By Marcus Le Blanc, Network Security Solutions Architect
The move toward the cloud has changed the security industry in profound ways. No longer are we bound to offices that we must go into each day for work. But with that freedom comes a whole new set of challenges to secure the environment, especially for federal agencies. Gone are the days of large appliances performing firewalling, IPS, scanning emails, and DLP. Now, as security professionals, we must have a paradigm shift to securing both the endpoint and the application. But that presents its own set of challenges.
It’s impossible to have a next-generation firewall (NGFW) installed on every workstation in the environment. The complexities involved would cripple work structures and force an endpoint to spend all its time servicing the firewall rather than running Word and Excel. So, what can be done to secure the environment? Let’s explore some example designs around securing cloud infrastructure.
Leveraging the Cloud for Cybersecurity Services
First, as with a cloud-connected world, we can move security services up to the cloud itself. With always-on connectivity, all services can be run through a security provider, such as Palo Alto, where they perform the security for you. Your PC, when it is connected to the Internet, has an agent that runs on the device to make a secure connection to the cloud. From there, all security services are run through the system. From firewalling, advanced threat detection, URL filtering, all security services are performed by the provider. In addition, the provider can make connections to other cloud providers. With APIs, your users can allow for single sign-on to open your Salesforce instance without ever leaving the cloud. Just as with the days of MPLS, you stay within your own virtual network and break out only when necessary. Coupled with remote browser isolation (where all web browsing is performed on another system and only the rendered stream is sent to the end user), you have a very secure sandbox in which to perform all your online functions.
Advanced AI for Enhanced Security
The other option is providing traditional security services on the device itself, like we are used to, but with a stronger responding agent on the backend. What we are talking about here is Detect and Response. When we say, “detect and response”, this is not your normal anti-virus response. We are not looking for a bunch of signatures to match against for a threat. This is behavior analytics – featuring real-time threat analysis for signatures never seen before.
Behavior analytics leverages AI and machine learning to scan your networks and its behaviors to understand anomalies.
Now, detect and response comes in a myriad of different flavors. The most basic is endpoint detection and response (EDR). The EDR system goes beyond traditional signatures and patterns to incorporate analysis at all layers of security. The EDR system “learns” and adapts to the traffic that the user is providing to block anomalous activity and ultimately improve the defense capabilities of the organization.
Extended Detect and Response (XDR) builds upon the endpoint to include network nodes, data centers, and cloud services to have a holistic view of the entire environment. XDR does not replace security information and event management (SIEM) or solutions already in the environment but can enhance them. Managed Detect and Response (MDR) is outsourcing this function to a third party to have them perform the necessary operations. This can range from a report of what was blocked to full interactions with the user population to solve individual incidents. This option takes all the burden off your security teams and places it onto someone else so that you can make sure that those cat videos are seen as securely and in compliance as possible.
“The Only Constant is Change”- Heraclitus
As with our ever-changing security landscape of malware, APTs, threat hunting, and attack surfaces, the only constant is change. The move toward the cloud brings about new challenges. But there are architectures that can help you not only overcome those threats but help you to thrive in a world of uncertainty.
Whether your agency works alongside a provider to secure your environment, maintains its own security infrastructure to detect and respond to all threats, or outsources all of it to a managed service to report back what happened, Presidio Federal has the decades of experience and deep expertise to enable your agency on your journey. Learn more about our cybersecurity solutions and reach out to our team today to get started!
Pure is redefining the storage experience and empowering innovators by simplifying how people consume and interact with data. Pure is delivering a modern data experience—empowering agencies to run their operations as a true, automated, storage as-a-service model seamlessly across all clouds
Our team doesn’t disappear after delivery. Your federal workforce and systems will be supported with the right level of resourcing and thought leadership to take your systems into the future.
We leverage the knowledge and experience of our extensive partner ecosystem to create an environment of collaborative efficiency. The teaming process is agile, accountable and transparent. We work with clients to make sure that their entire chain of command is well-informed and educated. No surprises, only mission-driven delivery of innovation.
Our solutions leverage proven Knowledge Centers to repurpose relevant past experience for efficiency, but are then customized to match the moment and unique circumstances of an agency customer. We bring the right partners to the table to collaborate around architecture and design and then innovate beyond the challenge; often introducing next-level opportunities for automation, collaboration and commerce. Our solutions address those modernization challenges that require breadth, depth and a level of technical thought leadership that comes with a team that has worked both inside and outside government. We often work with agency customers as they are thinking through a problem and arm them with the tools and knowledge to articulate project scope, timing and budget.
We are wholly mission-focused, providing our government clients with broad and deep technical expertise and independent perspective on leading technology solutions. We take the time to deeply understand client challenges from the start – as well as their definitions of success. We guide them in harnessing advances in emerging technology while also looking ahead to anticipate future applications and opportunities that are entrepreneurial, ripe for automation.