Dual-defense strategy for network security

 

Connecting state and local government leaders

Cyber attacks will affect cities around the country -- especially small municipalities with talent gaps and minimal budgets -- until we can adopt a zero-trust environment with microsegmentation to validate identity and prevent hackers' lateral movement through networks.

Recent headlines about ransomware attacks have elevated the urgency for public entities to implement effective measures to prevent cybersecurity breaches and avoid becoming the next news story. Government agencies, however, face unique challenges. They are often coping with limited technology budgets, poor cyber hygiene (including outdated and unpatched systems), a shortage of cybersecurity talent and dated or slow-to-upgrade IT footprints, all while accommodating a changing network landscape and seemingly countless devices connecting to municipal networks.

As security risks have multiplied and evolved, many municipalities have implemented a patchwork of solutions -- intrusion detection/prevention systems, firewalls, antivirus software, web filters, patching systems, etc. -- to thwart each new or anticipated tactic, but breaches still occur at an alarming rate. Protecting public systems could come down to one compelling solution: a zero-trust model with microsegmentation.

Shifting from implied trust to ‘show me your ID at the gate’

A zero-trust model does just what its name implies: It trusts no one without first authenticating the user's identity. Anyone -- both internally and externally -- trying to connect to systems must be verified before being allowed to proceed. Once an identity is authenticated, whether it is a user, a device or an application, that identity is then logged and used to further control access or movement within a network.

A zero-trust approach is particularly effective at an enterprise’s major areas of vulnerability -- its internet connections or front gates. Most organizations rely on broad network connectivity for communications, but the sheer number and complexity of the required interconnections may expose internal systems -- including devices and management systems -- to attack.

Cyber criminals often rely on vulnerability scanners for reconnaissance, probing networks and their connected devices for areas of weakness. The scanners seek to establish TCP/IP connections at various ports, gaining valuable information from devices that respond to such requests, sometimes even with firewalls in place. After gleaning enough information, hackers can strategize how to break in. Under a zero-trust model, authentication would occur before that critical TCP/IP connection could be established, keeping the front gate firmly closed.

Zero trust is critical on the inside also

While a goal of the zero-trust model may be to stop criminals at the front gate, that's not the only objective. In many instances, once criminals infiltrate a system, they move laterally through a network relatively unrestricted --  inside clouds and data centers to infect additional systems. For a truly robust solution, it is essential to pair zero trust with microsegmentation, adopting the same philosophy of zero trust for internal traffic.

One of cyber experts' top recommendations for protecting internal systems and devices is to segment and segregate networks and their functions, essentially creating barriers that will stop a bad actor from moving around within the network and halting the spread of malware to other systems. As a key security control, microsegmentation provides assurance about restricted access to systems not only to internal security staff, but also to regulators and auditors. 

In a microsegmented network, a municipality will minimize and protect the interconnections between the functional parts of its network. One of the most straightforward approaches groups the enterprise network into nodes defined by roles and functions, such as accounting, engineering, administration, etc. Access to each node is then predicated on a requirement for authenticated identity, allowing only traffic from approved parts of a network, from allowed ports or carrying reasonable content, for instance. Some authenticated identities may not even be permitted to see which other nodes are available on a network, further shielding key assets should devices in other nodes become compromised.

Attacker advantage eliminated

A zero-trust model with microsegmentation may be applied to new or existing network infrastructure, enabling public-sector entities to save the cost of building an entirely new system. The approach can reduce the spread of malware and help prevent data exfiltration, while enhancing compliance and regulatory reporting. Further, by lowering the level of network traffic by stopping unauthorized users at the gate, zero trust reduces the load on a network and improves performance while preserving a secure environment.

Municipalities and other public entities increasingly feel like they have a target on their backs. And they do! It has been made abundantly clear that hackers now recognize the security shortcomings and rewards of municipal-level targets. Recent ransomware attacks crippled key systems in Baltimore and 23 cities and towns in Texas, creating small amounts of chaos. For every major headline, there have been several other small attacks that don’t make the front pages (two cities in Florida, three public school districts in Louisiana, a county in Indiana and others). Hackers know that a small disruption to the network can hinder operations for weeks at a time, and cities will often pay the ransom since doing so may be less expensive than updating their entire network.

Ransomware will continue to affect cities around the country -- especially small municipalities with talent gaps and minimal budgets -- until we can adopt a zero-trust environment with microsegmentation to validate identity and prevent hackers' lateral movement through networks.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.