, ,

How an Architectural Approach is Transforming Cybersecurity

This blog post is an excerpt from GovLoop’s recent guide DoD in Transition. Download the full guide here.

Many of us are plagued with thoughts of whether we locked our front door or rolled up the windows in our car as we drift off to sleep at night. But agency IT teams worry much less about physical security. Instead, they toss and turn over the thought of potentially unsecure virtual networks. As the modern cyberthreat environment continues to evolve, the technology used to protect these networks from cyberattacks must also advance.

One way to ensure your agency’s networks are as secure as possible is through the deployment of an integrated, architectural approach to security. This comprehensive model ensures that security and network infrastructure can operate together seamlessly. End-to-end network security is critical to keeping an agency’s data secure but it also plays a crucial role in countering the new generation of complex cyberthreats.

To better understand how an architectural approach to security is helping agencies, specifically DoD, GovLoop spoke with Marty Roesch, Vice President and Chief Architect of the Security Business Group, and Matthew Galligan, Regional Manager for Security for the Department of Defense Sales Team at Cisco, an industry leader in networking equipment

They explained that at DoD, system security starts with a foundation of control over the operational environment across the entire organization. “It is necessary for employees to internalize the security plan, accept compromise is inevitable, and be able to regain control of the environment and remain resilient in the face of threats,” Roesch explained.

An architectural security approach offers protection throughout the network attack continuum. There are three stages to the attack continuum: before, during, and after. Each phase has different tasks you will want to accomplish and different tools that will be used to accomplish these tasks.

During the first stage, identify the composition of the network so you know what you are protecting and how to configure and deploy defenses. Once the network is under attack, you must detect the attack as soon as possible, ideally to block it. After the attack is over, “you go back to the before-the-attack technologies and work to plug the gaps in the network, patch up the holes on the devices and get back to a known good state,” Roesch said.

Many security models are developed around securing the core components of the network, dealing with an attacker during an attack, or figuring out what happened after an attack. However, Cisco takes it a step further by working to cover all phases of the attack continuum.

Roesch emphasized that, “currently, DoD’s operational readiness is doing better than ever because of the efforts that have been made to incorporate best practices.” However, DoD’s networks are also larger and more complex than ever, said Galligan. Given the challenge of managing such a large infrastructure, DoD and other agencies are adopting new technologies to automate and accelerate the time it takes to detect a threat. The increase in network size and capabilities has called for more innovative ways to ensure total network security.

An architectural approach offers a way to ensure security while accounting for growing networks. “Security technologies are integrated and interoperable at a level where they can essentially reinforce each other and be more effective than standalone technologies,” Roesch explained.

Through the architectural approach, end-to-end models manage security and provide unified response capabilities at a much broader scope. This moves away from taking the events of systems across technologies and putting them in an event management platform to more meaningful integration that leverages the intelligence that the various technologies bring to the table. A big issue agencies face in security is the ability to orchestrate security infrastructure across vendor platforms. End-to-end architecture allows agencies to manage larger sets of infrastructure securely, effectively, and seamlessly, while increasing capabilities against potential threats.

At the end of the day, network security is about a comprehensive framework that allows for visibility and control. “Security should operate transparently and seamlessly, and moving forward, agency employees need to be active defenders of the environment under their protection,” Roesch concluded.


Leave a Comment

One Comment

Leave a Reply

David Yasler

Once you configure you base defense (firewalls, routers, IPS/IDS, etc..); you need to monitor alerts and act upon them. As written above everyone has their own responsibility to protect the environment; but for some we have to help them protect themselves (emails in text, some scripts are prohibited, and using content filtering to stop the bleeding (data being exfiltrated)). Teamwork means we all win together