According to Quest Software, there are two types of government agencies: those that have been breached and those that are going to be breached.
Modern hackers are easily bypassing traditional network protections used by today’s federal agencies. They use tactics like phishing to steal agency workers’ IDs and passwords in order to infiltrate government agency networks. Once in, these cybercriminals have a plethora of havoc-wreaking options to bestow upon the breached networks.
Every day, hackers are attempting to exfiltrate sensitive data, alter network privileges, and spread malware throughout government agency systems. Each malicious attempt, no matter failed or successful, is a reminder that government agencies must move away from these inadequate protections and adopt a stronger and more fortified IT framework to protect their networks.
In its newly released whitepaper, “Assume the Intruder is Already Inside—Move Your Agency to Zero Trust Security,” Quest Software explains why adopting a zero trust framework is key to protecting government agency networks – and the sensitive data housed on their systems – from cyber threats and breaches.
Zero trust: It’s what’s inside that counts
Perimeter defense systems like firewalls only serve to prevent intruders from getting into an agency network. But today’s hackers are continuously proving that they can easily bypass firewall defenses, rendering them useless, leaving the perimeter breached, and enabling the hacker to roam freely throughout the network.
Most IT security systems rely on a one-time user authentication at the perimeter to grant access to a network, usually through user IDs and passwords. But once a user has met that one-time requirement, or if a hacker successfully penetrates the perimeter by other means, the network can be accessed without any security measures to protect information inside the perimeter.
This is where zero trust differs from traditional security applications. Implementing a zero trust framework requires system users to continuously authenticate themselves as they perform tasks inside a network. Instead of implied trust and one-authentication-grants-all approaches, zero trust enhances and maximizes network security by evaluating trust on a per transaction basis.
Home is where the hack is
The whitepaper points out that one of the greatest cyber vulnerabilities facing today’s federal agencies is the migration of employees to work-from-home (WFH) or other remote environments. Each virtual private network (VPN) that accesses a federal agency network is a potential target for cybercriminals. VPNs are not always secure, which creates a vulnerability for hackers to exploit.
VPNs aren’t the only channels that can be targeted. Unsecured IoT devices that are hosted on an agency employee’s home network also represent prime targets for hackers. Each connected IoT device expands the potential attack surface, increasing the chances of a successfully executed breach. As a result, as WFH adoption grows, so will the need for federal agencies to adopt zero trust in their IT infrastructures.
The EO and zero trust
And data breaches aren’t the only threat vectors facing federal agencies. According to reports from IDC/EfficientIP and Verizon, there has been a rise in DNS and ransomware attacks against federal agencies and other government organizations.
Last May, President Biden directly addressed this turbulent cyber landscape that federal agencies are facing by issuing an executive order (EO) on improving the nation’s cybersecurity. And a chief directive of the EO is the urgent call for zero trust architecture implementation within federal government agency networks.
The EO acknowledges the enhanced protection zero trust architecture provides against threats both inside and outside traditional network boundaries. It also recognizes that zero trust embeds comprehensive security monitoring, security automation, and granular access controls based on risk. A zero trust framework produces a network environment that constantly limits user access to only what is needed, applying the least privilege concept to every decision about access.
In order to be compliant with the EO, federal agencies must shift their focus from securing the perimeter to securing the inside of a network. With zero trust, every step and action is questioned and authenticated to allow access, providing more safety and security than an external firewall could provide.
Quest quotes Don Maclean, chief cybersecurity technologist at DLT Solutions, when he explained, “Zero trust assumes that traffic inside the network is as likely to be malicious as traffic outside the network. In essence, it assumes that you have been breached or will be breached.”
Maximizing zero trust
Quest outlines steps that must be taken in conjunction with zero trust in order to maximize the full potential of the architecture. First, federal agencies must “perform an inventory to root out old domain controllers, unused service accounts and the back doors that administrators or users tend to leave open for convenience.”
Next, agencies must “scrutinize the personas, roles, and responsibilities of those who have any level of access.” This means access and permissions must be authorized “with fine granularity.” Federal agencies must also “eliminate shared passwords and blanket service accounts.”
The whitepaper also acknowledges that most federal agencies rely on Microsoft’s Active Directory (AD) and Azure AD (AAD) for access and identity management. It cautions users from relying solely on native AD and AAD security features. Quest encourages federal agencies to integrate zero trust into their AD and AAD database networks.
