This blog post is an excerpt from GovLoop’s recent market trend report “Network Access Control: Your First Line of Cyber Defense.” Download the full report here.
Identifying and correcting network vulnerabilities is a 24/7 operation that must evolve as cyberthreats evolve. To stay current with ever-changing commercial and government regulations, agencies can’t rely on antiquated solutions and operational procedures.
Such a reactive approach to security focuses on addressing current and near-term cyber issues, but does not include longer-term planning or responses for future threats. It also doesn’t position agencies to proactively comply with security requirements that govern how they should manage network access across multiple devices and users.
To prevent the risks of unauthorized access to high-value assets or the loss of sensitive data, network access control is mandated by Homeland Security Presidential Directive 12 (HSPD-12), Federal Information Processing Standards (FIPS) guidelines, along with various DoD regulations. There are also network access requirements set by the Federal Risk and Authorization Management Program (FedRAMP), which developed a governmentwide baseline for securing cloud products and services used across agencies.
But implementing and enforcing these mandates requires sufficient funding and skilled professionals who understand the right tools and techniques. “The biggest challenge that we’re seeing is either a lack of resources or a lack of the training and knowledge necessary to keep the network running or to be able to secure it,” said Pete Burke, security practice team lead at Force 3.
Burke shared several best practices for implementing a comprehensive approach to network defense.
1. Set a solid foundation
When implementing network access controls, you have to ensure the technology you implement properly enforces security polices and that users are authenticated before gaining network access. When the time comes for your agency to undergo auditing procedures, you must be able to show these security measures are in place and effective.
2. Focus on authentication and access control
The network access control solution you use should be able to identify users by their unique profile and the device they are using. Once that is determined, access can be granted or denied. As a best practice, Burke recommends that once users are authorized on the network, they be given access only to what they need. It isn’t enough to simply authenticate users’ identities before giving them network access. Controlling what they can and cannot do within the network is also critical to security. “We’ve seen where different agencies are authenticating the assets and users on the network, but they’re not enforcing any access control, which defeats the purpose,” Burke said. Authentication is part of the process, but it isn’t the only step.
3. Automate network access control
Over time, agencies should reach a point where they can automatically remediate network access issues. That includes quarantining devices that are trying to connect to the network, but don’t meet an agencies standard levels of compliance. As your implementation of network access control evolves, you should consider how these and other tasks can be automated.
4. Increase network visibility
Burke recommends that agencies also improve the level of visibility that IT teams have into all of the traffic moving across the network. Boosting visibility involves monitoring network traffic flows, controlling network access, ensuring connected devices are compliant, performing remediation requirements and tracking which applications and systems that users can access. By doing so, agencies can create a baseline of network behavior and heuristics, enabling them to identify insider threats or malicious network activity that deviates from normal behavior.
5. Provide adequate training for your workforce
Identify opportunities to train or re-train IT personnel who will be involved in implementing network access controls. Ensure they have the knowledge and resources they need to maintain network security and availability. Through industry partnerships, you can learn new skills and also supplement your current workforce.