Identifying Cyber Blind Spots Vital to Zero Trust Progress


The old adage “consistency is key” rings especially true for Federal cybersecurity operations centers (CSOCs) today. Agencies who pay close attention to their operations center but lack visibility and control of cybersecurity blind spots – specifically applications and workloads – are ripe for attack.

In conducting risk management assessments of 96 agencies, the Office of Management and Budget (OMB) concluded that 71 percent were either “at-risk” or at “high risk,” according to the OMB’s 2018 Federal Cybersecurity Risk Determination Report and Action Plan. OMB indicated that a lack of visibility was creating many of the problems, as only 27 percent of agencies reported that they can detect and investigate attempts to access large volumes of data in their networks. This lack of visibility can have critical consequences for agencies long term.

Take the recent SolarWinds attack as an example. Russia-backed actors injected malware into software updates provided by the vendor, affecting up to an estimated 18,000 companies. This malware was able to infiltrate so many organizations by moving laterally within the systems, thereby avoiding detection for months. This attack demonstrated the dangers of a lack of visibility and control within companies and agencies and led to an increased interest in the Zero Trust security philosophy. How can you do something about your attacker if you can’t see them coming?

You Can’t Secure What You Can’t See

Increased visibility into security operations centers is no longer simply “good practice.”

Traditionally, agencies have been hyper-focused on threat intelligence to monitor for external attacks, but attacks like SolarWinds have demonstrated the importance of internal data-driven visibility. Visibility into how workloads and applications connect helps agencies determine what traffic should be allowed, and what is unnecessary (i.e., a risk).

Visibility is the first step toward protecting data centers – it’s a critical component in stopping unnecessary and nefarious movement. Agencies can monitor their environment with software that shows a real-time application dependency map to help visualize communications between workloads and applications.

With this kind of visibility, you can define which connections need to be trusted, and deny the rest – this approach contains and constrains adversaries automatically. It’s this approach, trusting only what’s absolutely necessary and blocking the rest by default, that is most fundamental for agencies’ security. This approach is what we call Zero Trust.

Zero Trust Has Your Back

Zero Trust has recently become the focus for Federal agencies, and for good reason. Acting Department of Defense CIO John Sherman outlined the importance of the philosophy, saying, “One of my key areas is to really increase our focus on Zero Trust and to maintain our strong focus on cyber hygiene and cyber accountability.” Zero Trust accounts for your blind spots and is marked by a series of unique characteristics:

  • Assume the network is always hostile;
  • External and internal threats exist on the network at all times;
  • Locality is not sufficient for deciding trust in a network;
  • Every device, user, and network flow must be authenticated and authorized; and
  • Security policies must be dynamic and determined from as many data sources as possible.

Many Zero Trust concepts are an evolution of established best practices, such as least privilege, defense-in-depth, and assume breach. Federal organizations have reached a tipping point in security, where yesterday’s best practices alone are not enough to shore up the defenses against a siege of external adversaries. With a Zero Trust architecture, agencies can contain and mitigate cyber risk effectively.

We All Have Blind Spots – It’s What We Do About Them That Matters

Accounting for cybersecurity blind spots means increasing visibility, embracing Zero Trust, and specifically, segmenting your environment to limit the impact of a breach. Zero Trust Segmentation reduces the attack surface, making it more difficult for bad actors to move around the network. By granularly segmenting networks, it becomes easier to protect the most sensitive data that agencies have because Zero Trust Segmentation creates a cloaked ring-fence around applications and workloads. This essentially makes them invisible to a would-be attacker.

Avoiding cybersecurity blind spots doesn’t need to be a shot in the dark. Building and implementing a Zero Trust architecture will ensure agencies maintain the vital security measures necessary to secure high-value assets. In a world where breaches are a certainty, a Zero Trust approach prevents a minor cyber incident from becoming a real-world disaster.

About Mark Sincevich
Mark Sincevich is the Federal director at Illumio.