惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
云风的 BLOG
云风的 BLOG
Stack Overflow Blog
Stack Overflow Blog
MongoDB | Blog
MongoDB | Blog
腾讯CDC
V
V2EX
Martin Fowler
Martin Fowler
A
About on SuperTechFans
大猫的无限游戏
大猫的无限游戏
Blog — PlanetScale
Blog — PlanetScale
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
酷 壳 – CoolShell
酷 壳 – CoolShell
C
Check Point Blog
博客园 - 【当耐特】
Cisco Talos Blog
Cisco Talos Blog
The Hacker News
The Hacker News
K
Kaspersky official blog
Security Latest
Security Latest
H
Help Net Security
博客园_首页
美团技术团队
Spread Privacy
Spread Privacy
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
S
SegmentFault 最新的问题
G
Google Developers Blog
NISL@THU
NISL@THU
爱范儿
爱范儿
I
Intezer
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
N
News and Events Feed by Topic
P
Privacy International News Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
S
Security @ Cisco Blogs
Schneier on Security
Schneier on Security
雷峰网
雷峰网
人人都是产品经理
人人都是产品经理
V
Vulnerabilities – Threatpost
W
WeLiveSecurity
P
Palo Alto Networks Blog
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
I
InfoQ
The Cloudflare Blog
F
Full Disclosure
SecWiki News
SecWiki News
宝玉的分享
宝玉的分享
N
Netflix TechBlog - Medium

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government Stack Strategically: Rearchitecting Government for What’s Next
Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection
MeriTalk Sta · 2022-12-07 · via MeriTalk

By Petko Stoyanov, Global Chief Technology Officer, Forcepoint

Many Federal agencies are considering investing in zero trust network access (ZTNA) solutions. But not all ZTNA applications are equal, and it’s important agencies invest in ZTNA solutions that will allow them to align and meet the “Optimal” stage outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model guidelines.

In CISA’s view, Optimal protection includes continuous validation and inline data protection. Traditional ZTNA architectures do none of these; rather, traditional ZTNA provides encrypted tunnels, just like Virtual Private Networks (VPNs) but on an application-specific level. They do not incorporate essential elements like machine learning (ML), data-centric encryption, or real-time risk analysis, which significantly elevate agencies’ protection levels based on what they transfer.

To achieve Optimal status, agencies need more than just a renamed VPN. Just as they modernize their cybersecurity approaches, they must modernize their zero trust programs to be more dynamic, intelligent, and responsive with identity and data monitoring across all pillars.

To illustrate, let’s look at three of the five pillars of the CISA Maturity Model: Identity, Device, and Data.

Ultimately, zero trust is about enabling and controlling access from an individual to the data, continuously. The device, the network and application are the middleware enabling user to data access.

Identity

Everything starts with an identity, the “who” of the equation. We need to identify who we are before we enter a building or a computer or phone.  Agencies need to have a centralized identity solution that validates users’ credentials against a central identity directory – across both on-premises and cloud environments.

Optimal identity validation can only be achieved with ML built into the zero trust architecture. ML enables real-time analysis of the user or system attempting to access an application. It collects various bits of information – when’s the last time this person signed on, how often do they use the application, where are they signing on from, etc. – and progressively learns about users’ security postures. It continuously validates those postures to determine if a person poses a risk the minute they attempt to sign on.

Agencies with Optimal identity validation are continuously evaluating the identity across the full lifecycle of creation, permission management, and retirement.

Agencies should ask the following questions when evaluating their identity validation capabilities:

  • Do my users have a single identity across on-premises and cloud?
  • Do I continuously monitor to ensure users have the right access and not too much?
  • Do I have the ability to identify individuals that are demonstrating abnormal behavior?

Device

Agencies cannot just monitor the “who,” they must also consider the “what” – meaning, what device is being used to access data. They must be able to trust the devices that employees are using, particularly as employees continue to work remotely, and complement the use of agency-issued devices with their own personal tools.

This reality requires an advanced zero trust architecture that constantly monitors the devices that are touching the network for potential threats. The architecture must be able to immediately discern if the devices are authorized for network access, up to date on the latest virus protection operating system software, and are as security-hardened as possible. If not, the architecture must be nimble enough to block access in the moment, before the unsecured or unsanctioned device has a chance to exfiltrate data.

Agencies should ask the following questions when evaluating their device capabilities:

  • Do I check for device posture on initial connection to the agency application/data? Device Posture includes hardware details, OS level, patch level, running application, harden configuration, and the location.
  • Can I identify all identities used on a single device?
  • Can I detect a device posture change after connection to an agency application?

Data

CISA states that for an agency to achieve Optimal ZTNA levels, it’s not enough to just store data in encrypted clouds or remote environments. The data itself must be encrypted and protected.

Furthermore, agencies must be able to inventory data, analyze it, and categorize it based on certain characteristics – continuously and automatically. Some data might be highly confidential, for example, and should only be accessible to certain members of an organization. The ZTNA must be intelligent enough to learn and process changes to data classification. It must also be able to rapidly identify not only who is accessing the data, but the type of data that person is accessing – and then match the two.

Agencies should ask the following questions when evaluating their data capabilities:

  • Can I continuously discover the on-premises and cloud environments storing my data and create an inventory?
  • Do I know the category and classification of the discovered data?
  • How do I control access to the data?
  • Do I encrypt the data with my environment and when it leaves my control?

The CISA Zero Trust Maturity Model indirectly acknowledges that networks have gotten smaller and more fragmented. As network perimeters become blurrier, organizations must focus their firewalls on specific users, devices, and data points. Traditional ZTNA architectures barely evolved from VPNs won’t be enough. Agencies need a more modern ZTNA model, replete with machine learning, to achieve Optimal protection.