console, and network file transfer application that

Read More »


“Darcula” represents a new breed of Phishing-as-a-Service (PaaS) posing a serious threat to both Apple and Android users. This sophisticated attack leverages encrypted text messages

Read More »
For Emergency Support call: (877) 423-7486
For other support requests or to access your Cerium 1463° portal click here
Stay in the Know

Stay in the Know

Don't miss out on critical security advisories, industry news, and technology insights from our experts. Sign up today!

You have Successfully Subscribed!