Learn how hybrid work is fueling ransomware attacks and what to do about it.

Back to blog

Why Zero Trust begins with proactive endpoint security for federal agencies

Darrin Curtis | Jan 27, 2022

Illustration of two hands shaking through smartphones captioned ZTNA

Share this article

Implementing a Zero Trust architecture requires time, commitment, and expertise. It’s not as simple as flipping a switch. The federal government seems to understand this. Following up on the White House’s initial Zero Trust Executive Order (EO) of May 2021, CISA and the Office of Management and Budget (OMB) have come out with guidance to assist agencies as they embark on what will be, for many, a multi-year initiative.

OMB released a new strategy on January 26, 2022 that added urgency to the EO’s Zero Trust directive. The announcement comes in the wake of the widespread Log4j vulnerability, which reared its head in December 2021 — one of a continuing parade of threats.

This latest strategy reinforces an October 8, 2021 memo from acting OMB director Shalanda Young, in which agency heads were told to get their endpoint detection and response (EDR) act together. It’s good advice. Although Zero Trust is all-encompassing — including servers, applications, and networks — an area of special concentration is endpoints.

It starts at the endpoints

What are the bad things that can happen at endpoints? Just about everything. Desktops, laptops, tablets, and smartphones are where users download malware from the Internet and open phishing email attachments. These endpoints are also where users might insert an infected USB drive or access sensitive data from an unsecured home or coffee shop Wi-Fi network.

With more employees than ever working remotely, the burden of maintaining effective cyber hygiene falls on them. While some employees are diligent in steering clear of questionable websites and phishing emails, the bad actors need only fool one employee one time to gain access to a treasure trove of data. In short, the need for a proactive defense of endpoints has never been greater.

EDR is a step in the right direction, but…

EDR protects endpoints by monitoring and collecting endpoint data to which it applies automated rules and analysis. The October 8 OMB memo points out that EDR is vital to defend against polymorphic malware, advanced persistent threats (APTs), and phishing attacks. And the memo notes that EDR is essential in the implementation of Zero Trust architecture. EDR closely examines endpoint data traffic, regarding every connected device as a potential attack vector that is never to be fully trusted.

The strategic thrust of the directive is to further the transition “from a reactive to proactive posture.”  To that end, Young’s memo emphasizes the role of EDR in centralized management, requiring agencies to “provide CISA with access to their current and future endpoint detection and response (EDR) solutions to enable proactive threat hunting activities and a coordinated response to advanced threats.”

Furthering the role of centralized management, FISMA guidance from the OMB issued on Dec. 6, 2021 calls for automated collection data cybersecurity metrics generated by federal agencies, with a deadline for compliance of April 2022.

Still, by design, EDR is a reactive approach. It’s in the name, after all: “detection and response.”

Isolation proactively keeps endpoints safe

Certainly, implementing EDR in a way that enables centralized monitoring and management will strengthen overall cyber defense. But it would be more proactive to keep the bad stuff off your end users’ systems entirely. Remote browser and email isolation does just that by creating a virtual “air gap” that prevents both known and unknown threats from ever reaching endpoint devices. Users can see and interact with the data they are accessing, even though it doesn’t reach their computers.

The ultimate goal of President Biden’s executive order is to implement Zero Trust. Implementing EDR is an important step along the way. Agencies should consider going beyond minimal compliance with CISA guidelines by implementing the virtual air gap security of remote browser isolation.

Learn how Menlo Security isolation keeps malware from ever reaching your network endpoints.

Download eBook: Reimagining online security for federal agencies

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.