A Modern Framework for Network Security in Government
The adversary wants access to that same data – to steal it, disrupt it, or possibly even change it. To reduce advanced attacks, governments must create agility to prevent attacks across their networks, from the perimeter edge and endpoints to the heart of their data centers. Security operations centers (SOCs) and intelligence analysts must have less noise and more relevant data to act upon. They must move beyond mere detection and response, to prevention that allows the security functions to prevent, automatically, in cooperation with one another.
Cyber Attack Chain and Zero Trust
It’s no secret that government networks are among the most targeted of virtually any industry. The stakes are high, and attackers know they must use more evasive tactics to penetrate these networks. Some of the latest attacks show a concerted effort to study victims with appropriate access, identify their patterns, and develop spear phishing and waterhole attacks, among other approaches, to gain access through the unwitting victim to the target network. Many attackers are able to, not only penetrate their target network, but often successfully establish a beachhead and remain undetected for a significant period of time while continuing evasive and damaging action. This can lead to tremendous loss, whether of strategic, political, monetary or intelligence value.
The Gartner Cyber Attack Chain reveals six stages of an attack from delivery and exploitation and installation to exfiltration of information from the target network. Fundamentally, the approach to the threat must move beyond mere detection and remediation of latter points in the attack chain to a preventative approach throughout.
With the technology available today, governments can defeat attackers before they can exploit a vulnerability. But they can also thwart other steps in the attack chain by controlling applications, users and content everywhere across the network.
The Zero Trust approach, first coined by Forrester, enables an organization to establish the verification of all users, devices and applications traversing the network, within the context of user or group functions, device and/or location. By establishing Zero Trust boundaries that effectively compartmentalize different segments of the network, governments can protect critical information from unauthorized applications or users, reduce the exposure of vulnerable systems, and prevent the lateral movement of malware throughout the network. A Zero Trust model incorporates virtual segmentation with the enforcement controls and threat prevention necessary to defeat the lateral movement of adversaries through the target network and thwart the attack.
Download the whitepaper to read more.