BLOG / Illumio

Federal Cybersecurity, Legacy IT Systems, and Illumio CloudSecure Recognition

authorCharlie Bedell, Senior Content Marketing Specialist
authorDecember 23, 2022

Your organization has cybersecurity measures in place – but how old are they?

With the year ending, it’s time to reevaluate the age and effectiveness of your organization’s cybersecurity strategy.

This was the focus of both public and private organizations in Illumio’s December news. Coverage came from high-profile publications like The Washington Post and Bloomberg Law and featured commentary from Illumio team members, including Gary Barlet, Raghu Nandakumara, and Paul Dant.

Federal cybersecurity directives are a “necessary kick in the pants”

Tim Starks with The Washington Post spoke with Illumio’s Gary Barlet, Federal Field CTO, about the impact of binding operational directives (also called BODs) in improving federal agencies’ cybersecurity in his article, BODs: Hot or not?

According to Starks, BODs are binding operational directives issued by the Department of Homeland Security that “try to pressure federal agencies to bolster their cyber defenses.”

While Starks says that federal agencies try to comply with these directives, BODs aren’t actually binding. In fact, “some government watchdogs have found a lack of full compliance” by federal agencies, reports Stark.

This issue was spotlighted last month when CISA, the Cybersecurity and Information Security Agency, announced that an “unnamed federal agency had suffered a breach at the hands of Iranian hackers who penetrated its networks via a vulnerability that CISA had ordered them to fix,” said Stark.

When asked his view on BODs’ effectiveness, Illumio’s Gary Barlet said he was a “believer” in the directives’ effectiveness.

Failing to complete a directive, according to Barlet, “makes for a very uncomfortable conversation between you and your boss, and potentially between the agency and Congress.”

In Barlet’s opinion, this pressure is a positive step towards getting federal agencies to commit to improving their cybersecurity efforts despite the challenges and limitations.

“Nobody likes Big Brother. Nobody likes someone telling them what to do,” Barlet stated. “But, for a lot of agencies, it’s that necessary kick in the pants that agencies need, to be honest with you.”

Read how Illumio Zero Trust Segmentation is helping the Air Force contain inevitable breaches, achieve federal compliance, and protect operations in the Indo-Pacific region here.

Stolen COVID relief funds underline urgency of federal cybersecurity needs

The U.S. government’s ongoing cyber directives aren’t just future-proofing federal agencies against possible cyberattacks – they’re in response to the onslaught of high-profile breaches happening right now. This includes recent news that a Chinese hacking organization stole tens of millions of dollars in U.S. Covid-19 relief funds.

Bloomberg Law’s Skye Witley spoke to Illumio’s Paul Dant, Senior Director of Cybersecurity Strategy and Research, on the cybersecurity aspect of the fraud in Witley’s article, Chinese Hackers’ Covid-Relief Fraud Expands Cyber Threats to US.

Witley reported that the Chinese state-sponsored hacking group APT41 was able to obtain $20 million that was distributed by the U.S. government as pandemic relief. Authorities aren’t sure whether APT41 hacked into government networks or U.S. citizens’ personal accounts, or if they used already-stolen data to engage in identity fraud.

With either possibility, Illumio's Paul Dant believes “the fraud indicates that foreign threat actors have access to more U.S. government systems than previously believed.”

Witley also remarked that this kind of large-scale cyber fraud reflects a “growing” risk of similar attacks, especially those by foreign nations that have the potential to impact a large number of U.S. citizens.

Since the attack, the Secret Service has been able to recover over $10 million of the stolen funds, said Witley.

But recovering funds isn’t a long-term solution.

Witley recommended the U.S. government implement proactive security strategies that “identify and disrupt” the pathways hackers like APT41 used to infiltrate the U.S. government networks. This requires moving beyond traditional detection and response technologies towards containment of inevitable breaches, ensuring breaches don’t spread further than their access point.

Get more information about how Zero Trust Segmentation is a solution for containing breaches like the APT41 theft here.

End-of-life legacy IT systems are vulnerable to security breaches, UK government finds

Impacting many governmental organizations is the use of legacy, unsupported technology that puts critical services at risk of ransomware and breaches.

Alex Scroxton with Computer Weekly spoke with Illumio’s Raghu Nandakumara, Senior Director, Industry Solutions Marketing, on a new report by the UK’s National Audit Office (NAO) calling out the aging technology still in use by Defra, the UK’s Department for Environment, Food, and Rural Affairs, in Scroxton’s article, Legacy IT magnifies cyber risk for Defra, says NAO.

Defra is responsible for “critical digital services” in the UK that include disease prevention, flood protection, and air quality, said Scroxton. The NAO’s finding that Defra has a “growing number of legacy applications...many of which rely on ageing IT infrastructure” is alarming – Scroxton explained that it reveals the “urgent service risks and vulnerabilities” present in one of the UK’s most vital government agencies.

