The Network Pillar: Accelerating Zero Trust AdoptionGigamon's Dennis Reilly on How Agencies Are Responding to Biden Executive Order
It's been over one year since the release of President Biden's cybersecurity executive order, and federal agencies are making measurable progress in adopting zero trust architecture. Dennis Reilly of Gigamon discusses specific progress around visibility and observability in the network pillar.
"If you can't see an attack on your network, you can't defend yourself against it," Reilly says.
In this video interview with Information Security Media Group, Reilly discusses:
- The evolution of the zero trust conversation;
- How agencies such as the Department of Agriculture are making strong progress;
- Gigamon's focus on the network pillar.
Reilly manages growth and the integrated business plan for the U.S. federal government market at Gigamon. With over 25 years of technology and business experience, he is a strong advocate for the federal government, applying information technology to increase collaboration, innovation and productivity.
Tom Field: Hi there. I'm Tom Field, senior vice president of editorial with Information Security Media Group. I am at our Government Cybersecurity Summit in Washington DC, privileged to be talking about zero trust. Speaking with Dennis Reilly, the vice president, public sector for Gigamon. Dennis, pleasure to see you in person for change.
Dennis Reilly: Thank you, Tom.
Field: So, zero trust. How has this conversation evolved, I would say over the past two and a half years, as it was the big commercial at RSA, and then particularly since last year, with the President's executive order.
Reilly: Right, so, the conversation about zero trust started over 10 years ago. They got supercharged with the Biden administration with the executive order, and improving the nation's cybersecurity. And since then, the administration, through OMB memorandas and funding through the Congress, has made it a top-of-mind topic.
Field: Where were you seeing agencies, in particular, make progress and conforming with the executive order?
Reilly: Right, so each agency starts from a different place, there's different strengths and different gaps that they want to fill. So, depending on where they find themselves, they're picking different areas. We're focused on the network pillar. No one vendor can solve all of the agency's issues. But what we're finding is that there's a lot of interest in getting visibility into what's happening on the network and deep observability. So, the agencies can take network-based action to improve cybersecurity and also find any bottlenecks that they might have in a hybrid cloud infrastructure.
Field: Talk about this a little bit, Dennis, because that was at the top of your presentation. You talked about network traffic visibility. What are you observing? And how are you helping organizations respond?
Reilly: Yeah, so what we're seeing is that agencies understand that if something happens on the network, there's going to be a record of that. It can be observed, either at the packet level or through metadata. And then, they can analyze that and then quickly take action to interrupt and attack. So, because of that, they've used programs in the past, like the tedious diagnostics and mitigation program, and now technology, modernization funds, and they own their own agencies' appropriations to put in infrastructure. In our case, it's a next-generation network packet broker to give them that pervasive network visibility and that deep observability pipeline.
Field: Every time I talked to John Kindervag, he tells me that people still don't quite understand what zero trust is, and is not. Do you see some clarification in the public sector market?
Reilly: I do. People recognize that it's a journey. We're seeing that from the DHS and the office of the CIO at DoD, and it's going to be a multi-year journey. It's an approach. And there's going to be different maturity levels and incremental progress over those multiple years.
Field: Where do you see leadership among the agencies?
Reilly: So, that's interesting. I think we're seeing leadership out of CISA. At DHS, we're seeing leadership out of the office of CIO Randy Resnick and his team. But one particular agency that we've been impressed with has been the Department of Agriculture. CIO Gary Washington has used agency funds, as well as technology modernization funds, to supplement his budget on his journey to zero trust.
Field: It's good. And as you know, state and local governments are paying attention to what's going on, the private sector certainly is. What do you want our audience to know about Gigamon, and how you're helping organizations on their own zero trust journeys?
Reilly: Sure. So, we agree that it's more than just government, also into the private sector, especially in the regulated industries. So we're helping agencies and private sector organizations make sure they can see what's happening on their network, that they get deep observability. So, they can then take action. The idea is, if you can't see what's happening on your network, you can't defend it. If you can't see an attack, you can't protect yourself against it.
Field: And this is much in line with the guidance we're seeing come out of the government as well.
Reilly: Absolutely. So, we're happy to be involved in zero trust. We enjoy great relationships with industry and with government, and we look forward to continuing that.
Field: Well, Dennis, I look forward to having more conversation with you. Thank you so much for your time today and for your presentation as well.
Reilly: Thanks so much, Tom.
Field: Topic has been zero trust. This is Dennis Riley. He is with Gigamon with the public sector. For Information Security Media Group, I'm Tom Field. Thank you for your time and attention today.