News, news analysis, and commentary on the latest trends in cybersecurity technology.

CISA Releases Guidance on Network Access, VPNs

CISA outlines how modern cybersecurity relies on network visibility to defend against threats and scams.

Dark Reading Staff, Dark Reading

June 27, 2024

2 Min Read
Source: The X FilePhoto via Adope Stock Photo

The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and similar entities in New Zealand, has issued guidance on modern approaches to network access security. With the growing number of breaches and data incidents, organizations need to be thinking about, and planning to adopt, modern firewall and network access management technologies to gain visibility over the network.

CISA lays out three specific approaches its guidance: zero trust, secure service edge (SSE), and secure access service edge (SASE). The guidance also tackles remote access, virtual private network (VPN) deployment, and remote access misconfiguration, as well as threats and vulnerabilities associated with VPN and conventional remote access deployments.

  • Zero trust: Based on the principle "never trust, always verify," the zero-trust approach focuses on making sure users are authenticated, authorized, and validated before providing access to data and applications. Implementing zero trust can cut the risk of data breaches by around 50%, CISA said.

  • SSE: SSE combines features such as cloud access security brokers (CASBs), secure Web gateways (SWGs), and zero-trust network access (ZTNA). Organizations using SSE witnessed a 40% reduction in security incidents and a 30% improvement in network performance, CISA said.

  • SASE: SASE broadens SSE's functionality to provide users with secure, optimized access to data and applications, regardless of their physical locations. Deploying SASE improves network agility by 35% and reduces operational costs by 25%, according to CISA.

Network Best Practices

CISA and its partners also recommended ways to optimize network security:

  • Continuous monitoring and assessment: Organizations need to implement continuous monitoring to identify user activity and network traffic to detect and respond to threats in real time.

  • Multifactor authentication (MFA): As several recent breaches have shown, adding MFA for an extra layer of user authentication will help block many security threats.

  • Regular security audits: Look for vulnerabilities by conducting regular security audits and penetration testing on the network.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights