Zero Trust Strengthens Data Protection to Achieve National Cyber Strategy Goals

CrowdStrike recently announced FedRAMP authorization for CrowdStrike Falcon® Data Protection, now available to government entities requiring Federal Risk and Authorization Management Program (FedRAMP) Moderate authorization, enabling them to secure assets through the CrowdStrike Falcon Platform in GovCloud. This advancement supports compliance efforts and adoption of Zero Trust frameworks across government environments.

This milestone aligns with the Federal Civilian Executive Branch (FCEB)'s ongoing efforts to protect sensitive data. The FCEB, guided by Executive Order 14028 and the Office of Management and Budget (OMB) M-22-09, is moving forward with Zero Trust initiatives while using frameworks such as the CISA Zero Trust Maturity Model and NIST SP 800-207.

Zero Trust principles - including continuous authentication, least-privilege access and micro-segmentation - offer a strategic approach to protecting sensitive information. Federal agencies can use these measures to address growing gaps in traditional cybersecurity architectures and help ensure the secure handling of regulated data in critical sectors while adhering to FISMA and the Privacy Act of 1974.

Today's federal agencies face a severe threat environment characterized by advanced nation-state adversaries and a complex regulatory landscape, from comprehensive logging mandates to the adoption of Zero Trust frameworks. The FedRAMP authorization allows CrowdStrike to help support their Zero Trust efforts, vital to protecting national interests in an increasingly interconnected world.

U.S. Cybersecurity Initiatives Emphasize Need for Data Protection

The 2024 Report on the Cybersecurity Posture of the United States and the National Cybersecurity Strategy underscore the need for government agencies to improve the visibility and protection of sensitive information in federal information systems.

The report highlights ransomware among its top observed trends and highlights the evolving tactics employed by transnational criminal organizations, which CrowdStrike calls eCrime adversaries. These groups use some of the same techniques as nation-state adversaries during triple-extortion attacks. In these attacks, adversaries go beyond encrypting data and demanding payment - they intensify pressure on victims by threatening to publicly release the data, disrupt service, extend their attack on the victim's environment or take other steps to coerce payment.

As cyber threats across the globe continue to escalate, federal government organizations are approaching data protection with greater scrutiny and accountability. In their purview is data such as criminal justice information (CJI) and controlled unclassified information (CUI), which includes personally identifiable information (PII) and personal health information (PHI).

CJI refers to all of the FBI CJIS-provided data that is necessary for law enforcement and civil agencies to perform their missions. This includes, but is not limited to biometric, identity history, biographic, property and case/incident history data.

The CUI framework was established to standardize information handling across federal agencies and contractors to prevent unauthorized access or disclosure. While CUI may not be classified, its exposure can pose significant risks, such as compromising critical infrastructure, violating privacy laws or exposing vulnerabilities to adversaries. As such, strict controls on the handling, storage and sharing of CUI are essential in federal and defense-related environments.

Where Falcon Data Protection Comes In

CrowdStrike Falcon® Data Protection takes a modern approach to protecting sensitive data from adversaries. Built on a unified agent and single console, Falcon Data Protection is a module of the CrowdStrike Falcon® Platform in GovCloud. By combining content (CUI, PII, file types) with context, Falcon Data Protection provides deep real-time visibility into what's happening with sensitive data, including data artifacts, as it moves from web sources and endpoints via web browsers to cloud and SaaS applications (or USBs if enabled). It is integrated with endpoint protection events upon activation.

GovCloud availability: Falcon Data Protection is now available to government entities requiring FedRAMP Moderate authorization.

Falcon Data Protection enables organizations to:

How Falcon Data Protection Powers Zero Trust Strategy

CISA's Zero Trust Maturity Model v2 (ZTMM v2) provides a granular understanding of how federal agencies should implement Zero Trust across key pillars, including the Data pillar. This pillar focuses on securing and controlling access to data, which is critical in Zero Trust architecture. With the availability of GovCloud support, Falcon Data Protection makes it easier for federal security teams to deploy and operationalize data loss prevention at scale. Once Falcon Data Protection is activated from the single Falcon sensor, data flows populate instantly and provide enterprise-level visibility within hours.

Data Inventory Management

Falcon Data Protection identifies data downloaded from web sources on endpoint devices and provides the origin of sensitive data, a key function in Zero Trust architecture. It offers continuous, automated discovery of sensitive data in motion across the organization.

Among the most powerful capabilities of Falcon Data Protection is similarity detection, which uses the originating web source to identify sensitive data that federal agencies care about. Even when data on endpoints is renamed, altered or fragmented - such as snippets being copied and pasted across files - Falcon Data Protection maintains visibility of the originating data source. It uses ML for behavior analysis to automatically surface anomalous data egress, enable detections for investigation and block suspected data exfiltration to sources such as Git, SharePoint and OneDrive.

Data Categorization: Classify Sensitive Data

Falcon Data Protection integrates with data tagging solutions to develop custom data classifications using unique attributes. Sensitive data can be identified in real time as it moves to web and SaaS destinations, based on factors such as file type, originating web source, content inspection and Microsoft sensitivity labels. Falcon Data Protection enables the U.S. federal government to automate data categorization with granularity. For example, it can detect CJIS categories such as Case/Incident History or category XV ITAR-related terms, including spacecrafts, space vehicles, satellites and associated equipment.

Data Access: Control Unauthorized Data Egresses

Falcon Data Protection detects file uploads from endpoints using criteria such as destination, source, user context and data attributes defined by custom data classifications and rules. It applies the appropriate data egress controls based on these attributes. Falcon Data Protection uses advanced AI/ML algorithms and behavioral analytics to identify anomalous patterns indicative of data exfiltration events.

CrowdStrike Falcon® Next-Gen SIEM customers can send this data to Falcon Next-Gen SIEM to automate response actions. For example, a CUI designation indicator is triggered when a U.S. federal government user moves or copies files with phrases such as "Controlled by" and "POC" to an unauthorized web destination. This response can be automated using CrowdStrike Falcon® Fusion SOAR workflows to alert the security team to this exfiltration attempt.

Visibility and Analytics: Track Data Movement across the Organization

Falcon Data Protection provides continuous visibility into data flows, even if data is transformed on the endpoint. By adding context to content, Falcon Data Protection stops data breaches by automatically connecting the dots across:

• Who: The identity of the user handling the data and the endpoint they are using
• What: Sensitive information in the data or irregularity of the data egress pattern
• How: Whether the activity involved copy/paste, uploads, nested ZIP files, transformed data or snippets of data
• Why: Contextual information related to the data egress operation
• Where: Destination of data in motion - for example, SaaS applications or web-based GenAI tools

The FedRAMP authorization for Falcon Data Protection provides advanced capabilities designed to secure sensitive data in U.S. federal government environments and support efforts to comply with CJIS, CUI and other regulatory standards. Now is the time to further your data protection strategy with Zero Trust principles using Falcon Data Protection's ease of deployment, ease of operationalization, instant visibility into data flows and frictionless enforcement to prevent sensitive data from going to unsanctioned locations.

Additional Resources

Public link

Please use the above public link if you want to share this noodl on another website.