How network modeling and cyber hygiene improve security odds for federal agencies
Agencies that have built network infrastructure over decades may not be doing enough to manage basic cyber-hygiene practices and stay ahead of modern threats, cautions a new report.
When out-of-date configuration rules lurk on networks, attackers essentially have a back door to walk into government systems. However, modern network modeling platforms, capable of integrating into existing infrastructure, can help agency IT departments identify and manage cyber risks and accelerate essential hygiene practices.
Network modeling tools give agency leaders a way to simulate upgrades and evaluate the impact of planned changes to their networks, as well as review past connections and rules. This can be helpful when trying to accurately understand the costs associated with cyber risk, explains the report, produced by FedScoop and CyberScoop and underwritten by RedSeal.
Cyber-hygiene practices to reduce risk
Targeted attacks on government agencies are becoming more sophisticated. To defend networks, IT administrators need to know how applications and devices are connected and ensure configuration rules are current.
“Consider an agency that has been around since the 1940’s. At some point in time they gave access to their IP address to multiple contractors. At another point in time they allowed phone lines from countries overseas to dial into their networks. Access privileges were put into place for both mission and business reasons — for all sorts of valid justifications,” says Wayne Lloyd, federal chief technology officer for RedSeal.
With agency staff turnover, the current IT team may not know why or when rules were put in place for the routers, firewalls, access control lists (ACL) and applications.
Keeping up with standard cyber-hygiene practices has grown increasingly difficult, given the workloads at most IT departments. For example, Lloyd points out that updating a typical firewall requires reviewing and validating up to a million rules. Even if an experienced engineer could validate a rule a minute, working 7 days a week, it would take a little over a year to evaluate one firewall.
The scale and complexity of agency networks is overwhelming and every change to modernize the system can leave behind a trail of outdated configurations. Each unattended connection carries a certain amount of vulnerability and potential risk.
The report points to modern platform solutions that use artificial intelligence and machine learning technology. This enables the platform to not only evaluate the systems most at risk, but to automate tasks such as compliance with policies and regulations.
The advantages of an integrated network model
Network modeling platforms give agencies a more powerful and dynamic view of applications and devices connected to their systems than a more traditional mapping tool. What also differentiates modeling platforms from mapping tools is their ability to provide context into configuration rules as well as the forwarding decisions.
Modeling platforms also provide simulation capabilities to help IT departments explore hypothetical problems. Rules from routers, ACLs and networks all feed into the model so it can more accurately treat a theoretical packet the same way a physical network would treat a real packet.
Their ability to automate instructions also means IT teams won’t have to constantly revisit configuration rules once something has been addressed.
“You are still going to need a human there, to pull it into context,” Lloyd says, but automation greatly enhances their ability to manage enterprise networks that require repetitive and continuous verification.
In the report, Lloyd provides a checklist of recommendations that agencies can use to evaluate network modeling platforms and what key features today’s best-of-breed platforms offer.
Learn more about how network modeling tools can help improve cyber-hygiene practices.
This article was produced by FedScoop and CyberScoop, and sponsored by RedSeal.