Zero Trust Cyber Exchange: Infoblox
One of the very first things that should be done that organizations often overlook is ensuring that they understand what’s on their network today. Because you need to be able to do that in order to build and understand how you’re going to secure that.
Chris Usserman
Director of Security Architecture, Federal, Infoblox
The COVID-19 pandemic may have finally put an end to defense-in-depth cybersecurity.
It’s not that the long-time approach wasn’t already on the way out with the rise of mobile devices, cloud computing and a threat landscape that it couldn’t keep up with.
But two years of most employees working remotely ended any thinking among public and private sector organizations that a layered defense approach around the network was still up to the task.
Chris Usserman, director of security architecture at Infoblox federal, said it’s clear now that the cyber mindset is about protecting the end point and the data — and not about defining and securing a perimeter.
“One of the big issues with zero trust is it’s a concept that has to apply individually to each agency. It’s not the goal. It’s doesn’t have a finish line. It’s a hurdle, and part of that is building the implementation strategy or building the implementation around the aspect of what does the end state look like?” Usserman said during Federal News Network’s Zero Trust Cyber Exchange.
Start zero trust by conducting a full network inventory
“One of the very first things that should be done — that organizations often overlook — is ensuring that they understand what’s on their network today,” he continued. “Because you need to be able to do that in order to build and understand how you’re going to secure that.”
As agencies better understand what’s on their networks, then they can optimize their toolsets and reduce duplicative capabilities, Usserman said. He advised that agencies look for tools that integrate and work across industry offerings.
“We have one agency customer who had over 50,000 devices that they weren’t even aware of because it was part of a network segment that had no visibility behind it. That is a huge amount of risk to an organization,” he said. “Helping them understand what’s bare metal, what’s virtual, what’s in the cloud and what it all looks like at any given point in time is really critical. From a zero trust perspective, you need to look at the north, south, east and west at each one of those individual nodes at each one of those endpoints and every place on the network. You need to look at all of the communications that are occurring from that device and understand what’s normal, what’s not and look for malicious activity.”
Realize that DNS is another threat vector
Another key areas agencies need to pay closer attention to is their network domain name system. DNS can be another threat vector and one that many agencies don’t focus on, Usserman said.
“It’s like any other protocol. It carries data and is oftentimes much like the bus in the HOV lane. It’s allowed to go free, and nobody checks what’s on it because it looks like it should be there,” he said. “What many organizations do is they may log the data. But it is a critical control point and if you’re not monitoring it and you’re just allowing that information to go out of your network, then you’re not actually controlling it.”
Usserman pointed to one of the core metrics that the National Security Agency came out with in 2020 after they did a study and found that if organizations can control their DNS effectively using a DNS firewall, it was possible to stop or contain up to 92% of malware.
“We have found that there are a number of organizations that don’t inherently understand the nature of the threat or the exploitability of it,” he said.
To listen to and watch all the sessions from the 2022 Federal News Network Zero Trust Cyber Exchange, go to the event page.
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.