Government Networks: Are They Protected?

This blog post is a recap from GovLoop’s Government Cybersecurity Virtual Summit. To see more blog posts about the summit, click here. 

When it comes to cybersecurity, there are two major vulnerability components: the human and the network. The bad news is that humans and hardware defined networks are hard to change and secure. The good news is with the proper software and protocols, securing the network is very doable for government agencies. The key is to automate as much of the security process as possible. This is true whether agencies are using enterprise IT or cloud to store valuable information and resources.

In GovLoop’s Government Cybersecurity Virtual Summit, Ron Flax, Chief Technology Officer at August Schell, discussed where current solutions fall short and how VMware NSX can help enhance cybersecurity solutions through micro-segmentation, secure user environments, perimeter security anywhere and automation. August Schell is dedicated to delivering agile and innovative security solutions to proactively defend and protect organizations against cyberattacks.

Why Do Breaches Still Occur?
Flax said the problem with current cybersecurity solutions in government is that datacenters are only protected at the perimeter.

“We have more distributed applications and more server to server traffic,” Flax said. “Perimeter firewalls can handle traffic going outside datacenters. But traffic between web servers and application servers are usually unprotected. In a lot of cases, there’s no internal firewall for datacenters, which leaves government information more vulnerable.”

The modern datacenter is fast, smart, and sophisticated—and so are the threats to its security. Traditional perimeter security isn’t enough to stop attacks. Malware and viruses use legitimate access points or weaknesses in the perimeter to enter the datacenter, making them difficult to detect and even harder to stop from entering and spreading laterally throughout. And with so much sensitive data at stake, a successful attack could spell disaster for government agencies.

The increasing level of server traffic as well as the increasing sophistication of cyberthreats means government needs to add more levels of internal security. This can look like placing more firewalls across workloads. However, physical firewalls can be cost prohibitive and complex to configure, as thousands of firewalls would be needed to protect a datacenter. Virtual firewalls can also be cost prohibitive and slower performing. Additionally, there is limited central management in virtual firewalls, which makes it harder to detect cyberattacks.

So, what should agencies do to make sure their networks are truly protected? That’s where VMware NSX can help.

Advantages of VMware NSX
Government agencies need cybersecurity solutions that expand beyond simply preventing cyberthreats. Solutions must also incorporate detection and response methods.

VMware NSX improves traditional security methods with built in security into the actual datacenters, so even if an attack gets through the perimeter, it can be quickly identified and stopped before it spreads. NSX is a networking and security product of VMWare, which provides cloud and virtualization software and services.

“NSX is able to surround every machine with its own virtual firewall,” Flax said. It’s distributed across servers and allows for central policy management.”

More specifically, here’s how NSX improves security:

• Micro-segmentation
• Secure user environments
• Perimeter security anywhere

First, micro-segmentation is a security technology that breaks the datecenter into logical elements and manages them with high-level IT security policies. Micro-segmentation stops threats from moving laterally throughout the datecenter. However, until now, it hasn’t been operationally feasible. NSX enables operationally feasible micro-segmentation inside the datacenter segmentation, where fine grained and centralized controls help split networks into subnetworks to better monitor threats. NSX also enables integration, where the datacenter is moved to software to create a common networking and security platform. Such integration enables security services from multiple vendors to be combined for more robust security.

Next, NSX offers agencies more secure user environments. More users access applications from virtual desktops than ever before, creating new security vulnerabilities. Virtual Desktop Infrastructure (VDI) extends the same security policies and advantages used in the datacenter to desktop or mobile environments. With NSX, each virtual desktop is individually secured. That means internal server traffic can be secured, both to and from individual virtual machines. If one user gets infected or compromised, the threat can easily be contained and won’t spread to other users, or affect the datacenter.

Finally, NSX allows for more flexibility with perimeter security anywhere. NSX assigns security to individual workloads so that advanced security services and Internet access can be applied and controlled for any system in the datacenter. This can be done regardless of location within the network.

What’s Next in Cybersecurity?
NSX offers the future of cybersecurity solutions. In addition to improved detection and response methods for cybersecurity, government IT needs to look for solutions that offer automation to help boost staff efficiency and innovation.

IT teams always have a full workload. Unfortunately, some of the most mundane tasks are also the most-time consuming. This means IT admins are spending valuable time completing routine processes that could be better spent focusing on innovation and preventing cyberthreats. Even the most seasoned IT professionals make mistakes sometimes, resulting in breaches, outages, unexpected downtime and potentially costly fixes.

NSX takes the burden off of IT staffs and eliminates the human error factor through automation. Instead of people managing the technology, leaving room for error, IT automates IT. Tech teams can standardize and maintain predefined templates with network services so they can provision consistent environments in seconds instead of hours or days. By moving network services to software, agencies can respond to business needs and users more quickly and efficiently as well as mitigate any cyberattacks.

Protecting government networks requires more than securing around the perimeter. VMware NSX takes your security solutions to the next level by incorporating internal firewalls. Through micro-segmentation, secure user environments, perimeter security anywhere and automation, NSX can help your agency ensure networks are truly protected and that government can safely and efficiently serve the American public.

Did you enjoy GovLoop’s Government Cybersecurity Virtual Summit? Don’t miss our next virtual summit, all about government innovation, on May 10. Sign up here.