New Cyber Threats Calls for New Approaches

By Mark Sincevich, Federal Director of Illumio

Data compromises hit record numbers in 2021 with 1,826 occurrences reported, up 23 percent from 2017. In the last two years alone, 66 percent of IT managers experienced at least one supply chain attack and 76 percent experienced at least one ransomware attack. As cyber incidents become more advanced, agencies or commands must change their approach, or they’ll continue to see the same results. They need to move beyond a traditional “prevention and detection” mindset and toward a Zero Trust Architecture.

For years, IT leaders across federal agencies have focused on preventing breaches and keeping cyberattacks from penetrating the network. But, as digital transformation continues to expand the modern attack surface and the nature and frequency of attacks evolve, that mindset must shift from stopping all attacks to also minimizing the impact of an attack and finally to assume breach. The reality is attacks are inevitable – and every agency is a target.

At a high level, a Zero Trust architecture moves beyond traditional security measures (i.e., perimeter-based security) and requires all users, whether inside or outside the organization’s network, to be authorized before being granted access to specific applications or data. Predicated on three core principles, “assume breach,” “least privilege,” and “constantly verify” a Zero Trust approach aims to shrink the initial attack surface and empower organizations to operate through a “never trust, always verify” lens.

Zero Trust also views users from a holistic approach and centers around five core pillars: identity, devices, networks, applications and workloads, and data. Traditionally, perimeter-based security has focused only on the first three pillars: identity, devices, and networks. However, if a cyberattack or malware can pass the first three pillars, the attack can then move freely across workloads or applications. Zero Trust Segmentation (i.e., microsegmentation) is designed to stop the lateral movement of cyberattacks, quickly minimizing the impact when an attack occurs.

In simple terms, think of microsegmentation like a hotel. Just because you’re able to get into the lobby of the hotel (bypassing firewall defenses) doesn’t mean you’re able to automatically access your room. Because every room has a keycard, you can only access yours once you’re checked in and once your access (via personalized keycard) is granted. And an example of constantly being verified, if you are meant to check out at 11am and you go out of your room and try to access your room at 11:30am, your access will be denied. You will have to go to the front desk and get re-authenticated.

Microsegmentation is the foundational component of the workload and application pillar of Zero Trust and plays a critical role in establishing any resilient security strategy. In fact, you cannot have an effective nor a complete Zero Trust security stack without having a microsegmentation solution. Ensuring agencies have an action plan in place and are taking small steps forward will ultimately better position them to combat and withstand evolving threats.

Where to Start with Microsegmentation

While many agency IT leaders recognize that microsegmentation is crucial to keeping up with evolving cyberattacks, it’s important to understand that resilience requires a coordinated effort – requiring dedicated resources and new ways of thinking. To start implementing microsegmentation and “assume breach” successfully, agencies can:

• Set Up a Zero Trust Task Force – Zero Trust implementation is often hindered by bandwidth and competing priorities. Agencies can benefit from an internal task force to help guide the process. The Air Force’s journey to Zero Trust implementation is a great example. This command is currently leveraging outside cyber, engineering, and program management to establish a Zero Trust Task Force. This dedicated responsibility – and allocated budget – is moving the needle on Zero Trust progress within the command.
• Begin with a Network Map – Agencies must start with real-time application and workload visibility into their network. You cannot protect, or defend against, what you can’t see. This includes maximizing visualization and establishing a real-time map of applications, workloads, and interdependencies. This network discovery process provides agencies with the ability to find risky ports and prioritize where to start.

Cyberattacks aren’t slowing down anytime soon – and as they evolve in both frequency and sophistication, agencies need to consider new ways to protect IT environments. Today’s newfound emphasis on Zero Trust and resilience is one way to do this.

By prioritizing Zero Trust technologies – like microsegmentation – early on, agencies are better empowered to reduce cyber risk while accelerating Zero Trust outcomes quickly. This ultimately empowers them to focus more time, energy, and resources on furthering other mission critical objectives.

About the Author

Mark has 23 years of experience working with the DoD and Intelligence Community implementing technology solutions. He has worked for hardware and software vendors in the visualization, the backup and recovery, and the cybersecurity space in addition to the command-and-control market for over 10 years where he specialized in Cyber and Joint Operations Centers. He has written over three white papers and numerous articles on the topic of cybersecurity. He is a graduate of the University of Maryland, College Park and is a current member of the Civil Air Patrol (CAP) where he is his squadron’s cyber education officer.

Mark can be reached online at https://www.linkedin.com/in/mark-sincevich-4660957/ and at our company website https://www.illumio.com/.