The AI Revolution: Transforming Technology and Reshaping Cybersecurity

Artificial Intelligence (AI) is revolutionizing government and technology, driving an urgent need for innovation across all operations. Although historically, local and state government systems have seen only incremental changes with limited AI adoption, today, a significant shift is occurring as AI is integrated across all government sectors.

Benefits of AI Integration

The benefits of these changes are evident. AI-powered systems analyze vast amounts of data, offering insights for better decision-making. Public services become more personalized and efficient, reducing wait times and enhancing citizen satisfaction. Security is significantly bolstered through AI-driven threat detection and response. Consequently, governments are adopting AI and advanced software applications to provide secure, reliable, and resilient services to their citizens, enhancing digital engagement and communication within their communities.

With this rapid growth, cybersecurity operations are among the areas most significantly impacted by advancements in artificial intelligence. CyberOps is at a unique intersection, needing to leverage advanced AI capabilities to enhance effectiveness and resiliency. However, numerous applications and connections are simultaneously challenging it by utilizing emerging AI capabilities to improve their effectiveness and resilience. Despite historically being rigid and resistant to change, CyberOps must adapt to the challenges of an AI-driven digital world.

Whole-of-State / Agency Cybersecurity Approach

Whole-of-State cybersecurity and zero trust governments can be challenged with maintaining digital operations while ensuring sensitive information’s privacy and security. Cisco’s technology allowed agencies to easily meet these requirements through advanced AI-powered security solutions and privacy-preserving AI models. Thanks to techniques like federated learning and differential privacy, sensitive information could be processed and analyzed without compromising individual privacy.

Adopting AI-Driven Services

Adopting AI-driven, easily consumable, on-demand services provides a secure, sustainable, and reliable foundation to build on. Investing in an infrastructure that is secure and flexible allows governments to quickly pivot to the emerging opportunities that the AI revolution brings. No one person could have predicted or prepared for such a transformative shift. Still, the ability to rapidly adapt to the challenges it brought and continue to serve the community and citizens in the ways they deserve is key.

Challenges and Adaptation

Don’t be mistaken, change is often hard. Humans are creatures of habit and comfort and rarely like to be pushed outside our comfort zone. Unfortunately, the AI revolution is doing just that. It is forcing us to adapt and discover new ways to operate and provide what are now seen as even the most basic digital services. The drive and demand for AI-powered services in the government sector are rapidly expanding. We are experiencing one of the most significant catalysts for technological adoption in the state and local government space since the internet became mainstream.

This revolution is driving the necessity for a whole-of-state cybersecurity and zero trust approach. The goal is no longer maintaining the status quo but rather achieving a level of service that provides the foundation for how things can be in an AI-enabled world. Providing enhanced, secure services and support to the community has become the resounding focus of state and local governments.

Cisco’s Role in Supporting Governments

As we navigate this AI revolution, Cisco stands ready to support governments in their journey towards whole-of-state cybersecurity and zero trust adoption. Our comprehensive suite of AI-powered solutions provides the building blocks for a secure and efficient AI-enabled government infrastructure. The shift to a more inclusive, AI-driven government began with specific applications but is rapidly expanding to all sectors and offerings in the state and local government spaces.

Source: cisco.com

Continue reading

The Real Deal About ZTNA and Zero Trust Access

ZTNA hasn’t delivered on the full promise of zero trust

Zero Trust has been all the rage for several years; it states, “never trust, always verify” and assumes every attempt to access the network or an application could be a threat. For the last several years, zero trust network access (ZTNA) has become the common term to describe this type of approach for securing remote users as they access private applications. While I applaud the progress that has been made, major challenges remain in the way vendors have addressed the problem and organizations have implemented solutions. To start with, the name itself is fundamentally flawed. Zero trust network access is based on the logical security philosophy of least privilege. Thus, the objective is to verify a set of identity, posture, and context related elements and then provide the appropriate access to the specific application or resource required…not network level access.

Most classic ZTNA solutions on the market today can’t gracefully provide this level of granular control across the full spectrum of private applications. As a result, organizations have to maintain multiple remote access solutions and, in most scenarios, they still grant access at a much broader network or network segment level.  I believe it’s time to drop the “network” from ZTNA and focus on the original goal of least-privilege, zero trust access (ZTA).

Classic ZTNA drawbacks

With much in life, things are easier said than done and that concept applies to ZTNA and secure remote access. When I talk to IT executives about their current ZTNA deployments or planned initiatives there are a set of concerns and limitations that come up on a regular basis. As a group, they are looking for a cloud or hybrid solution that provides a better user experience, is easier for the IT team to deploy and maintain, and provides a flexible and granular level of security…but many are falling short.

