65.9 F
Washington D.C.
Friday, April 12, 2024

PERSPECTIVE: Decrypting the Dangers: Securing the Government Against Rising Encrypted Threats

A new cyber threat is emerging: malicious actors targeting public entities via encrypted attacks. Hypertext transfer protocol secure, or HTTPS as it’s better known, has long been the standard for encrypting and protecting web data, but this promises a false sense of security. 

The Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive (BOD) 18-01, mandating HTTPS for the Federal government, led to greater web protection, but also resulted in challenges for security teams in monitoring and preventing attacks targeting perimeter-facing systems and applications.

According to a new report, the Zscaler ThreatLabz research team found an 185% increase in encrypted attacks targeting the government sector, demonstrating the growing sophistication of cybercriminals and use of encryption and emerging technologies like artificial intelligence (AI) to optimize threats.

While encryption protects sensitive information, it also gives cybercriminals means to conceal malicious activities – almost 86% of all cyber threats are now delivered over encrypted channels. Attackers are now using encrypted channels to obfuscate payloads, execute phishing scams, exfiltrate data, and more – essentially pitting encryption against security teams.

Complicating the issue, as agencies are making progress on the National Cybersecurity Strategy, they face the challenge of modernizing their security architecture, while still relying on aging legacy systems that are increasingly vulnerable to attacks.

To defend against the modern landscape of encrypted threats, government leaders need to comply with the Federal Zero Trust Strategy and increase the adoption of a Zero Trust architecture so agencies can continually monitor activity and inspect all encrypted traffic. Here are three things to consider:

Securing All Connectivity

Whereas traditional security models rely on perimeter defenses, Zero Trust acknowledges that threats can come from both inside and outside the network.

A Zero Trust architecture offers agencies a holistic enterprise approach to securing connections between users and applications, between Internet of Things devices and Operational Technology systems, between different locations, and between cloud services.

By inspecting every request, authenticating every user and device, and assessing all permissions before granting access – and then continually reassessing trust as context changes – a Zero Trust architecture empowers agencies to be proactive, adaptive, and data-centric. This streamlines management and creates a single, operationally simple way to enforce policy across all traffic.

Plus, all traffic must be logged and inspected, which requires a degree of visibility traditional security controls can’t achieve – and gaining deeper visibility into and across the IT ecosystem is key to mitigating risk.

It’s also important to remember that all Internet-facing services, including firewalls, and other legacy technologies such as VPNs, present attack surfaces for threat actors to target. That’s why CISA issued BOD 23-02 last June, requiring all Federal civilian executive-branch agencies to either remove such interfaces or deploy Zero Trust architecture to enforce access control to interfaces.

Let’s Get Granular

After infiltrating the network, the malicious actors can begin moving laterally, eventually establishing a network foothold like in the recent KV botnet. Lateral movement is a strategy threat actors use to spread across a network and increase the potential impact of their attacks.

However, government agencies can eliminate lateral movement by using micro-segmentation to limit access to only what each user or entity requires for their work.

For example, it can be as simple as connecting users directly to an application – instead of the network – to dramatically reduce the attack surface and help contain threats. These detailed, granular least-privileged access policies are based on application-level awareness, user identities, and device attributes, which offer significantly better visibility into network activity. 

For agencies that deal with sensitive data, operate critical infrastructure, and are subject to regulations, micro-segmentation is crucial because it reinforces data integrity and minimizes the blast radius of a cybersecurity incident. The granular partitioning of network traffic into segments provides greater resistance to cyberattacks because the most critical assets will always remain isolated.

Compared to traditional rule-based network segmentation used with legacy technologies, micro-segmentation is a dynamic, context-aware approach to network security that picks up where perimeter security ends, enforcing policy throughout an organization’s internal network – not just at the perimeter.

No Stone Unturned

The latest trends make clear that all encrypted traffic must be thoroughly inspected to detect and block cyber threats before they cause damage. For government agencies, the most effective way to decrypt, detect, and prevent threats in all encrypted traffic – at scale – is by using a cloud-native, inline proxy-based architecture.

Inline tools and devices work in real-time to scan and filter traffic, thereby reducing risk by preventing threats from reaching their target, and a proxy acts as a buffer that helps keep applications and data safe from harm, and shields users from direct access to or from threat actors.

 A cloud proxy is a cloud-based system that sits between a client and a web server, SaaS application, or data center, acting as an intermediary between the user and the server to provide secure access to resources while protecting the server from threats.

Why cloud? Traditional proxies are served by appliances. But when deployed in the cloud, a proxy-based architecture eliminates the expense of appliances and scales to meet evolving traffic demands, allowing agencies to inspect 100% of encrypted traffic without extra cost or degradation to performance, which ultimately results in reduced latency and an improved user experience.

With 95% of all web traffic now encrypted to protect data, agencies must rethink traditional approaches to security while also reducing their attack surface. Per the National Cybersecurity Strategy as well as the Federal Zero Trust Strategy, implementing zero trust governmentwide is critical to ensuring a strong cyber posture. As cybercriminals continue to apply new means of attacks from encrypted threats and beyond, zero trust remains the most important line of defense.

author avatar
Danny Connelly
Danny has 20 years of cybersecurity experience split between offensive computing as an ethical hacker and defending some of our most important networks used in COVID response. As a highly regarded thought leader and trusted cybersecurity advisor, Danny provided guidance and formulated strategies to combat emerging threats for various agencies across the federal government. Prior to joining Zscaler, Danny was the Associate CISO, Operations Branch Chief for the Centers for Disease Control and Prevention (CDC). During his 11 year tenure at CDC, Danny was responsible for implementing operational capabilities to support Incident Response, Forensics, Cyber Threat Intel, and Insider Threat functions. He has designed, implemented, and optimized enterprise cybersecurity capabilities to effectively detect, prevent and respond to emerging cybersecurity threats. Danny is proud to have led CDC defenders on the front lines to survive some of the most sophisticated threats over the last decade.
Danny Connelly
Danny Connelly
Danny has 20 years of cybersecurity experience split between offensive computing as an ethical hacker and defending some of our most important networks used in COVID response. As a highly regarded thought leader and trusted cybersecurity advisor, Danny provided guidance and formulated strategies to combat emerging threats for various agencies across the federal government. Prior to joining Zscaler, Danny was the Associate CISO, Operations Branch Chief for the Centers for Disease Control and Prevention (CDC). During his 11 year tenure at CDC, Danny was responsible for implementing operational capabilities to support Incident Response, Forensics, Cyber Threat Intel, and Insider Threat functions. He has designed, implemented, and optimized enterprise cybersecurity capabilities to effectively detect, prevent and respond to emerging cybersecurity threats. Danny is proud to have led CDC defenders on the front lines to survive some of the most sophisticated threats over the last decade.

Related Articles

Latest Articles