CourseMonster

A Dynamic Approach to Zero Trust Security for Government Agencies - Course Monster Blog

Written by Marbenz Antonio | 01/07/2022 3:29:16 AM

There has been a lot written on Zero Trust, what it is and isn’t, and why it’s so difficult to simply “switch on.” The majority of these pieces center on identity and authorization, and the fact that implicit trust is no longer acceptable. All of this is true, but ultimately, we need to focus on the dynamic nature of the usual organization and how Zero Trust addresses it with AI and ML mixed with automation and orchestration.

Dynamic Organizations Require Dynamic Security

Government enterprises are more complex and changing than ever before. Users move regularly based on their position and environment, and employment is no longer defined by a physical location but rather by the worker’s location. Devices come in a variety of shapes and sizes, and they can move as much as employees do, using numerous wireless technologies and networks that the IT department cannot control or protect. Networks no longer have perimeters, and the process of delivering work to users has resulted in an ever-changing network (and thus threat) landscape. Workloads that used to stay in one place for years in highly secure data centers may and will shift from cloud to cloud to meet business needs.

Simply, an agency is never static, so why should security be?

Self-Aware and Self-Healing

The DHS Cyber and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model was announced in the summer of 2021, and it gave a rational approach for government entities to look at delivering Zero Trust, as well as a maturity level to help identify where agencies were on that journey. The Foundation of Zero Trust concept is made up of five pillars: identity, device, network, application/workload, and data, all of which are supported by visibility, analytics, automation, orchestration, and governance. The idea is that security capabilities in each pillar would increase over time based on the maturity level indicated in the text, eventually leading to a Zero Trust architecture.

The maturity level descriptions, which clearly define the underlying value of Zero Trust, are the cornerstone of the Zero Trust Maturity Model. To mature, the Zero Trust security model must be intelligent in comprehending the present landscape and dynamic in reacting to events affecting the environment’s security posture in real-time. To put it another way, the Zero Trust paradigm needs to be self-aware and self-healing. Consider the following examples:

  • As part of a Halloween prank, your website was hacked. With analytics, the website detects the change, recognizes that it is not normal, and returns to the original view in seconds – with no human intervention.
  • Due to an error in a routine upgrade, an internal application violates the security policy. The mismatch is identified, noted, and upgraded as part of your regular automated assessments to bring you back into compliance.
  • An IP security camera put in a remote building is delivering communication to several network devices for unclear reasons. This conduct is recognized as unusual, and the device is quarantined immediately, with an alert sent to the security operations center (SOC) for review.

Self-awareness and self-healing are simple concepts to grasp, but difficult to implement. Attaining this automation necessitates the use of a variety of technology and capabilities that are properly choreographed and operate on time:

  • Infrastructure instrumentation and data from devices provide real-time visibility into what is going on.
  • Analytics across multiple tools to determine what is normal and good against what is abnormal should be addressed.
  • Artificial intelligence and policy engines will be used to make decisions on what should be done to solve the situation in the most efficient and simple possible terms.
  • Configuration and automation tools that operate on the systems and fix undesirable behavior in real-time while logging and alerting the human supervisor.

Building Tools for Zero Trust Maturity

The industry is centered on self-awareness and self-healing. Legacy security focused on addressing known dangers and preventing them from affecting systems. We are now focusing on 0-day threats, which are essentially unknown to systems and so have no known preventions.

Anomalies that may be indications of malware or malicious activities can be spotted using visibility tools and analytics. Working backward from the symptom, the underlying cause can be identified and remedied. Endpoint detection and response (EDR) technologies enable this on endpoints, whereas extended detect and response (XDR) products use telemetry from both endpoints and network or cloud systems to detect anomalies and drive a remediation process. These tools have embedded intelligence in the form of AI systems that aid in providing the response, which is then performed by a configuration and orchestration system that may or may not be embedded. These are only two examples of how the industry is attempting to create a self-assessing, self-healing architecture.

As you go toward a mature Zero Trust architecture, seek tools and technologies that can provide the telemetry, automation, and intelligence required to resolve problems in your systems that are not yet known.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com