Page 5 - FCW, November/December 2021
P. 5

you have and how it is being used and compare that application to published models like the DoD’s Zero Trust Reference Architecture or NIST
SP 800-207 (Zero Trust Architecture). Next, attack the easier components, like ensuring that every application
or workload can only be accessed via multifactor authentication, and that every data transmission is encrypted.
automated and proactive. While most agencies have started down this road, it can be difficult to keep up with the improvements and changes in threat hunting technology, due in large part to better use of artificial intelligence and machine learning. For example, for many years, organizations relied on antivirus programs for endpoint protection. Several years ago, the
and then integrate them into the infrastructure. With this approach, agencies can be more confident
that they are not only meeting all requirements, but that the result will be a much more integrated, secure and zero trust-focused infrastructure.
CDW·G, for example, has spent decades providing all of these services for federal agencies. When it comes to finding just the right security software, hardware and services, for example, CDW·G can turn to any number of federal contracts for the right fit. The Army’s Information Technology Enterprise Solutions— Software 2 (ITES-SW2), for example, provides a host of security software options in the areas of authentication, data loss prevention, encryption, endpoint security, firewalls, identity management and network access. Its counterpart for hardware, ITES-3H, supports agencies’ requirements for networking security hardware like security appliances, security tokens, routers and security cameras.
“Zero trust isn’t something you can just buy and check a box,” Richbourg said. “It’s a complete overhaul of the way you do security, and it impacts everything in the environment, from cybersecurity defenses themselves
to networks, data centers, and user devices. It’s a constantly evolving process, and agencies need to be ready to continually evolve with it. That’s what makes a comprehensive approach so valuable.”
“What really works is making sure that anybody who wants access to data or resources can prove that they have the right to do so. Zero trust is about verifying everything.”
—Matt Richbourg, a security solutions architect at CDW·G
This is often where the heavy
lifting starts—with better network segmentation. This involves dividing the network into smaller and smaller pieces so only the person who needs
to use a specific resource has access
to it. For example, an accountant may need access to financial records, but not to payroll information. He may need access to one financial application, but not others. An agency can accomplish this level of security by, for example, creating a payroll zone, an accounting zone and an HR zone.
Another area where many agencies may need to bolster zero trust capabilities is in identity and access management. IAM controls are a modern, automated way of validating users and their permissions. With the right settings, these controls can go a long way toward securing the environment. For example, if an employee gets promoted, the controls can be set up to remove old permissions and install new ones.
In general, many agencies will also need to at least look at improving their cyber threat hunting to make it more
industry moved to more advanced endpoint detection and response solutions, which can analyze exactly what devices are trying to do in the environment and prevent them from doing so.
Yet another area ripe for modernization is continuous security monitoring. Because of rapid advances in machine learning and AI, today’s SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation and Response) platforms can collect, digest and analyze all logs quickly, tracking items across the entire environment, making connections and identifying correlations.
Making sense from chaos
Figuring out where to start—not to mention what to do from there—can be a long and complex process. One way agencies are tackling the issue is by finding an experienced integrator to perform the assessments, make recommendations, procure the right products from the right contracts,
Visit to learn more about CDW·G, our capabilities and contracts. Contact us at 800.808.4239 to orchestrate a
secure solution customized to your agency’s needs.

   3   4   5   6   7