The Cybersecurity and Infrastructure Security Agency, along with the Federal Bureau of Investigation and other similar entities in New Zealand, issued a guidance on modern approaches to network access security. With the growing number of breaches and data incidents, organizations need to be thinking about, and planning to adopt, to modern firewall and network access management technologies to gain visibility over the network.
CISA lays out three specific approaches its guidance, namely zero trust, secure service edge, and secure access service edge. The guidance also tackles remote access, VPN deployment, and remote access misconfiguration, as well as threats and vulnerabilities associated with VPN and conventional remote access deployments.
1. The Zero-Trust Model: Based on the principle ‘never trust, always verify,’ the approach focuses on making sure users are authenticated, authorized, and validated before providing access to data and applications. Implementing the zero-trust approach can cut the risk of data breaches by around 50%, CISA said.
2. Secure Service Edge (SSE): SSE combines features such as cloud access security brokers (CASBs), secure web gateways (SWGs), and zero-trust network access (ZTNA). Organizations using SSE witnessed a 40% reduction in security incidents and a 30% improvement in network performance, CISA said.
3. Secure Access Service Edge (SASE): SASE broadens SSE’s functionality to provide users with secure, optimized access to data and applications, regardless of their physical location. Deploying SASE improves network agility by 35% and reduces operational costs by 25%, according to CISA.
Network Best Practices
CISA and its partners also recommended ways to optimize network security.
Continuous monitoring and assessment: Organizations need to implement continuous monitoring to identify user activity and network traffic to detect and respond to threats in real time.
Multi-factor authentication (MFA): As several recent breaches have shown, adding MFA to add an extra layer of security for user authentication, will help block many threats.
Regular security audits: Look for vulnerabilities by conducting regular security audits and penetration testing on the network.
This post was originally published on the 3rd party site mentioned in the title of this this site