With that in mind, I pulled together a list of considerations to help people assess where they are and where they want to be in this technology space. If you have deployed some form of ZTNA or are evaluating solutions in this area, ask yourself these questions to see if you can, or will be able to, meet the true promise of a true zero trust remote access environment.

• Is there a method to keep multiple, individual user to app sessions from piggybacking onto one tunnel and thus increasing the potential of a significant security breach?
• Does the reverse proxy utilize next-generation protocols with the ability to support per-connection, per-application, and per-device tunnels to ensure no direct resource access?
• How do you completely obfuscate your internal resources so only those allowed to see them can do so?
• When do posture and authentication checks take place? Only at initial connection or continuously on a per session basis with credentials specific to a particular user without risk of sharing?
• Can you obtain awareness into user activity by fully auditing sessions from the user device to the applications without being hindered by proprietary infrastructure methods?
• If you use Certificate Authorities that issue certs and hardware-bound private keys with multi-year validity, what can be done to shrink this timescale and minimize risk exposure?

While the security and architecture elements mentioned above are important, they don’t represent the complete picture when developing a holistic strategy for remote, private application access. There are many examples of strong security processes that failed because they were too cumbersome for users or a nightmare for the IT team to deploy and maintain. Any viable ZTA solution must streamline the user experience and simplify the configuration and enforcement process for the IT team. Security is ‘Job #1’, but overworked employees with a high volume of complex security tools are more likely to make provisioning and configuration mistakes, get overwhelmed with disconnected alerts, and miss legitimate threats. Remote employees frustrated with slow multi-step access processes will look for short cuts and create additional risk for the organization.

To ensure success, it’s important to assess whether your planned or existing private access process meets the usability, manageability and flexibility requirements listed below.

• The solution has a unified console enabling configuration, visibility and management from one central dashboard.
• Remote and hybrid workers can securely access every type of application, regardless of port or protocol, including those that are session-initiated, peer-to-peer or multichannel in design.
• A single agent enables all private and internet access functions including digital experience monitoring functions.
• The solution eliminates the need for on-premises VPN infrastructure and management while delivering secure access to all private applications.
• The login process is user friendly with a frictionless, transparent method across multiple application types.
• The ability to handle both traditional HTTP2 traffic and newer, faster, and more secure HTTP3 methods with MASQUE and QUIC

Cisco Secure Access: A modern approach to zero trust access

Secure Access is Cisco’s full-function Security Service Edge (SSE) solution and it goes far beyond traditional methods in multiple ways. With respect to resource access, our cloud-delivered platform overcomes the limitations of legacy ZTNA. Secure Access supports every factor listed in the above checklists and much more, to provide a unique level of Zero Trust Access (ZTA). Secure Access makes online activity better for users, easier for IT, and safer for everyone.

Here are just a few examples:

• To protect your hybrid workforce, our ZTA architectural design has what we call ‘proxy connections’ that connect one user to one application: no more. If the user has access to several apps as once, each app connection has its own ‘private tunnel’. The result is true network isolation as they are completely independent. This eliminates resource discovery and potential lateral movement by rogue users.
• We implement per session user ID verification, authentication and rich device compliance posture checks with contextual insights considered.
• Cisco Secure Access delivers a broad set of converged, cloud-based security services. Unlike alternatives, our approach overcomes IT complexity through a unified console with every function, including ZTA, managed from one interface. A single agent simplifies deployment with reduced device overhead. One policy engine further eases implementation as once a policy is written, it can be efficiently used across all appropriate security modules.
• Hybrid workers get a frictionless process: once authenticated, they go straight to any desired application-with just one click. This capability will transparently and automatically connect them with least privileged concepts, preconfigured security policies and adaptable enforcement measures that the administrator controls.
• Connections are quicker and provide high throughput. Highly repetitive authentication steps are significantly reduced.

With this type of comprehensive approach IT and security practitioners can truly modernize their remote access. Security is greatly enhanced, IT operations work is dramatically simplified, and hybrid worker satisfaction and productivity maximized.

Source: cisco.com

Continue reading

When it Comes to Compliance Requirements – Topology Matters!

When I look at the evolution of network security and how IT and security practitioners have protected the network for the last 30 years, I can’t help but notice how traditional network security enforcement points (insert your favorite firewall here) are still used to secure networks and workloads. They have evolved to offer a diverse set of features (i.e., IPS, decryption, application detection) to deeply analyze traffic coming in and out of the network to protect workloads. However, while firewalls are very capable appliances, it has been proven that they are not enough to keep malicious actors at bay, especially if those actors manage to breach the firewall defenses and move laterally in the network. But why is this?

