Cyber experts stress importance of telemetry for zero-trust architectures
Leveraging telemetry to monitor networks will be critical for the Department of Defense and other organizations that are trying to implement a zero-trust cybersecurity model, officials and tech industry leaders said Wednesday.
The Pentagon and other federal agencies have been directed by the White House to develop plans for implementing zero trust under a recent executive order. Companies in the private sector are also moving to embrace that model.
“We used to protect things by putting it behind a firewall … and we trusted everything that was on the correct side of the firewall,” Leo Taddeo, chief information security officer and president of the federal division at Appgate, said at the 2020 Zero Trust Summit in Washington, presented by CyberScoop. “But trust, once you were in the perimeter, was assumed.”
The zero-trust concept rejects that paradigm and assumes that entities already operating inside a network can’t automatically be trusted, he noted.
“The key point here… is your telemetry,” said Colten O’Malley, deputy commander of U.S. Army Command and Control Support. “You utilize your telemetry, utilize your instrumentation to automate your responses … so you have multiple ways to actually monitor what’s going on and you can tell if something’s being” exfiltrated, he said.
Collecting the type of data that can be used to enforce policy is an essential requirement for any zero-trust solution, Taddeo said.
“We can adjust trust. Based on that telemetry, we can decide not only who to trust but when to trust and how to dynamically determine trust. So that’s an important part of continuous collection of telemetry. It’s not a one-and-done solution. If we can monitor, continuously collect telemetry on a regular basis, and we can adjust trust … that’s how you mature to a zero-trust solution,” he said.
Cybersecurity systems can’t be expected to work perfectly all the time and stop all threats, O’Malley noted.
“You have to have a really strong team that understands how to read your telemetry, understands how to respond quickly, and have your own game plan for, you know, when something bad starts to happen,” he added.
