1 September 2016
A Modern Framework for Network Security in Government
Governments around the world are exchanging more data with all of their constituents: citizens, civilians and warriors, patients, students, and partners in more ways than ever. This exchange of information – further and faster, across both IT and control systems networks – means the security of the networks housing and serving that data requires change in parallel. This ensures the confidentiality, integrity and availability of that data whenever it is needed.
The adversary wants access to that same data – to steal it, disrupt it, or possibly even change it. To reduce advanced attacks, governments must create agility to prevent attacks across their networks, from the perimeter edge and endpoints to the heart of their data centers. Security operations centers (SOCs) and intelligence analysts must have less noise and more relevant data to act upon. They must move beyond mere detection and response, to prevention that allows the security functions to prevent, automatically, in cooperation with one another.
Cyber Attack Chain and Zero Trust
It’s no secret that government networks are among the most targeted of virtually any industry. The stakes are high, and attackers know they must use more evasive tactics to penetrate these networks. Some of the latest attacks show a concerted effort to study victims with appropriate access, identify their patterns, and develop spear phishing and waterhole attacks, among other approaches, to gain access through the unwitting victim to the target network. Many attackers are able to, not only penetrate their target network, but often successfully establish a beachhead and remain undetected for a significant period of time while continuing evasive and damaging action. This can lead to tremendous loss, whether of strategic, political, monetary or intelligence value.
The Gartner Cyber Attack Chain reveals six stages of an attack from delivery and exploitation and installation to exfiltration of information from the target network. Fundamentally, the approach to the threat must move beyond mere detection and remediation of latter points in the attack chain to a preventative approach throughout. With the technology available today, governments can defeat attackers before they can exploit a vulnerability. But they can also thwart other steps in the attack chain by controlling applications, users and content everywhere across the network.