Defending a dynamic perimeter with modern firewall technologies
Federal agencies must manage an increasingly dynamic IT environment that supports a wide variety of application, user and IoT needs. The evolution toward multi-cloud networks, software-dominated infrastructure and zero-trust architecture requirements has largely shifted investment strategies around security and managing perimeter defenses.
In a new video series, government leaders shared how their organizations are keeping pace with security demands. The series, “Security Heroes: Defending the Dynamic Perimeter,” was produced by Scoop News Group, for FedScoop, and underwritten by Cisco.
A modern, or hybrid, network perimeter should now include next generation firewalls, policy enforcement points and capabilities like zero trust exchanges, according to Bobby Holstein, zero trust architect for the Bureau of Labor Statistics.
“It’s not the volume of traffic that’s increasing per se, but the complexity. Operations departments will need to increase visibility into these complex traffic flows to be able to monitor performance. And this new secure sharpened edge that’s replacing this [traditional] firewall perimeter needs to be able to inspect SSL traffic for malicious content,” he explained.
Aaron Bishop, CISO at the Department of the Air Force, echoed that sentiment, adding that modernizing perimeter defenses aligns with both cloud and zero trust architecture strategies.
“Firewalls and packet inspection is a key aspect to layers in defense,” he says and determining where the boundary lays “is now the question of the hour” for most leaders.
“I challenge all of my authorizing officials to look at where’s the boundary I’m trying to protect and where is the data that I’m protecting within it. If I need to move that data, I need to understand where that protections go with that data,” shared Bishop.
Many of the government leaders interviewed in this series said that new perimeter defenses need to be more agile to enforce policies across modern infrastructure that includes micro-segmented workloads, encryption needs for data in transit and capabilities like secure access service edge.
Peter Romness, cybersecurity principal, CISO advisors’ office at Cisco, refers to modern firewalls as “security facilitators.” He explained that they have “become a container for security tools—things like antivirus, intrusion protection, improved intrusion detection. And they also facilitate behavioral monitoring to look for anomalies and known bad behavior. They also provide the ability to have a security tunnel to all of your endpoints and all of your assets in the multi cloud environment.”
Additionally, security defenses need to work at speeds that accommodate the increased volume of traffic, and the need to encrypt, decrypt and analyze that traffic as it flows across the environment.
Robert Wood, CISO at the Centers for Medicare and Medicaid Services says what these changes are really driving “is a change in the way that we go about detecting and responding to issues in our environment,” which means that agencies need to have the resources to interface with all their endpoints and store the data so they can shift into more of a data-centric and engineering-centric workforce. “I think that’s the way of the future for the security industry, and it’s where we need to go.”
Hear more for our government leaders, and other participants in this video series, including:
- Anthony O’Neill, CISO, Massachusetts
- Craig Hurter, deputy CISO, Arizona
- Gerald Caron, former CIO, HHS OIG
- Jane Zipoli, federal civilian cybersecurity leader, Cisco
- Ryan Murray, deputy CISO, Arizona
- Tony Plater, CISO, Dept. of the Navy
This video series was produced by Scoop News Group for FedScoop and sponsored by Cisco.