In fact, the NAO’s report found that “30% of [Defra’s] applications are now unsupported, meaning that developers are not issuing any software or security updates.” As a result, Defra’s IT systems have an increased exposure to cyberattacks and lack resilience in the event of a breach.

“It’s concerning that a huge proportion of government systems are being left vulnerable to attack, particularly with ransomware so prevalent. But it’s also not surprising,” said Illumio’s Raghu Nandakumara.

According to Scroxton, the widespread use of legacy IT in Defra is due to “historic under-investment in technology.” As the NAO’s report states, the agency’s failure to “adequately plan for the wider digital transformation that it needs to undergo” has introduced “elements of risk” into its systems.

Nandakumara explained, “Most large organizations have a substantial amount of legacy infrastructure which is not always easy to retire or patch. But in those scenarios, it’s critical that steps are taken to minimize risk and exposure to attack. At a very minimum, this means limiting access to systems and services with known vulnerabilities and imposing a strategy of least privilege.”

Encouragingly, the NAO’s report wasn’t all negative: They found that Defra is “making efforts to reduce the most pressing risks” which includes establishing a well-designed strategy for digital transformation efforts. The agency also received over triple the amount of funding for technology updates than they have in the past as a result of the report.

“A key pillar of the government’s cyber security strategy is about mitigating cyber risk,” said Nandakumara. “Ultimately, the best way to reduce risk is through the practice of good security hygiene and a defense-in-depth approach to building cyber resilience.”

Nandakumara further discussed the NAO’s findings on Defra in this article in The Stack.

Brooks’ quick, painless ZTS implementation with Illumio

In addition to the risks posed by end-of-life legacy IT systems, both public and private organizations face added challenges in matching the pace of network growth with cybersecurity updates. This was a particular issue for the security team at Brooks, the renowned running shoemaker.

CSO Online writer James Careless featured Brooks' recent implementation of Illumio Zero Trust Segmentation to combat this challenge in his article, Athletic shoe maker Brooks runs down cyberattacks with zero-trust segmentation.

According to Careless, Brooks’ most significant pain point was their large, fast-growing network that had been developed without a robust security strategy in place. This meant that Brooks needed “a cybersecurity solution to address cyberattacks fast, without first requiring a complete network rebuild,” explains Careless.

“Ransomware is the threat that keeps me up the most at night,” commented Jon Hocut, Director of Information Security for Brooks – and as a retailer, paused sales, payment processing, and shipping delays could be disastrous for their business and their reputation.

Brooks’ solution to their cyber risk? Adopting Illumio Zero Trust Segmentation (ZTS).

The Illumio ZTS Platform “can be implemented in stages across a corporate network, protecting the most vulnerable areas first,” says Careless.

Learn more about the Illumio ZTS Platform.

Careless detailed how Brooks has started with applying Illumio Core to block unauthorized access to hundreds of its Windows servers and cloud resources.

“We’ve separated our users from our servers and resources, with the goal of only allowing the minimal amount of traffic that's necessary back and forth,” Hocut says.

This ensures that malware trying to enter Brooks’ network from endpoints like laptops or phones – the most popular attack vector for bad actors to exploit – is segmented away from critical assets.

Careless noted that Brooks’ security team needed only four months to implement Illumio ZTS – without disrupting operations.

This was particularly important as Brooks planned for the holiday shopping season. Read more about how Brooks’ Illumio ZTS implementation improves their cyber resilience during the holidays.

Brooks was able to “set up a proposed ZTS rule set and run it non-operationally for a while to make sure it worked, before taking Illumio Core live,” said Ryan Fried, Senior Security Engineer at Brooks.

This testing proved successful, and “Brooks’ ZTS system is working as promised, providing the company with proactive protection from ransomware and other cyber threats,” says Careless.

Brooks plans to continue building their Zero Trust security strategy with Illumio.

Illumio CloudSecure named one of 10 hottest cloud security tools in 2022 by CRN

CRN’s recognition of Illumio CloudSecure was based on the product’s innovative delivery of agentless visibility for cloud-native applications and infrastructure across multi-cloud and hybrid environments. CloudSecure minimizes the impact of breaches across applications, containers, clouds, data centers, and endpoints.

Learn more about CRN’s 10 hottest cloud security tools in 2022 list here.

Ready to get started with Illumio Zero Trust Segmentation? Contact us to find out how Illumio can help strengthen your defenses against cybersecurity threats.

Related articles

The 4 Mindset Shifts Required to Secure the Cloud

Read the four key mindset shifts that organizations must make when securing the cloud.
Read More

How Brooks Uses Illumio to Stop Ransomware from Running Rampant

See why Brooks chose Illumio Zero Trust Segmentation to ensure reliability for their retail and ecommerce businesses.
Read More

3 Takeaways on Zero Trust From Executive Order 14028

Watch Illumio’s Gary Barlet, Federal Field CTO, and Nicolas M. Chaillan, former U.S. Air Force and Space Force CISO...
Read More

Assume breach.
Minimize impact.
Increase resilience.

Ready to learn more about Zero Trust Segmentation?