Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
FEDERAL DIVISION

Michael FriedrichOctober 15, 2021

Federal Cybersecurity: Are We Doing Enough?

Whether it is a report of top vulnerabilities released by the Cybersecurity and Infrastructure Security Agency (CISA) on what seems like a weekly basis or yet another bipartisan report from congress on the state of federal cybersecurity, the message remains the same. We simply are not doing enough.

Share

In particular, the bipartisan report, titled Federal Cybersecurity: America’s Data Still at Risk, details continuing lack of protections for PII, failure to adequately protect legacy systems, lack of patching and inadequate process and management for classified information access … and more. In one example, an agency was noted to have no records for over 14,000 IT assets. All of this leads to one conclusion: breaches like we have seen in recent months are not going away and attack planes are target rich for the adversaries.

And, during October, as we all participate in activities recognizing Cybersecurity Awareness Month, the time is NOW for a call to action. U.S. federal government agencies need to immediately do the following:

  1. Initiate full inventories of all devices, services, and users
  2. Fully enable tools to drive discovery and classification of all services and users
  3. Patch all servers and devices (or remove them from the network until they are) that need patches
  4. Get multi-factor (MFA) in front of all legacy and high value information systems
  5. Require all cyber tools to have a rest API capacity enabling highly interactive tooling
  6. Develop standards for industry supporting government to ensure reduction of supply chain attacks, such as those on SolarWinds and the Colonial Pipeline.
  7. Robust and automated reporting on cybersecurity hygiene of supply chains vendors
  8. Be unafraid to walk away from solutions that are not cutting it anymore

Finally, I would argue the most important cyber strategy and tool(s) U.S. agencies need is a Zero Trust security strategy that follows a set of system design principles and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist inside and outside traditional network boundaries. The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses.

The Zero Trust security model also assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity. Zero Trust embeds comprehensive security monitoring; granular risk-based access controls; and system security automation in a coordinated manner throughout all aspects of the infrastructure to focus on protecting critical assets (data) in real-time within a dynamic threat environment. This data-centric security model allows the concept of least-privilege access to be applied for every access decision, allowing or denying access to resources based on the combination of several contextual factors.

The eight steps listed above when moved into a Zero Trust strategy all should work together. Clarify, classify and enable the access that is needed. A Zero Trust tool, such as Appgate SDP, that can interact in near real time with the other tools that are scanning, patching, etc. gives federal government agencies more agility.

While it is fair to say that some budget considerations need to be contemplated, there also needs to be accountability for waste that continues to happen every year. We need to stop doing the things that don’t work. Cyberthreats are continuing to evolve, therefore our nation’s cybersecurity needs to be more agile to deal with it.

These breaches and issues will only stop when we stop repeating the same mistakes. The time for change is now.

For more on how our Appgate Federal Division is leading the way, please visit www.appgate.com/federal-division.

Receive News and Updates From Appgate