The ongoing digitization of modern life has not stopped to exclude the government. With increasing online and data usage, government agencies have positioned themselves as major targets for hackers and cyber warfare. In 2018, the United States was the country most severely affected by cybercrime in terms of financial damage. Industry experts estimate that the U.S. government faced costs of over 13.7 billion U.S. dollars as a result of cyberattacks.
On average, companies take about 197 days to identify and 69 days to contain a breach according to IBM. Companies also face major fines if they take too long to disclose the breach and put themselves at risk of lawsuits from consumers and independent agencies. The cost alone of notifying customers about a hack can be around $740,000 in the United States.
To prioritize effective cybersecurity methods, the U.S. Department of Defense (DoD) has launched Comply-to-Connect (C2C), a comprehensive cybersecurity framework of tools and technologies designed to increase cybersecurity efficiency across the DoD’s enterprise. C2C is a framework to ensure devices requesting access to and operating on a network meet organizational defined policies before access is granted; they must comply to connect and remain in compliance while connected.
Forescout Technologies, Inc.’s unified security platform serves as the foundation of the C2C initiative. Three Wire is partnering with Forescout to provide engineering support to coordinate actions to reduce cybersecurity risk across the DoDIN. In other words, we provide the IT equipment and corresponding services needed to run the program. We also facilitate the delivery of C2C policies and administrator support with the rollout of licensing and implementation of Network Access Control (NAC) software.
C2C reduces vulnerabilities and human error by detecting, identifying, characterizing, and deterring unusual behaviors to secure the network and its information resources. The C2C security system provides results because Three Wire operates on a Zero Trust Architecture (ZTA), which requires all resources connected to a network be authenticated, secure and continuously monitored to be granted access.
How ZTA works
The technologies that support Zero Trust are moving into the mainstream as attacks become more sophisticated. Zero Trust is a security concept that boils down to a ‘do not trust anyone’ basis, including the resources that are already inside the enterprise. Outdated perimeter security approaches were rendered ineffective because once hackers gained access to corporate firewalls, they were able to move through internal systems without much resistance.
ZTA is not a single device, a single software application or service that can be acquired. Rather, ZTA is a set of tenants and principles that network infrastructure organizations can implement to improve their overall security posture.
The NIST Publication 800-207 outlines the seven tenants to a ZTA. The three Core Components of a ZTA include a Policy Engine, a Policy Administrator and a Policy Enforcement Point. The eight supporting components of a ZTA are a Continuous Diagnostic and Monitoring (CDM) system, an industry compliance system, Threat Intelligence feed(s), a network and access logging system, data access policies, a Public Key Infrastructure (PKI) system, an identification management system and a Security Information and Event Management (SIEM).
The C2C solution
C2C aims to provide the DoD a unified strategy in maintaining combined IT/OT cybersecurity situational awareness and readiness. The framework enables IT teams to authenticate endpoints, which includes determining what devices are connecting, connected, and disconnecting from the network.
The data flow and integration of a typical C2C system are monitored via SPAN, TAP, and/or NetFlow data streams. If a device is determined to be non-compliant, the C2C system brings the device into compliance by initiating automated remediation actions, either natively or through integrations with other security products.
For installation cybersecurity teams to maximize the effectiveness of C2C, they must include five core deliverables in their overarching strategy and execution:
- Discover & Identify: First, there must be comprehensive device visibility, including a complete discovery of traditional and non-traditional endpoints and associated software.
- Interrogate: Next, there is a scan and evaluate procedure to ensure that the identified resources meet organizational and DoDIN defined security posture.
- Auto-Remediate: After the interrogation stage, an automated orchestration of security and management process is implemented to update non-compliant devices, while validating and reporting the required changes.
- Authorize Connections: Then, access will be granted to the connections that comply with DOD enterprise policies and guidelines.
- Situational Awareness & Enforcement: Lastly, continuous monitoring will occur to connected devices and users to ensure the integrity of the data sharing and other services these validated networks provide.
Lastly, the C2C capability also provides assurances that deployed security updates are delivered and the devices are updated
How C2C works within a ZTA
As defined in the section above, the first step of C2C is the discovery and identification of all IP-enabled assets and devices connecting to and operating on the DODIN. This initial step of the C2C effort aligns with what NIST and the DoD define as their top-level capability of any Zero Trust effort: discovery and assessment.
Beyond visibility, micro-segmentation is another core principle that both the NIST and DoD Zero Trust frameworks share. C2C simplifies network segmentation because it does not require agents to be deployed to discover and analyze managed and unmanaged workstations, IoT and OT devices, virtual instances and cloud-based workloads.
The C2C program supports a Zero Trust system by continuously monitoring all connected devices with the capability to address any cyber-related deviations through automated action. When combined with Zero Trust principles, the C2C policy engine ensures both the user and their device meet defined access requirements and have the necessary cyber hygiene to allow secure and compliant access to enterprise resources.
Why Three Wire?
As organizations plan to transition to a more secure ZTA, Three Wire’s expertise and proven performance in C2C makes for a trusted partner for organizations seeking to implement a Zero Trust Architecture.
Even the most educated person is prone to running into data breaches. To mitigate human error, C2C provides automated orchestration services to reduce manually intensive processes to ensure operational devices meet organizational security policies and processes. The platform’s capabilities take cybersecurity beyond any DoD enterprise solution by using a step-by-step action plan to provide support in major cybersecurity specializations.