Isolate in 14 Days: How to Meet CISA’s Directive to Secure Open Ports 

07-20-2023 01:12

Open management interfaces are under attack. Discover ZPE’s best practices to help customers isolate within CISA’s new 14-day window.

This is a sponsored article brought to you by ZPE.

Cyberattacks are surging on government agencies and enterprises. The target? Web-exposed management interfaces. These make work-from-home easier for IT teams, but also for attackers since they can discover and exploit these interfaces from anywhere in the world. This is bad news considering the average breach cost $4.35 million in 2022 (IBM), with 82% of breaches involving human error (Verizon).

On June 13, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued a directive that “requires Federal civilian agencies to remove specific networked management interfaces from the public-facing internet or implement Zero Trust Architecture capabilities that enforce access control to the interface within 14 days of discovery.”

This guidance is the best practice that every organization should follow to protect their IT infrastructure. However, how to quickly and cost efficiently implement both of these required actions below has not been clear until now - and you have a prime opportunity to help your customers skip the analysis paralysis and secure your customers' networks with ZPE.

What Does My End User Do?

Within 14 days of notification by CISA or discovery by an agency of a networked management interface in scope for this Directive, agencies will take at least one of the following actions:

  1. Remove the interface from the internet by making it only accessible from an internal enterprise network (CISA recommends an isolated management network).
  2. Deploy capabilities, as part of a zero trust architecture, that enforce access control to the interface through a policy enforcement point separate from the interface itself (preferred action).
How Can ZPE Systems and TD SYNNEX Help? 

CISA will conduct scans to identify devices and interfaces falling within the directive’s scope. The good news is you can make it easy for customers to comply with TD SYNNEX and ZPE!

ZPE Systems, in partnership with other big tech companies have also developed this best practice guide for out-of-band isolation, which has been protecting customers since 2013 with:

  1. Isolated Out-of-band management network that is fully separate from the datapath production network.
  2. Single box integrates Gen 3 serial consoles and IP routing to simplify implementation and automation.
  3. Remotely access secured management ports using overlay tunnels and zero trust HW &SW architecture.

Bring this best practices guide to your customer meetings to help them isolate and secure their exposed interfaces and comply with this urgent directive. To learn more about ZPE systems and how you can get your own solution through TD SYNNEX visit our CyberSolv page.

0 Favorited
1 Files
pdf file
VSR & OOBI-WAN   9.71 MB   1 version
Uploaded - 07-20-2023

Related Entries and Links

No Related Resource entered.