Implementing Zero Trust Principles at Scale
The recently released OMB memo M-22-09 is a step toward bringing federal agencies in line with what many organizations in the private sector have been working toward for a while now – constructing a Zero Trust Architecture.
We discussed the strategic implications of this federal directive in a previous article and would like to also offer a tactical perspective on meeting these requirements from a decade of experience developing machine learning cybersecurity technology with the U.S. Government.
Beyond adopting a new buzz word, embracing Zero Trust means remastering the tested principle of trust nothing, verify everything in order to secure a network with untold endpoints geographically dispersed over a landscape fraught with increasingly sophisticated cyberattacks.
Encrypt data in motion
This includes internal and external data flows, as well as applications – even email. A vital first step is to encrypt all DNS traffic using DoH/DoT today and encrypting all HTTP traffic using TLS 1.3. While doing so you don’t want to compromise security monitoring so make sure to implement local DNS resolvers whose logs can be used to analyze the clear-text requests.
From a castle to the cloud
As the requirement to support remote users increases, embracing the security features resident in cloud computing certainly a critical first step to safely enable access from the Internet for both employees and partners. Following this macro-level migration trend of large IT organizations clearly recognizes that many cloud providers have already adapted to some measure of Zero Trust Architecture but there is not a one size fits all for every organization and their cybersecurity risks. Of course, no transition happens overnight and there will be some services that never do. For those use cases, we’ll still need to secure and monitor the needed on-premises resources as part of the broader security posture.
The federal directive to develop and implement a logical micro-segmentation or network-based segmentation is clear in the memo. The challenge then becomes finding ways to limit and, if necessary, quickly identifying the lateral movement of any adversary who might gain a foothold within your network is imperative going forward.
AI enabled hunting
Endpoint security certainly plays a role in moving toward Zero Trust, but as EO 14028 emphasizes this also involves developing a real-time hunting capability rooted in machine learning. And to effectively hunt government-wide, and most critically address the rise of zero-day attacks, collection of telemetry from systems without EDRs installed is invaluable – since an adversary would simply hide where the defenses are weakest. Achieving Zero Trust isn’t just about prevention, but comprehensive and continuous monitoring.
Hundreds of thousands of new malware variants are being developed daily. Global ransomware attacks rose by 151% last year1 and the average recovery cost per incident more than doubled to $1.8 million.2 This memo codifies what those stats make clear – in order to secure our nation’s vital infrastructure, we need intelligent solutions that go beyond monitoring systems for known threats.
BluVector provides advanced machine learning cybersecurity technology to commercial enterprise and government organizations. Our innovative AI empowers frontline professionals with the real time analytics required to secure the largest systems at scale.
Learn more about our philosophy of Zero Trust and understand how we deploy within existing security stacks. For more BluVector thought leadership on ZeroTrust, read Zero Trust: A Holistic Approach by Travis Rosiek.