We are in the digital era, where the concept of the perimeter is no longer contained to a location or a network segment. To offset this new reality and provide a more tailored-based policy control for protecting workloads, vendors have moved security closer to the workload.

There are two approaches to do this -, using agent or agentless techniques to build a micro-perimeter around the workloads.

Which approach is the correct one to take? Well, this depends on multiple factors, including organizations, type of application, or team structure. So, let’s start untangling this.

The challenge(s)

The most direct approach to protect applications is to install software agents on every workload and call it a day. Why? Because then every workload has its own micro-perimeter, allowing access to only what is necessary.

However, it is not always possible to install a software agent. Perhaps it is a mainframe application or a legacy operating system that requires fine-grained policies due to a compliance mandate. Or application workloads that are in the cloud and the agent installation is simply not possible due to organizational constraints.

And this is not the only challenge or consideration for choosing your approach. The teams or groups that comprise any company often have different security requirements from each other, leading to the triad challenge: people, processes, and technology.

Let’s start with people (policy owner) and process (policy execution). Usually, each organization has its own set of unique requirements to protect its application workloads, and a defined process to implement those requirements in the policy. To support this, a tool (technology) is required, which must adapt to each organization’s needs and should be capable of defining a common policy across agent and agentless workloads.

To start unwrapping this, you need to ask yourself:

◉ What are we protecting?

◉ Who is the owner of the policies?

◉ How is policy execution done?

As an example:

Say you want to protect a finance application (what) using an agent-based approach (how), and the owner of the policies is the App Team/Workload Team (who). In this scenario, as long as the application doesn’t break and the team can continue to focus on coding, this is generally an acceptable approach. However, when implementing the common policy, the translation from human language to machine language tends to generate extra rules that are not necessarily required. This is a common byproduct of the translation process.

Now, let’s assume that in your organization the protection of a legacy application (what) is tasked to the Network/NetSec team (who) using an agentless enforcement approach with network firewalls (how) because in this case, it is not possible to install software agents due to the unsupported legacy operating system. As in the first example, extra rules are generated. However, in this case, these unnecessary extra rules create negative consequences because of firewall rules auditing requirements for compliance mandates, even though they are part of the common policy.

Topology as the source of truth – pushing only what is required

Cisco Secure Workload has been addressing the people, process, and technology challenges since its inception. The solution embraces both approaches – installing software agents on workloads regardless of form factor (bare-metal, VM, or container) or by using agentless enforcement points such as firewalls. Secure Workload adapts to each organization’s needs by defining the policy, such a zero trust microsegmentation policy, to effectively apply micro-perimeters to application workloads in support of the zero trust approach. All within a single pane of glass.

However, as explained in the example above, we still needed to align our policy to the compliance needs of the Network/NetSec team, only using the policy rules that are required.

To tackle the additional rules challenge, we asked ourselves, “What is the most efficient way to push policies into a network firewall using Secure Workload?”

The answer boiled down to a common concept for Network/NetSec teams – the network topology.

So how does it work?

With Secure Workload, the term topology is intrinsic to the solution. It leverages the topology concept using a construct named “Scopes”, which are totally infrastructure agnostic, as shown in Figure 1.

It allows you to create a topology tree in Secure Workload based on context, where you can group your applications and define your policy by using human intent. For example, “Production cannot talk to Non-Production” and apply the policy following the topology hierarchy.

The Scope Tree is the topology of your application workloads within the organization, but the key is that it can be shaped for different departments or organizational needs and adapted to each team’s security requirements.

The concept of mapping a workload Scope to a network firewall is called “Topology Awareness.”

Topology Awareness enables the Network/NetSec teams to map a particular Scope to a specific firewall in the network topology, so only the relevant set of policies for a given application is pushed to the firewall.

So, what does this execution look like? With the Scope mapping achieved, Secure Workload pushes the relevant policy to the Cisco Secure Firewall by way of its management platform, Secure Firewall Management Center (FMC). To maintain compliance, only the required policy rules are sent to FMC, avoiding the extra unnecessary rules because of Topology Awareness. An example of this is shown in Figure 2:

Key takeaways

Operationalizing a zero trust microsegmentation strategy is not trivial, but Secure Workload has a proven track record of making this a practical reality by adapting to the needs of each persona such as Network/NetSec admins, Workload/Apps owners, Cloud Architects, and Cloud-Native engineers – all from one solution.

With topology awareness, you can:

◉ Meet compliance and audit requirements for firewall rules

◉ Protect and leverage your current investment in network firewalls

◉ Operationalize your zero trust microsegmentation strategy using both agent and agentless approaches

Source: cisco.com

Continue reading