Dana Barnes, senior vice president of Palo Alto Networks’ Public Sector and 2021 Wash100 Award winner, has published his first article as a part of Executive Mosaic’s GovCon Expert program on Wednesday
In his first piece, GovCon Expert Dana Barnes provided a breakdown of the four pillars for federal agencies to create a common foundation for their cybersecurity modernization efforts, including threat detection, sharing threat information, monitoring workloads in the clouds and implementing zero-trust enterprise.
You can read Dana Barnes’ full GovCon Expert article below:
The Four Pillars for a Federal Cybersecurity Foundation
By Dana Barnes, SVP Public Sector, Palo Alto Networks
Nearly a year after the SolarWinds attack was discovered, the Biden administration’s executive order (EO) is in full progress, charting a path for agencies to modernize cybersecurity postures with new guidelines, and empowered by new funding to bring decade-long modernization projects to life.
Since the EO was signed in May, much of the spotlight has been put on Zero Trust, but there are many other important steps in the order, such as the new OMB requirement for agencies to adopt and provide the Cybersecurity and Infrastructure Security Agency (CISA) access to their Endpoint Detection and Response (EDR) solutions.
The past year made it clear that cybersecurity practices need to be modernized to combat the highly sophisticated attacks that can target federal agencies. Many agencies don’t know where to start — they are understaffed and understandably fatigued — but the good news is that they now have support at the executive level to take action.
Modernizing an agency’s cyber posture requires integrating tools and expertise, and the first step any agency should take is to understand its current security posture. Among the challenges agencies will face when working towards a Zero Trust approach is that there is no single product solution. Agencies need the flexibility to weave in new security capabilities while upgrading legacy systems, which are prevalent across federal data centers.
The Four Pillars of Federal Cybersecurity Modernization
While each agency has unique needs, there is a common foundation for the cybersecurity modernization journey. All agencies need to address four core security modernization pillars:
- Improving threat detection and sharing threat information
- Securing and monitoring workloads in the cloud
- Reducing the attack surface
- Implementing a Zero Trust Enterprise
Threat Detection and Automated Response
The first step in the modernization journey is visibility. “If you can’t see a network, you can’t defend a network, and federal networks’ cybersecurity need investment and more of an integrated approach to detect and block such threats,” Deputy National Security Advisor Anne Neuberger recently said.
This is why the first pillar is about integrated EDR that automatically collects and correlates data from security products and all devices on the network, whether they are connecting from agency headquarters or a home office.
Agencies need to understand what bad actors are seeing. Then they need the capability to automatically flag and respond to threats across the network and across all endpoints. If agencies have an integrated EDR capability and are sharing the information captured across the government, they can be a lot more secure.
A new OMB memo provides implementation guidance on EDR solutions in response to the EO mandate for the federal government to adopt and improve EDR with a focus on taking a proactive security posture. Many agencies have an EDR solution in place, but it may not be enough as they embark on the Zero Trust journey outlined in the EO.
As agencies look ahead, the next generation of EDR is already here and can help speed up the Zero Trust journey. Extended detection and response (XDR) combines many capabilities into a single system, giving security teams a view across networks, cloud workloads, endpoints and more. XDR is also powered by artificial intelligence and machine learning, freeing up overburdened security teams and helping them find the needle in the haystack as they combat a growing number and increasingly advanced threats.
Secure Government Cloud
The second pillar is about integrating security into every agency application across multi-cloud environments. A secure government cloud means protecting agencies’ digital transformation with cloud native tools that can discover, secure and monitor assets across all agency cloud environments. It’s once again about breaking down silos to view, detect and respond to threats across the entire attack surface, from laptops to servers and across cloud networks and applications.
Federal agencies are at different stages of the cloud migration, but most are still migrating legacy, on-premises systems and upgrading infrastructure to take advantage of cloud capabilities and meet new federal requirements. Regardless of the cloud provider and whether an application is running in the private or public cloud, agencies need visibility, compliance assurance and automated threat detection and response.
The most significant and most common cloud security issue for organizations is configuration errors. Agencies need a proactive security posture for their configuration management. This is why it’s so important to take a cloud native approach for configuration management to make sure resources are correctly configured and meet security and compliance standards.
Internet Operations Management
The third pillar is about reducing the attack surface. Agencies need to understand their attack surface and how “bad actors” see their environments from the outside in. Once again, breaking down silos across agency locations, user devices and the cloud to see and the entire threat landscape — it’s getting into the mind of a potential attacker.
Internet operations management (IOM) identifies and monitors an agency’s internet-facing attack surface. Federal agencies have workforces comparable to a medium to large enterprise, increasingly spread across the country, or even the globe. Most have risks from networks and IP addresses that they don’t currently even know about.
IOM systems provide agencies the total visibility needed to discover, monitor and track exposure and take the steps necessary to minimize that attack surface. Today, this is more critical than ever to secure the hybrid workforce with continuous discovery and monitoring for all internet-connected assets, even if the agency is unaware of them.
Moving Towards Zero Trust
No organization has fully implemented a Zero Trust architecture, but the implementation of the cybersecurity EO will help move agencies towards its implementation. All of the previous pillars are part of this Zero Trust strategy that takes the approach of “never trust, always verify.”
The biggest misconception is that a single product or combination of products can achieve Zero Trust — it is an approach rather than a product. As agencies take the first steps toward a Zero Trust architecture they need a continued focus on enabling end-to-end least privilege and building resiliency. This is about ensuring agencies can always execute against their mission, even during a cyber attack. The increased risks from remote work make this even more crucial. How do you do this successfully?
From our own customer base, we see Zero Trust efforts begin bottoms up using a subset of security controls — such as networking. By contrast, Zero Trust initiatives that start top down enjoy a comprehensive and cohesive approach. As Gartner recently noted, “A zero trust mindset extends beyond networking and can be applied across multiple aspects of enterprise systems. It is not solely purchased as a product or set of products.”
Most agencies already have some of the foundational elements of Zero Trust. They often just need to begin activating and implementing key services like authentication management and network segmentation while focusing on the broader aspect of becoming a Zero Trust enterprise. Recently, Palo Alto Networks detailed a framework for Zero Trust to give any organization a comprehensive, agnostic approach.
Laying the Foundation
Laying a cybersecurity foundation takes time, foresight and persistence, but advanced capabilities are available to help agencies stop the next attack. With executive action, federal agencies are empowered to take the next step in their security modernization journey, going beyond compliance to take a world-class security posture for the critical services they provide every day.
The journey set forth in May requires a Zero Trust mindset. Along the way, the crucial ingredients for success are automated detection and response, securing the cloud, organization-wide visibility and attack surface reduction. Without all four of these pillars, agencies won’t be able to detect, automate and respond to threats.
There is no one tool and no single solution that will make all agencies secure against cyber attacks. Staying ahead of the next major attack and daily threats requires a holistic approach to better secure your users, systems and data.