Federal Government Cybersecurity

Many federal agencies keep all their data in-house, and do not use technologies like Wi-Fi, software-defined wide-area networking (SD-WAN), and Software-as-a-Service (SaaS). Security concerns are certainly a part of the motivation behind this stance. In many cases, however, the bigger reason is a reliance on older technology.

An aging infrastructure can have vulnerabilities not found in newer systems. As a result, advanced firewall protection is especially critical for such networks. To prevent intrusions and breaches, agencies must be able to detect and deflect today’s advanced and ever-evolving threats—including malware within encrypted network traffic—without slowing operations or impeding the agency’s mission.

FortiGate next-generation firewalls (NGFWs) provide scalable, comprehensive protection for both older and newer infrastructure without slowing network traffic. Purpose-built application-specific integrated circuit (ASIC) chip processing results in the industry’s best performance—even when large amounts of traffic encrypted with secure sockets layer (SSL) or transport layer security (TLS) encryption is inspected. Built-in capability for intent-based segmentation ensures that network resources are adequately divided for appropriate access control. And FortiGuard service bundles for FortiGate help ensure protection against zero-day and polymorphic threats.

Federal agencies operate some of the nation’s largest and most complex networks. Many operate across multiple IP domains, sometimes with each domain housing data at a different level of sensitivity and accessible to different employees and contractors. This sprawling infrastructure creates challenges around visibility and centralized control, threatening both security and operational efficiency.

To provide the best protection and make the most efficient use of taxpayer resources, these massive networks need a coordinated and integrated approach to cybersecurity that extends across domains. End-to-end integration is the only way to unlock full visibility and automation of threat detection, response, and compliance reporting.

The Fortinet Security Fabric provides a comprehensive, cross-domain security architecture that delivers single-pane-of-glass visibility and automation of security processes. Intent-based segmentation ensures that all resources are housed in a place where they are accessible to those who need them and blocked from those who do not. Network access control ensures that only authorized devices connect to the network, and management, analytics, and event management solutions provide visibility, control, and reporting capabilities that help leaders view their agencies’ security posture at a glance.

Nation-state adversaries increasingly mount a variety of attacks against the federal government, and common criminals are always seeking information that is valuable on the black market. Threat actors are using increasingly sophisticated technology to make their attacks more effective. They use automation, artificial intelligence (AI), and machine learning (ML) to create more zero-day malware, make phishing emails more realistic, and develop attacks that can get through traditional security solutions. And they are starting to use things like swarm technology to accelerate their attacks and make them more effective.

To fight back, federal agencies must have robust, real-time threat intelligence and the insight to enable effective response. As new malware variants proliferate, it is also critical that effective detection of unknown or zero-day threats be a part of the mix. Integration of the security architecture is key, as it enables real-time sharing of threat intelligence across the infrastructure.

Fortinet has one of the world’s largest intelligence networks and has been using AI to detect unknown threats for nearly eight years. AI and ML capabilities are integrated into the Fortinet sandbox solution, web application firewall, advanced endpoint security offerings, and user and entity behavior analytics tool. This coordinated and layered approach helps agencies discover zero-day attacks in real time while minimizing false positives and other productivity-draining threat-intelligence outcomes. It also improves cybersecurity staff productivity and decreases risk.

Big federal agencies struggle to achieve full visibility into the entirety of their vast networks, whether their infrastructure is entirely on-premises or includes hybrid cloud deployments. And the larger federal government continues to lack integrated situational awareness of threats and vulnerabilities across agencies. This lack of visibility hampers the effort to respond to threats that move at machine speed, and coordinated attacks on multiple agencies would potentially be difficult to contain.

The Department of Homeland Security is keenly aware of this issue and is working a coordinated approach that includes providing resources to agencies to help them address this problem. At the end of the day, the key lies in building a security architecture that is integrated across an entire agency, enabling centralized visibility and control and maximum automation of security processes and reporting.

The Fortinet Security Fabric provides this end-to-end integration, from the data center to multiple clouds to the network edge. This enables a more proactive, consistent approach to security across an agency. FortiManager, FortiAnalyzer, and FortiSIEM provide centralized visibility, control, and reporting with maximum automation. Tools to protect cloud workloads feature native integration with each major public cloud provider and a coordinated approach to securing all of them.

Insider risk is a major threat at federal agencies—sometimes by employees acting with nefarious intent, but often by users who cause problems by accident. In addition to federal employees, tens of thousands of contract employees access federal networks and data, many off-site and under conditions over which the government exercises little control. With everything from critical infrastructure to military secrets to protect, agencies must diligently guard against third-party threats.

Assigning usernames and passwords is no longer adequate for federal agencies to protect against insider threats. The concept of trust is no longer static. Devices change IP addresses as they move around, stolen credentials are bought and sold on the dark web, and legitimate insiders can create threats of their own—accidentally or deliberately. Criminals can steal authorized users’ credentials without their knowledge, sometimes moving laterally in the network for months before being detected.

As a result, agencies must take a multipronged approach to insider threat protection, monitoring the behavior of users, inspecting devices when they request access, and proactively working to bring adversaries into the open. Many federal agencies should operate under a zero-trust model, which replaces the concept of a trusted network with an approach in which all users and endpoints must be verified on a case-by-case basis, and access to data is set by policy or handled on a “need-to-know” basis. The zero-trust approach must be managed strategically, with logical network segmentation to keep unauthorized users away from specific resources and multiple layers of verification and mitigation for noncompliance.

Fortinet enables this kind of layered approach to threat protection in a fully integrated platform. Identity and access management solutions verify users, while network access control keeps tabs on devices. Advanced endpoint security tools help detect and remediate attacks on devices before they can spread on the network. User and entity behavior analytics technology watches for anomalies in behavior, while deception tools help lure attackers into revealing themselves. In many ways, intent-based segmentation provides the foundation for insider threat prevention by segmenting the network according to specific operational and access requirements.

Agencies typically have dozens or even hundreds of networked locations around the country. Providing connections between these branches and the main IT infrastructure has historically required expensive multiprotocol label switching (MPLS) infrastructure that was difficult to scale according to fluctuations in traffic.

Many federal agencies have found that they can improve network performance and resiliency while saving money by moving to software-defined wide-area network (SD-WAN) connections between locations. But since SD-WAN traffic travels on the public internet, robust security must be built in. And the network and security infrastructure at the branch location would ideally be integrated.

Fortinet Secure SD-WAN provides auto scaling, certified encryption, and cost-effective connections with branch locations, while Fortinet SD-Branch solutions enable consistent security coverage from the internet to the switching infrastructure.