NSA Publishes Guidance on Implementing Zero Trust to Limit Lateral Movement
The National Security Agency (NSA) has issued guidance on implementing zero trust security to limit lateral movement within the network should a threat actor breach the organization’s defenses. As we have seen many times in the past year, threat actors have gained initial access to a healthcare organization’s network and have been able to steal vast amounts of sensitive data and conduct crippling ransomware attacks. If those breached organizations had implemented a zero trust security architecture, the severity of those breaches could have been significantly reduced.
The traditional IT security model is focused on preventing access to internal systems, with everyone inside the network perimeter trusted. A zero trust security architecture assumes that there is already a threat actor inside the network, and limits the actions that can be performed without further authentication. Zero trust is concerned with strengthening internal network controls to contain intrusions to a segmented portion of the network to limit the harm that can be caused. “Organizations need to operate with a mindset that threats exist within the boundaries of their systems,” said NSA Cybersecurity Director Rob Joyce. “This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture.”
The NSA issued its first zero trust security guidance in February 2021, which explains zero trust security and the advantages and principles behind it, and the second in April 2023, which was focused on reaching maturity in the user pillar. The new guidance, Advancing Zero Trust Maturity Throughout the Network and Environmental Pilar, is focused on reaching maturity in the network and environment pillar, which covers all software and hardware, non-person entities, and inter-communication protocols and is concerned with isolating critical resources by defining network access, controlling network and data flows, segmenting applications and workloads, and using end-to-end encryption.
The zero trust maturity model provides enhanced security through data flow mapping, macro and micro segmentation, and software-defined networking. Data flow mapping identifies the route that data travels within an organization, and how it transforms from one location or application to another. Through data flow mapping, all internal and external nodes on which data is stored or processed are identified, which allows organizations to discover data misues and identify areas where data is not properly encrypted or protected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Macro segmentation provides high-level control over traffic moving between various areas of an organization’s network and is achieved by breaking up a network into multiple discrete components. For example, segmenting the network to make sure that the data and resources needed by one department cannot be accessed by another. Micro segmentation adds security at a granular level by breaking down a portion of the network into smaller components, and limiting how data flows laterally through strict access policies. Software-defined networking enables the control of packet routing by a centralized control server via a distributed forwarding plane, which provides additional visibility into the network and enables unified policy enforcement.
The NSA is currently helping Department of Defense customers pilot zero trust systems and plans to release further zero trust guidance on the other zero trust pillars to help organizations incorporate the principles and designs of zero trust into their enterprise networks.
