Cybersecurity Mesh Architecture Strengthens Security for State and Local Governments

What Is Cybersecurity Mesh Architecture (CSMA)?

“A cybersecurity mesh is a platform that provides centralized management and visibility across a vast ecosystem of solutions, and it automatically adapts to dynamic changes in the network. These platforms promote the interoperability and coordination of individual security products, leading to more cohesive security,” Hawang says.

Joe Tibbetts, vice president of tech alliances and API at Mimecast, says centralized management of disparate security tools empowers government to tune different platforms simultaneously.

“It grants security teams visibility, access and proper controls over their entire security apparatus,” Tibbetts says of cybersecurity mesh. “It delivers central visibility of all of your security tools in a fashion that is easy to consume, and it provides efficiency at scale.”

He adds, “When you want to create a new policy, do you want to do that in seven different security products? Or can you have a central policy function? Every single organization has a different security process, different posture and different tools. Cybersecurity mesh brings that all together in a system of systems.”

DIVE DEEPER: Fortify your front lines by integrating asset management and cybersecurity.

How Does CSMA Strengthen Defense Government Systems?

Aaron Rose, security architect manager in the office of the CTO at Check Point Software, says that government agencies could previously match point solutions to attack vectors. That was effective when employees were under one roof, but many workers are on the job while traveling or working remotely.

“Everything used to be housed within a data center, and all of your people would sit inside of headquarters or a branch office. You could draw a line, or a box, around each of those locations. Your data center would be protected by a centralized security tool,” Rose says. “The problem is, where do you draw your boxes now? Do you draw it around my house and the airport and then follow me across the country as I’m traveling? It’s hard to draw a box around where your employees are or where your data is being housed because we’ve moved more toward mobility and toward cloud services.”

Workforces generally began working from anywhere with the rise of powerful broadband solutions, but the COVID-19 pandemic accelerated that trend, Rose says.

“The majority of organizations are using cloud services from multiple vendors. They might be using Microsoft 365 for email, documents and collaboration. They could also be using a mixture including Google Workspace. They might be using things such as Salesforce or other Platform as a Service solutions. A little bit of the data is everywhere.”

“The idea behind cybersecurity mesh is that you’re going to follow the users and follow the data, no matter where they go,” he says.

Tibbetts says, “It’s giving security teams visibility, access and proper controls over their entire security apparatus. It’s having central visibility of all of your security tools in a fashion that is easy to consume. It’s having detection capabilities, so you don’t have to chase down alarms that you have to investigate, giving you efficiency at scale.”

Should an agency seek to establish a new security policy, it can enact it once for the centralized command rather than individually across separate security products.

“It gives you the ability to increase your protection, increase your detection capabilities, and increase your efficiency for operational oversight over whatever security tools, stacks and processes you may have,” Tibbetts says.

What Advantages Does Cybersecurity Mesh Provide to Governments?

Hwang emphasizes that an agency can easily scale its security solutions with the visibility provided by cybersecurity mesh architecture.

“This approach strengthens an organization’s security but also simplifies it by enabling security teams to consolidate their multitude of siloed tools,” he says. “An automated and integrated cybersecurity platform is essential to reducing complexity and increasing overall security effectiveness across expanding networks.”

Tibbetts views the benefits of CSMA through the National Institute of Standards and Technology’s Cybersecurity Framework. The framework outlines five core functions, and cybersecurity mesh assists directly in three of them: protection, detection and response.

“From a protection perspective, you want to make sure multivector attacks are covered when your firewall sees some threats. The firewall should share intelligence with your endpoint solution, with your email solution, with your web solution. So, your tools act in unison as if they were one security product,” he says.

“For detection capabilities, you bring together different portals, technologies and processes across the enterprise. You efficiently bring those capabilities together to produce actionable alerts. You don’t want to bounce between five different web screens to chase down an alert. Bring all of it together for a holistic view of your environment,” he adds.

