Federal agencies are preparing to adopt Zero Trust architectures across the enterprise by the end of fiscal year 2024. This proactive approach is based on the idea that a breach has already occurred. This change is in direct response to the escalating frequency of cyberattacks aimed at government organizations. Advanced persistent threats (APTs) from nation-state adversaries are the principal concern inciting this shift. Adopting Zero Trust should be priority number one. It provides deeper protection in federal, military, and commercial environments where sensitive information and operations are under continual threat.
Network Detection and Response (NDR) plays an integral part in the Zero Trust framework. That’s why it’s so critical that they play a role in delivering our foundational network visibility. NDR can facilitate continuous monitoring of every network communication. By doing so, it underpins identity and access validation and requires stronger identity than traditional security tools can achieve with their blind spots. Electricity utilities and other energy companies will require rigorous oversight of data flow between their IT and OT networks. This capability is vital for their ability to innovate securely and efficiently.
Energy sector companies have concentrated on identifying efforts to turn from corporate networks to essential operational networks. Since so many OT systems were never built with cybersecurity as a consideration to begin with, they pose a particularly tough hurdle. These ITLM systems have very robust physical security related capabilities. They frequently lack the ability to host endpoint agents, limiting traditional security solutions. For example, security teams can leverage NDR to gain visibility into network traffic to and from OT systems. Combined with a proactive approach, this lets us catch any signs of suspicious activity early.
NDR gives you the visibility to collect, catalogue, and monitor network traffic and communications between OT assets and non-OT systems. This unique capability allows for deep forensic analysis. This feature embodies the Zero Trust principle. It calls for continuous verification of every user and device on the network.
Vince Stoffer, Corelight Field CTO, added that operational efficiency with very high security is the ideal end state, and NDR is critical for getting there.
“We hear from customers that to help maintain efficiency and streamline operations, their fleets and signaling infrastructure are increasingly connected. NDR gives them visibility into these connections, allowing them to detect attempts to interfere with safety-critical systems before physical operations are affected,” – Vince Stoffer, Corelight Field CTO.
As federal agencies and critical industries work towards integrating Zero Trust architectures, the emphasis on NDR will likely continue to grow. Jean Schaffer, Corelight Federal CTO, emphasized how dire the threats to our organizations are at this moment.
“The threats we faced when I headed up security at the Defense Intelligence Agency were well-funded, stealthy, sophisticated, and persistent,” – Jean Schaffer, Corelight Federal CTO.