The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and their counterparts in New Zealand, have jointly released guidance on modern approaches to network access security. As the frequency of breaches and data incidents continues to rise, organizations are being urged to consider and ultimately implement modern firewall and network access management technologies to enhance visibility and control over their networks.
The guidance issued by CISA outlines three specific approaches: zero trust, secure service edge (SSE), and secure access service edge (SASE). In addition to these approaches, the guidance also addresses issues related to remote access, virtual private network (VPN) deployment, remote access misconfiguration, as well as the threats and vulnerabilities associated with VPN and traditional remote access deployments.
Zero trust, the first approach highlighted in the guidance, is based on the principle of “never trust, always verify,” emphasizing the importance of authenticating, authorizing, and validating users before granting access to data and applications. According to CISA, implementing a zero-trust model can reduce the risk of data breaches by as much as 50%.
The SSE approach combines various features such as cloud access security brokers (CASBs), secure web gateways (SWGs), and zero-trust network access (ZTNA). Organizations that have adopted SSE reportedly experienced a 40% reduction in security incidents and a 30% improvement in network performance, as per CISA’s findings.
SASE, the third approach outlined in the guidance, expands on the functionality of SSE to provide secure and optimized access to data and applications for users regardless of their physical location. Deploying SASE has been shown to enhance network agility by 35% and reduce operational costs by 25%, according to CISA’s research.
In addition to these approaches, CISA and its partners have recommended several best practices to optimize network security. These include implementing continuous monitoring and assessment to detect and respond to threats in real-time, incorporating multifactor authentication (MFA) to enhance user authentication and security, and conducting regular security audits and penetration testing to identify and address vulnerabilities within the network.
By following these guidelines and adopting modern approaches to network access security, organizations can significantly enhance their cybersecurity posture and minimize the risk of potential data breaches and cyber threats. CISA’s comprehensive guidance serves as a valuable resource for organizations looking to strengthen their network security practices and safeguard their sensitive information from malicious actors.