Lookout has announced that it is collaborating with National Institute of Standards and Technology’s (NIST) National Cybersecurity Centre of Excellence (NCCoE) in its “Implementing a Zero Trust Architecture” project.
Zero Trust is a design approach to architecting an information technology environment that can reduce an organisation’s risk exposure in a “perimeter-less” world. An organisation must assume that no user or endpoint is trustworthy and assess their risk posture prior to providing access to applications and data. In addition, risk posture must be continuously reassessed to prevent data leaks and breaches.
The US government’s exposure to cyberattacks has increased with its shift to telework, where endpoints, users and data are no longer inside the perimeter-based security of an agency. In May, President Biden signed an Executive Order 14028 requiring federal agencies to advance toward Zero Trust architecture. The Administration also issued a draft strategy directing agencies to secure software applications, limit access to network resources and keep network traffic hidden from unauthorised users.
The goal of the NCCoE initiative is to demonstrate several approaches to a Zero Trust architecture that align with the principles documented in NIST SP 800-207, Zero Trust Architecture. It will also contribute to the NIST Cybersecurity Practice Guide, a detailed guide describing the steps to implement the Zero Trust architecture reference designs. Lookout is joined by 19 collaborators including Amazon Web Services, Cisco, F5 Networks, FireEye, IBM, McAfee, Microsoft, Okta, Palo Alto Networks, SailPoint Technologies, Symantec (Broadcom), Tenable and Zscaler.
Lookout will enable federal agencies to align with Zero Trust pillars from the Cybersecurity and Infrastructure Security Agency (CISA):
- Continuous assessment of device risk posture: Lookout continuously monitors the fluctuating risk posture of both agency issued and personal mobile endpoints, protecting agency data from device, application, network and phishing threats.
- User behavior visibility: Lookout monitors user interactions with applications and data to detect anomalous behavior so agencies can stop account takeover-based attacks or insider threat.
- Secure application workloads: Lookout dynamically enforces security policies based on data sensitivity as well as the continuous assessment of endpoint and user risk levels.
- Understand and secure data at rest and in transit: Lookout dynamically classifies the sensitivity level of data across an entire agency’s infrastructure and ensures it isn’t shared with unauthorised users online or offline.
- Secure network configurations: Lookout verifies the security posture of Software-as-a-Service (SaaS) applications, such as Box or Microsoft 365, and Infrastructure-as-a-Service (IaaS) environments such as AWS, Azure or GCP, to minimise risk of cyber attackers.
“With most of us continuing to work from anywhere, Zero Trust has become an imperative,” says Jim Dolce, CEO, Lookout. “Perimeter-based security cannot protect employees using devices and networks that federal agencies do not control. Our expertise in building an integrated Zero Trust solution will be invaluable in the development of the NIST NCCoE Zero Trust architectures and guidelines.”