Contact
Contact
Contact
Contact

    Assess

    Deploy

    Manage

    Train

    - CASE STUDY -

    Federal Agency Accelerates Zero Trust Adoption

    PARTNER-GettyImages-808157682

    Share On
    Follow us on Facebook Follow us on LinkedIn Follow us on Twitter Follow us on Instagram Follow us on Facebook

     

    Challenges

    • Compliance Requirements: The agency needed to comply with Executive Order 14028 and OMB Memorandum M-22-09, which mandated the adoption of Zero Trust Principles to improve cybersecurity across Federal agencies.
    • Complex Network Environment: The agency's existing network infrastructure did not align with key aspects of Zero Trust such as visibility, segmentation and least privilege:
    • Incomplete Visibility into network traffic, making it challenging to define a baseline for "normal" network behavior and to identify deviations
    • Undefined Access Policies as the organization operated off an open access policy which leveraged multiple solutions
    • Lack of Segmentation via group-based and identity-based policies, and network macro and micro segmentation
    • Limited Automation techniques and technologies to enhance security resiliency against sophisticated cyberattacks

    Solution

    • Comprehensive Zero Trust Assessment conducted by ModernCyber to determine the agency's current architecture, maturity, and strategy mapped to the CISA Zero Trust Maturity Model. Zero Trust Assessment included a survey and detailed analysis of the network, devices, and security policies

    • Incremental Zero Trust Implementation Plan: The assessment identified gaps and provided a structured 3-year Zero Trust Rollout Plan:

      • Year 1: Establish Visibility and Define Use Cases
        • Implement solutions such as Cisco Secure Network Analytics (CSNA) and Cisco ISE to provide visibility into the network and user access.
        • Establish dynamic group policy with Cisco ISE and Software-Defined Access.

      • Year 2: Implement Network Access Policy Controls and Macrosegmentation
        • Enforce stringent network access controls and gather identity and device health information.
        • Share identity information with visibility tools to enhance user attribution and policy enforcement.

      • Year 3: Implement Microsegmentation and Automation
        • Deploy solutions for host-based and network-based segmentation (e.g., Cisco TrustSec, VMWare NSX, Cisco ACI).
        • Utilize SIEM solutions like Splunk for automated incident response and policy enforcement.
        • Integrate automation and orchestration tools to manage dynamic policy enforcement and reduce operational costs.

    Results

    • Upon completion of Zero Trust Assessment, the customer moved forward with a large adoption of Cisco Secure Network Analytics and Cisco ISE to align with the proposed Year 1 Strategy of the proposed Zero Trust Implementation plan
    • Enhanced Security Posture by adopting zero trust principles, reducing the attack surface, and ensuring least privilege access
    • Improved Compliance: The agency successfully met the requirements of EO 14028 and OMB Memorandum M-22-09, aligning with Federal cybersecurity mandates
    • Operational Efficiency achieved through the customer’s implementation of dynamic policies and automation, while visibility and identity tools provided actionable insights and streamlined policy enforcement
    • Future-Ready Infrastructure as the agency was able to establish a scalable and adaptable security framework capable of responding to evolving threats and ensuring resilience and protection of critical assets