Read enough of the reports on cyber-attacks, and you’ll notice a pattern. Strip away the data, and you’ll see that the same thing keeps happening over and over. Once an attacker breaches the network, they make easy, almost predictable, lateral moves through the rest of the network.
The reason this keeps happening is that organizations think of their perimeter defenses as a wall to keep attackers out. This approach assumes that network traffic inside the wall is trusted. That makes it easier for attackers to move from one part of the network to the next once they find a way inside. So long as agencies operate this way, they risk perpetuating the cycle. A different, emerging approach to security is known as ‘Zero Trust.’
The Zero Trust Approach
In a Zero Trust approach, security decisions and actions are based on a strong understanding of Identity, backed by strong Authentication. It’s a conceptual shift that requires taking a step back and looking at the entire IT architecture.
Instead of merely adding another perimeter security point solution to address specific vulnerabilities, the Zero Trust perspective depends on strong authentications of the users and their roles as they access different segments of an agency’s network.
In the past, agencies might have been deterred from this approach because of the time and cost involved. Now, the concepts and the architecture are proven and available. The expertise exists to help agencies make the shift, such that it can be done in a fraction of the time it would’ve taken a couple years ago. The biggest obstacle to making this shift today is psychological. It takes leadership to commit to a new security approach.
The Consumption Gap Is Real
Another emerging trend in cybersecurity is the agency preference for simpler tools.
Although very sophisticated solutions exist, some of them require tremendous expertise and time to configure. That expertise isn’t always readily available to agencies, causing a ‘consumption gap’ between what’s available for use and what’s possible to use. Given the choice, agencies are choosing tools that are simpler to use. These solutions may lack the most cutting-edge bells and whistles, but at least agencies are confident that develop sustainable expertise use them.
At the same time, agencies are exploring managed services, where they purchase a solution that includes the product and the expertise to manage it. Instead of buying an off-the-shelf product and developing and retaining their own expertise, they can shift that burden to the vendor. In this model, agencies can maximize value from security products by taking advantage of new technologies as they’re deployed without constantly training and retraining their teams.
ML is on the Way
Artificial Intelligence and machine learning will continue to influence cyber security solutions in the coming years. They can have a major impact when applied to specific problems with narrow focuses. For example, if an agency’s security logs are archived, with no human interaction or analysis, then machine learning algorithms might as well be used to inspect them. This is another area where managed services come into play, because domain experts can help build tools that will surface interesting insights. Ultimately, the use of machine learning can reduce the burden on highly trained security experts whose time is better spent building and maintaining particular controls.
For more information about developing multi-layered defense architectures that help protect agencies from cyber-attacks, visit www.akamai.com