As the cybersecurity landscape continues to shift, organizations everywhere have had to reprioritize and reevaluate their security approach. Broadening attack surfaces brought on by hybrid networks and continued emphasis on remote work have given attackers new ways to infiltrate and damage organizations from countless different industries.
To explore this changing landscape, Gary Barlet, Federal Field CTO at Illumio, sat down with Rob Thorne, CISO for the U.S. Immigrations and Customs Enforcement, and Jennifer Franks, Director of Information and Technology for Cybersecurity at the U.S. Government Accountability Office (GAO) for a discussion hosted by FedInsider.
Keep reading to learn the 4 security essentials every federal cybersecurity leader should be aware of right now.
1. Zero Trust Segmentation: The key to stopping lateral movement
Rob Thorne, CISO for U.S. Immigrations and Customs Enforcement, spoke on the key differences between network segmentation and microsegmentation. He explained that federal agencies have, for the most part, implemented network segmentation. But it’s essential that they go a step further by implementing microsegmentation, also called Zero Trust Segmentation (ZTS). According to Thorne, ZTS is the must-have security technology for a modern federal Zero Trust strategy.
“From a network segmentation perspective, if someone has access to that network segment, then they’re considered trusted,” explained Thorne. “If you have a breach, and they have access to that segment, then they can move around freely within that zone. When you look at microsegmentation, it goes one step further and moderates that lateral traffic between the servers themselves.”
According to Thorne, the value of Zero Trust solutions like network segmentation and ZTS together come from their ability to stop lateral movement and contain breaches.
2. Zero Trust: Build resilience against complex threats
Thorne also emphasized why a Zero Trust mindset has fulfilled the federal sector’s unique security needs.
“Zero Trust has been a godsend for us in the sense that we’re pushing for more microsegmentation. We’ve done a good job at network segmentation, but we haven’t gone down to that next level of microsegmentation,” said Thorne.
Thorne encouraged agencies to start building ZTS now to combat the increasing number of complex cyberattacks targeting federal agencies.
“It’s something that you want to look at and start planning for, especially when you consider recent breaches and the tactics they’ve used. It’s new in the government,” he explained.
3. Containment strategies: Stopping lateral movement in complex networks
Echoing Rob’s sentiment of the Federal need for microsegmentation was Jennifer Franks, Director of Information and Technology for Cybersecurity at the U.S. Government Accountability Office (GAO). Franks outlined the unique challenges stemming from the federal government’s structure.
“As we all know, IT systems supporting our agencies are inherently at risk,” said Franks. “That’s really due to them being complex, dynamic, and geographically dispersed.”
Cybersecurity is never one-size-fits-all – and that’s especially true for federal agencies. According to Franks, agencies must be aware of their needs and challenges to make sure their security strategy will be effective.
"Our agencies are federated in nature. Because of this and our shift to remote work due to the pandemic, a lot of us are still working in that expanded workspace. It’s become increasingly more difficult for our agencies to protect our networks, systems, resources, and of course data, using that traditional perimeter-style strategy,” said Franks.
Franks advocates for agencies to quickly move toward a breach containment mindset. This approach assumes breaches are inevitable and builds defenses to stop their lateral movement inside the network.
4. Network visibility: Helping agencies cope with complexity
In response to discussions about federal cybersecurity complexity, Gary Barlet illustrated the unique capabilities of ZTS to visualize and adapt to agencies’ unique application landscape.
“Anyone who’s in this business understands how complicated enterprises are getting. You’ve got public crowds, private clouds, data centers, the list goes on,” explained Barlet. “And the days of being able to say ‘this asset is at this location’ are gone. Applications have a sprawl. Being able to see how these applications are actually communicating is absolutely critical in order to secure an enterprise with Zero Trust.”
One persistent piece of the cybersecurity puzzle is the uncertainty surrounding application behavior, according to Barlet. Counterintuitively, developers don’t always have the firmest grip on their applications’ inner workings.
“A lot of people assume developers know exactly how their applications are constructed and how they communicate, and I’m here to tell you they do not,” said Barlet.
This means security teams must be able to get fine-grained visibility into their application dependencies.
“Sometimes applications are doing a lot of things in the background that aren’t necessary, so being able to visualize what’s actually going on and how they’re interacting is absolutely crucial if you want to have any chance of actually securing your enterprise internally.”
As part of the Illumio ZTS Platform, organizations can use an application dependency map to visualize network communications, pinpoint security vulnerabilities, and build security policy based on their unique needs.