Mar 28 2023

U.S. Patent and Trademark Office Adds Zero-Trust Capabilities

Threat monitoring and advanced user rights review will lift the burden on security teams to prioritize issues with on-premises and cloud databases.

As it continues to implement a zero-trust security architecture, the U.S. Patent and Trademark Office has added user rights management and activity monitoring capabilities for its on-premises and cloud databases.

The USPTO to include advanced user rights review, threat monitoring and vulnerability management.

The agency serves as the primary storehouse for national intellectual property data, making it a high-profile target for cyberattacks by foreign adversaries. At the same time, the USPTO aims to comply with the federal zero-trust architecture strategy, which requires civilian agencies to meet certain cyber standards and objectives by the end of fiscal year 2024.

“At USPTO, our mission to foster innovation through examination, granting high-quality patents and trademarks is crucial to American prosperity,” said CIO Jamie Holcombe in a statement. “Part of our mission requires creating, deploying and protecting the critical data in one of the world’s largest repositories of innovation, which includes almost every conceivable creation for over the last 250 years.”

Click the banner below to receive featured cybersecurity content by becoming an Insider.

Addressing Pillars of Zero Trust: Users and Data

The USPTO leaned into implementing all five pillars of the federal zero-trust architecture strategy as a means of safeguarding its data. The Trustwave DbProtect capabilities the agency added address two aspects in particular: users and data.

With the new toolsets, the USPTO will be able to flag user accounts with excessive privileges and limit their access to sensitive data. Forensic audit trails also will allow the agency to monitor the behavior of privileged database users.

Database activity monitoring will remove some of the pressure on USPTO security personnel to detect unusual or suspicious behavior with automated alerts. The new capabilities are designed to uncover vulnerabilities and anomalies that could lead to a breach across database assets. They then assign risk levels, so security teams can easily prioritize mitigation.

EXPLORE: What agencies should know about establishing zero trust in a hybrid work environment.

A Database-Specific Zero-Trust Approach

The USPTO isn’t alone in its push to secure its databases. Many companies and agencies, including the Cybersecurity and Infrastructure Security Agency’s Continuous Diagnostics and Mitigation program, are seeking out vulnerability scanning tools. Such tools must adapt to constantly evolving modes of attack designed to exfiltrate or manipulate data.

The White House continues to finalize zero-trust guidance, but the USPTO remains ahead of the curve with its database-specific security approach emphasizing continuous assessments.

“Data is at the heart of the zero-trust conversation,” said Bill Rucker, president of Trustwave Government Solutions, in a statement. “And in order to operate securely today and in the future, databases need to be considered as critical assets with the appropriate security considerations applied.”

gorodenkoff/ Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT