threat detection

INDUSTRY INSIGHT

CDM needs zero trust

With the expansion of telework, agencies face a broader threat landscape. Teams can no longer rely on network-centric security, and federal leaders cannot manage the cybersecurity posture of personal infrastructures off-site. What’s more, bad actors are having more success gaining access to user credentials than ever before, with their algorithms outperforming humans 1,000 to one. When bad actors leverage inappropriate or unnecessary access, the damage is done before teams can detect it.

In this environment, agencies must approach security infrastructure comprehensively -- considering device security, network security and data security. Architectures must provide automation for end-to-end visibility in the borderless operational environment. Teams must monitor and manage data and endpoint usage, performance and security in real time without concern for where the endpoint resides.

The Continuous Diagnostics and Mitigation (CDM) program, established by the Department of Homeland Security, offers foundational tools for cyber hygiene. However, enterprise-grade products can provide the granular level of risk assessment in real time, based on real-time data, which is critical for zero trust.

Zero-trust architectures can provide users and devices with secure access to networks and data -- regardless of whether a user is on-site or remote, an employee or a third party. Zero-trust security is no longer a topic of discussion but a matter of priority -- the next step in creating a more secure, resilient government.

CDM: Building blocks for cybersecurity

Proactive agencies need a streamlined view of their data, as well as accurate and timely information about the systems they are trying to connect and any potential and active threats. This is central to the government mission and critical to building flexibility to address future disruptions.

CDM has provided many agencies with baseline situational awareness of what is happening on the network, who is operating on the network and how they can better manage risk. Last year, many agencies had already begun experimenting with CDM’s cloud-based dashboards to increase scalability and visibility.

However, a Government Accountability Office report found that some agencies have trouble implementing the dashboard due to data quality issues associated with tracking hardware and software on their networks. High-fidelity data and a single source of truth can give agencies and their sub-components the accurate, real-time view that is fundamental to their security posture.

Zero-trust platform solutions rely on data that shows how the user is accessing the network, which enables real-time investigation, detection and remediation of endpoints to deliver speed, visibility and control.

Often agencies are working off stale data that can be days or even months old. To get real-time data for zero-trust access, agencies need their security operations centers and their network operations centers on a common platform.

Teams must also integrate endpoint management and security, breaking down data silos and closing the accountability, visibility and resiliency gaps between IT operations and security teams.

CDM provides the building blocks for zero-trust architectures, but this cannot be achieved with disjointed solutions. By reducing complexity with a unified platform, IT teams can reduce risk and act quickly to manage and secure the environment anywhere endpoints exist.

Implementing zero trust in the distributed environment

In a zero-trust environment, risk assessments and grants of trust must happen in a granular fashion. Authorized users receive access to applications only when trust is verified.

Agencies looking to accelerate their efforts towards zero trust should learn from use cases as they continuously evaluate new and existing threats. The most urgent focus is around lateral movement detection and blocking of unnecessary rights. Teams can proactively understand what rights users and machines have, then apply that least-privilege model.

We cannot resolve security concerns by disjointed solutions, by following policies and procedures that worked in the past or by asking overworked internal teams to do more than they can handle. By reducing complexity with a unified platform and leveraging a zero-trust approach, IT teams can reduce risk and act quickly to efficiently manage and secure the environment anywhere endpoints exist.

About the Author

Nate Russ leads the federal civilian business at Tanium, where his team works in close concert with systems integrators to deliver on strategic programs like CDM. His prior experience includes leadership roles at Splunk and Symantec. Nate began his career at Accenture, where he performed hands-on consulting roles in the telecommunications industry.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected