A Modern Framework for Network Security in Government

Transcription

1 A Modern Framework for Network Security in Government

2 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT

3 Governments are Undergoing Change Governments around the world are undergoing change. Whether reducing data center footprints, virtualizing existing services to reduce costs and go green, or advancing security strategies to thwart advanced attacks in the field or at home, governments are demanding more from their cybersecurity solutions today. Securing the Data Center and Virtualized Environments Governments are undergoing change in their data centers, virtualizing more services in their network, and overall pursuing more efficiency. As such, their cybersecurity needs are changing to demand greater performance, more flexible security policies and enforcement, and solutions that understand data center applications. In doing so, there are several key steps governments should consider: 1. Establish a benchmark of what applications reside within your data center. Data center applications use random, non-contiguous communication ports and protocols. Though these are critical applications, they are often the very ones with vulnerabilities and active exploits available. Understand your data center applications and their current risk profile. Then find a cybersecurity solution that is designed with the unique requirements of the data center in mind. 2. Determine a plan for security policy enforcement as users, applications and content move from VM to VM. Virtual resources are accessed by a distributed workforce with different security risk profiles. Virtualization removes the natural security borders of your existing security methods, and the dynamic nature of creating/ changing/moving VMs makes it difficult to track policies to those systems. Choose a cybersecurity solution that makes these moves seamless while your security policies remain intact with them one that safely enables applications of different trust levels running on a single virtualized server. And choose one that can handle the security needs of both east-west as well as north-south traffic. 3. Ensure your cybersecurity solution scales and is sufficiently flexible to meet the demands of the data center and virtualized environments. Just because your security needs are for a data center does not mean you must compromise your need for full visibility of your data center applications, content and users. Maintain the security of your data center traffic, inclusive of applications, content, and users, without compromising performance. 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN GOVERNMENT

4 Securing The Network from Low-level to Advanced Threats It s no secret that government networks are among the most targeted of virtually any industry. The stakes are high and attackers know they must use more evasive tactics to penetrate these networks. Sadly, many attackers are not only able to penetrate their target network, but often successfully establish a beachhead and remain undetected for a significant period time while continuing evasive and damaging action. This leads to tremendous loss whether of strategic, political, monetary or intelligence value. Fundamentally, the approach to the threat must move beyond defense-in-depth to add a model of zero trust. In doing so, there are several key steps governments should consider: 1. Review your current network segmentation. Ensure that what is most critical is treated that way within your cybersecurity strategy. Using zones to compartmentalize different segments of the network, governments can protect their assets from unauthorized applications or users, reduce the exposure of vulnerable systems, and prevent the lateral movement of malware throughout the network. Employ zero trust - i.e. no default trust for any entity user, device, application, or packet regardless of what it is and its location on or relative to the government network. The advent of the APT has made zero trust adoption critical. 2. Establish a benchmark of the applications on your network. This not only alerts the organization to rogue applications, it helps to inform a dialogue about what applications may be important to the day-to-day business of the mission. With this benchmark, you can apply appropriate security controls and ongoing visibility of these applications the content carried on them and the people and departments who use them to detect anomalies. 3. Use your benchmark to make important application decisions. Once you have vetted the legitimate applications for your mission needs, whitelist them. Ensure that no binary (on/off) decisions are made on applications which may be important to certain departments but not others. With the right cybersecurity solution, you can have flexibility and granular control to choose which applications and which content should be available to which departments. Then give only authorized users access to the approved applications. 4. Maintain ongoing visibility at the user, content and application level at all times. This is not a log analysis exercise but instead one of vigilance of the contextual visibility and anomaly detection that the right security solution can provide to your security teams. Advanced Persistent Threats: Advanced Pertsistent Threats (APT) employ evasive techniques to enter a network, establish a beachhead and then move laterally within their target organization. Some are disguised or bundled within legitimate network traffic and application data which has proven challenging for traditional security solutions to detect. Once inside the target organization, an APT can maintain communication channels with its controller(s)/ handler(s). It can exfiltrate intelligence and receive further instruction through an encrypted tunnel to and from an external command and control entity. In addition, it can receive malicious code updates which are reassembled within the compromised target network. This can make signature detection more difficult and can add more damaging capabilities to the resident malware. 4 A MODERN FRAMEWORK FOR NETWORK SECURITY IN GOVERNMENT

5 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT

6 Palo Alto Networks Solutions for Government Palo Alto Networks provides the most innovative, advanced, and flexible cybersecurity platform available to meet today s government requirements. The company is serving government customers in over 70 countries today who are demanding more from their security solutions. Palo Alto Networks meets data center requirements and provides an innovative threat prevention approach for both the known and unknown threat impacting government networks today. Palo Alto Networks platforms provide an all-in-one advanced cybersecurity solution. Our platforms use a single-pass architecture that ensures maximum performance for all environments. For data centers and virtualization environments, Palo Alto Networks: Offers consistent visibility into applications, users, content and advanced cybersecurity protection; Provides virtual and physical appliances, all managed with the same centralized management platform; Isolates data center applications and the tools that they use to manage those applications; Provides inter-server ( north-south ) communications inspection and intra-host inspection of virtual machine ( east-west ) communications within a server instance running multiple applications; Enables dynamic security policies with VM context to enable your cybersecurity policies to keep pace with VM provisioning and changes without having to re-associate those security protections; Integrates with cloud orchestration software to automate policy changes; Provides cybersecurity throughput at up to 120 Gbps, and; Provides numerous VM platform options including our jointly developed solution with VMware combining our VM-Series with the VMware NSX network virtualization platform. Palo Alto Networks VM platforms are also supported on the VMware ESXi 4.1, 5.0 and 5.5 platforms, and the Citrix NetScaler SDX and Series. Cyber-attacks are a daily reality and they are growing in sophistication and complexity., Jamie Shea, Deputy Assistant Secretary General for Emerging Security Challenges, NATO We could well face more serious coordinated threats in the future, in addition to the numerous ones we deal with every day. Such attacks underscore the importance for organisations to be always ready with the capability and expertise to deal with the myriad of cybersecurity threats. Jacqueline Poh, Managing Director, IDA, Singapore In a domain where technology and change are fast-moving, responding effectively will require a consistent and extensive effort. The Rt Hon Francis Maude MP, Minister for the Cabinet Office and Paymaster General, United Kingdom Cyber attacks are becoming more subtle, sophisticated and international, and strengthening Japan s response to them has become a critical issue. Chief Cabinet Secretary Yoshihide Suga, Japan Our nation confronts the proliferation of destructive malware and a new reality of steady, ongoing, and aggressive efforts to probe, access, or disrupt public and private networks, and the industrial control systems that manage our water, energy, and food supplies. Defense Secretary Chuck Hagel, United States 6 A MODERN FRAMEWORK FOR NETWORK SECURITY IN GOVERNMENT

7 To address today s swiftly changing known and unknown threats, including APT s, Palo Alto Networks platforms offer a number of capabilities in one platform: Advanced threat virtual sandboxing with swift signature creation and threat prevention IPS for fast detection and prevention of known threats Anti-malware URL filtering DNS monitoring and sinkholing File and content blocking to control known threats Visibility into and prevention of threats within encrypted communications Outbound C2 communications disruption Knowing that immediate response is critical to all threats and particularly for APT s Palo Alto Networks delivers threat prevention for unknown threats in as little as 30 minutes. Take a Test Drive Take advantage of the benefits of the Palo Alto Networks platforms with a demonstration. Developed for Palo Alto Networks customers, these tests arm government cybersecurity experts with hands-on experience with the platforms. The tests can be performed either on the publicly connected side of a government network or at a Palo Alto Networks-provided location based on the customer s preference. When government customers replace their existing cybersecurity solutions with those of Palo Alto Networks, they repeatedly experience tremendous increases in the number of threats discovered on their networks. See for yourself the Palo Alto Networks difference. Request a demonstration with our team in your country: company/locations.html Summary Governments need a plan that addresses their current needs without compromising access or security. Palo Alto Networks differentiated approach to security offers a model of positive enforcement that doesn t compromise trust. Providing an innovative and future-proof platform for the known and unknown threats to today s government networks, Palo Alto Networks provides the right protections for the data center to the core. Web: Twitter: Youtube: Government blog: tag/government/ 7 A MODERN FRAMEWORK FOR NETWORK SECURITY IN GOVERNMENT

8 4401 Great America Parkway Santa Clara, CA Main: Sales: Support: Copyright 2014, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN_BR_GOV_041114