Tibbetts continues: “An attack is inevitable. For response, you want to have sufficient capabilities to be able to discover and remediate an attack, but also to add it to all of the different block lists and do it in a very efficient fashion, again not following it through different portals and consoles.”

DISCOVER: Alert fatigue is a real problem for local agencies; here’s what to do about it.

Rose notes that government agencies often hold sensitive and classified data. Cybersecurity mesh can help maintain compliance.

“For government entities, often they are either creating and enforcing regulations or compliance standards. Cybersecurity mesh is able to help you meet those standards by following the user and following the data, not necessarily just the location that they’re setting it,” he says.

Does Cybersecurity Mesh Enable Zero Trust Security?

The principle of least privilege is fundamental to zero trust, Rose says. Users should be authorized to access only what they absolutely need.

“Cybersecurity mesh is able to support a zero-trust architecture,” he says. “It goes even further into the ability to have consistent policies across the board. You’re not defining things on a point-by-point basis, you’re defining them around the data and identity.”

Instead of having those point-to-point policies, agencies can create more specific rules.

“For example, if a user tries to access sensitivity level 2 data, here is what is required,” Rose says. “However, if they try to access the sensitivity level 4 data, this is what’s required instead. We’re not defining only a firewall policy or an endpoint policy, we’re defining security based on the identity of the user and the identity of the data as well.”

Click the banner to read the results of an in-depth cybersecurity survey.

Tibbetts says one vendor probably cannot excel at every security solution. So, state and local governments must seek to integrate various solutions from multiple vendors to achieve zero trust. Cybersecurity mesh architecture helps government IT administrators orchestrate those solutions.

“You are going to end up with some disparate tools. The key thing, as zero trust states, is that you need to ensure that you can confirm all of your devices, all of your users, and you need to make sure your technologies are open enough to share that information,” he says.

“If you see some suspicious activity in your endpoint, you need to push that up in whatever alerting mechanism so that you can look at that,” Tibbetts adds. “Zero trust becomes even more important in the concept of mesh as you need to have broad holistic oversight over your organization in a system of systems.”

Hwang agrees: “A cybersecurity mesh advocates interoperability and coordination between individual security products, resulting in a more integrated security policy. It extends security across entire architectures, making it possible to secure all systems and points of access with a single, unified set of technologies. This can bolster the security of government agencies by protecting individual endpoints instead of attempting to protect all assets with a singular technology. This also helps government agencies develop a more integrated security approach.”

Does AI Play a Role in Cybersecurity Mesh for Governments?

Tibbetts says artificial intelligence will continue to have a growing role in security operations generally.

“AI will proactively identify risks that aren’t identified today, and it will give you recommendations,” he says. “It will alert you when something is going on with an endpoint and then recommend that you take action. It may then recommend that you look at, say, three other tools because X, Y and Z may typically happen as extended forms of fallout.”

Hwang says AI can help government agencies manage an expanding set of security tools and integrate them into cybersecurity operations.

“It’s important to understand how your tools are leveraging AI and machine learning to enhance the capabilities of your entire ecosystem and the security operations and network operations teams responsible for keeping these organizations running. AI can help in automating threat detection, analyzing vast amounts of data to identify patterns and anomalies, and reducing the time to detect and respond to threats,” he says.

EXPLORE: AI isn’t new to cybersecurity, but some of its use cases are.

Cybersecurity mesh is all about simplifying administration of security platforms, and so AI will undoubtedly help, Rose notes, which can help speed up incident response times.

“It’s going to increase our ability to be more accurate as well,” he says. “We’ve already seen this at Check Point, where we have various AI and machine learning systems inside of our ThreatCloud. When they were introduced, we saw a big increase in accurate detections and preventions.”

AI can also help coordinate the interactions between security tools, Rose says.

“Maybe there are two different cybersecurity pieces of software. To build an integration between the two, a developer basically looks at the two different APIs and figures out how those languages mesh together. With AI, you don’t always have to be so structured. And it can also do a lot of that code writing for you. We’ll start to see a lot more interoperability or integration capabilities between disparate technologies coming from AI and machine learning.”