I’m fed up. Better yet, I’m “F.U.D.-ed” up.  In every cybersecurity conference, in every threat report, in every blog and every bit of cybersecurity marketing literature I see one tiresome theme:  “The bad guys are after us!  It’s getting worse every day!  How will we fix it?  Can we fix it?  There’s no magic bullet! The cyber sky is falling, run for your cyber life!”  In other words, an unrelenting stream of– Fear, Uncertainty, and Doubt.

Data leaks, data breaches, blah, blah, blah. Sometimes the attention-grabbing headlines just sound like too much noise.

What’s lacking in most of today’s reporting is the real truth about how government agencies are hacked and what agencies are doing to counter those attacks. Those are the details that can help agencies improve their defenses to face future challenges.

According to a report by MeriTalk, the agency is demonstrating the same cyber-attack vulnerabilities as OPM did prior to its attack in 2014-2015 and it is getting the attention of Congress.

The one-year anniversary of the OPM data breach has come and gone, yet the sensitive data of four million federal employees still remains unencrypted, reports FCW.

We’re all familiar with the outcomes of cyberattacks – stolen personal information and identities, files and systems held hostage, and so on. But with the growth of the Internet of Things (IoT), the attack surface for potential cyberattacks is growing and the perpetrators are demonstrating increasingly hostile motives.

Today, cybersecurity threats are growing in volume, sophistication, and persistence. That’s according to the findings of Symantec’s 2016 Internet Security Threat Report which draws on threat data from its Global Intelligence Network and monitoring activity in over 157 countries.

It’s been nearly one year since the Office of Personnel Management (OPM) first noticed that it had been the target of the largest ever cybersecurity attacks on the U.S. government. That was April 2015 (it wasn’t until June 2015 that OPM actually disclosed the breach).

OPM aside, 2015 was a challenging year for the U.S. government’s cyber defenses – 67,000 system intrusions were detected and a record $12.5 billion was spent defending itself against attack.

For federal government agencies, network monitoring has evolved into something extremely important, yet unnecessarily complex. For instance, according to Gleanster Research, 62 percent of respondents use on average three separate monitoring tools to keep their networks safe and functioning properly.

DLT partner, SolarWinds recently announced the results of its third annual Federal Cybersecurity Survey, which explores the biggest barriers to improving IT security, including exposure during consolidation and modernization processes, threats from foreign governments and careless or untrained insiders.

Top of the list? IT modernization. In fact, almost half of the government’s IT modernization and consolidation efforts have resulted in an increase in security challenges.

Network Access Control (NAC), ensures proper configuration and security posture on devices trying to access a network.  It’s been around for a while, but acquired a bad reputation in its early days.  I remember looking at some NAC solutions when they first hit the market, years ago, and they were expensive, clumsy, and more likely to keep out good folks than bad actors.  However, that was then, and this is now.  Let’s take a look at NAC today.  First, I’ll review fundamental technologies and concepts.