Entries by Wayne Lloyd, Federal CTO, RedSeal

Zero Trust Network Access (ZTNA): Reducing Lateral Movement

/by

In football, scoring a touchdown means moving the ball down the field. In most cases, forward motion starts the drive to the other team’s end zone. For example, the quarterback might throw to a receiver or handoff to a running back. Network attacks often follow a similar pattern: Malicious actors go straight for their intended target by evaluating the digital field of play and picking the route most likely to succeed.

In both cases, however, there’s another option: Lateral movement. Instead of heading directly for the goal, attackers move laterally to throw defenders off guard. In football, any player with the ball can pass parallel or back down the field to another player. In lateral cyberattacks, malicious actors gain access to systems on the periphery of business networks and then move “sideways” across software and services until they reach their target.

Zero Trust: Back to Basics

/by

The Executive Order on Improving the Nation’s Cybersecurity in 2021 requires agencies to move towards zero trust in a meaningful way as part of modernizing infrastructure. Yet, federal agencies typically find it challenging to implement zero trust. While fine in theory, the challenge often lies in the legacy systems and on-premises networks that exist with tendrils reaching into multiple locations, including many which are unknown. Identity management and authentication tools are an important part of network security, but before you can truly implement zero trust, you need an understanding of your entire infrastructure. Zero trust isn’t just about identity. It’s also about connectivity.

Zero Trust: Shift Back to Need to Know

/by

Cyberattacks on government agencies are unrelenting. Attacks on government, military, and contractors rose by more than 47% in 2021 and can continue to climb. Today’s cybercriminals, threat actors, and state-sponsored hackers have become more sophisticated and continue to target government data and resources. For governmental agencies, hardening security requires a return to “need to know” using zero trust security protocols.

Zero Trust Is Here to Stay, So How Can I Prepare My Network?

/by

Whether you agree or not with the concept–zero trust architecture is here for the foreseeable future, and unless your organization is cloud-native, you are going to have to prepare to implement zero trust on your existing enterprise. RedSeal can continuously monitor your network segmentation and micro segmentation policies to stay compliant with your zero-trust architecture goals.

What You Need to Know About CMMC Certification

/by

Supply Chain Brain | October 7, 2020

As the Cybersecurity Maturity Model Certification (CMMC) nears full implementation, affected organizations are scurrying to ensure they’ll pass the certification process.

The goal is simple: organizations must meet minimum cybersecurity standards, and in doing so, they do their part to improve national security. The stakes are extraordinarily high […]

Supporting the DoD’s Defend Forward Initiative

/by

 

What is Defend Forward?

The DoD’s Defend Forward operational concept has been rolling out over the past few years. Policy makers and cyber defenders in government realized that, as the situation in Afghanistan led directly to the rise of Al-Qaeda and the 9-11 attacks, the situation in cyberspace was going to lead to crippling […]

Real World Versus Cyber Hygiene

/by

As I watch the drama on the news unfold it is striking to me how similar the tactics for defending against a spreading virus are to cyber defense.

Washing your hands equates almost exactly to cyber hygiene tactics like patching.

Social distancing is nothing more than putting barriers up to prevent the spread of attacks, […]

A Resilient Infrastructure for US Customs and Border Protection

/by

The Customs and Border Protection agency recently announced an official 2020-2025 strategy to accomplish their mission to “protect the American people and facilitate trade and travel.”

The strategy comprises only three goals, one of which is to invest in technology and partnerships to confront emerging threats. This includes an IT Infrastructure that provides fast and […]