Security

Better Visibility into Network Management Tools Can Mitigate Cyberattacks

As malicious acts increase, federal agencies may need help to design effective systems.

Sebastian Szykier is CDW•G’s federal security practice manager.

Without network management tools, federal IT environments could quickly grow unwieldy. These tools give administrators the ability to maintain, monitor and manage the network to ensure it remains reliable as new applications and services are added.

When these critical tools are targeted, immediate action must be taken to protect the network. On June 13, the Cybersecurity and Infrastructure Security Agency issued a binding operational directive, BOD 23-02, requiring agencies to secure exposed management interfaces within 14 days as a result of recent attacks targeting network management tools..

CISA had already issued an advisory about activity by the Cl0p ransomware group, which breached at least one federal agency, several universities and an unknown number of businesses in late January via that tool.

Adversaries continue to target these vulnerabilities, including ransomware groups from Russia and China that have exploited them in recent months. While the civilian agencies covered by CISA’s directive have complied as best they can, agencies should still manage their attack surface by proactively identifying and securing exposed management interfaces.

This requires an additional focus on operational maturity in addition to compliance, where a lot of agency attention has been directed since the White House zero-trust mandate was released last year. Agencies may need assistance balancing the two.

Click the banner below to learn how federal agencies are implementing zero trust architecture.

Federal Agencies Face a Wider Scope of Security Issues

But that’s not the only issue. Many agencies also lack the security controls to prevent, monitor and respond to threats targeting these devices. At the same time, the combined stresses of balancing remote workers and security without creating additional operational burdens are contributing to employee burnout.

The number of devices and applications on the average network doesn’t help, either. In order to get visibility into potential threats, IT staff needs to know what’s on the network and have the tools in place to monitor it all. While regulations and policies exist to ensure secure procurement, there’s less of a system in place to maintain an inventory of acquisitions or the lifecycles of IT assets.

The real challenge for the federal government, however, is that the scale of the problem is much larger for it than nearly any other U.S. enterprise.

The giant Health and Human Services Department, for example, has 12 operating divisions. When it comes to IT issues, each generally operates separately from the others. A single-point solution is not the answer.

LEARN MORE: How Backup as a Service fits with agencies’ adoption of zero-trust security.

Zero Trust Provides Visibility into Vulnerable IT Environments

What is, then? Visibility is key. A zero-trust security architecture and program — which all agencies must have in place by the end of September 2024 — will put the tools and processes in place needed to detect such severe intrusions. This shift in cybersecurity mindset will bolster existing risk management techniques.

Building this kind of environment and mitigating the effects of these malicious attacks create additional visibility in areas that may not have had it before. A good zero-trust assessment, such as those provided by CDW•G’s experts, can help agencies figure out how to start.

These assessments also can allow agencies to adopt zero-trust design that permits secure, remote administration of internet-connected devices by authorized users without creating additional operational burden.

Zero-trust solutions and services will help an agency establish and bring to maturity a comprehensive attack surface management program, reduce the risk associated with exposed management interfaces and assist in compliance with CISA BOD 23-02.

This article is part of FedTech’s CapITal blog series.