Blog

From Reactive to Proactive: A Practitioner's Guide to Zero Trust After the F5 Breach

Written by

Published on

October 17, 2025

Copy link

Table of contents

FIDO passkey risks

Effective Solution

On October 15, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 26-01 in response to a nation-state cyberattack targeting F5 BIG-IP devices. The directive, which outlines a clear and immediate plan for federal agencies to inventory, update, and secure their F5 assets, is a critical step in mitigating the immediate risks posed by this sophisticated threat. This incident, however, also serves as a catalyst for a broader conversation about the future of federal cybersecurity and the need to move from a reactive to a proactive security posture.

‍

The limits of traditional security

The F5 breach exposed the inherent limitations of traditional, perimeter-based security models. The attackers, by exploiting exposed interfaces and outdated software, were able to gain a strategic advantage and threaten federal infrastructure. This highlights a fundamental flaw in the perimeter-based approach: the assumption of a trusted internal network. In today's distributed and hybrid environments, where network perimeters are increasingly irrelevant, a new approach is needed. Federal networks need a proactive framework to stay ahead of threats that exploit trusted systems.

Embracing a Zero Trust future, today

Zero Trust architecture, a security model that CISA has endorsed in its broader guidance, offers a path forward. It assumes no inherent trust, requiring continuous verification of users through multi-factor authentication, devices via endpoint checks, and software through integrity validation. Had zero trust principles been fully implemented, the F5 vulnerabilities would have posed less risk, as every access attempt would face strict scrutiny. The directive aligns with zero trust by emphasizing secure configurations but highlights the need for agencies to adopt these principles more comprehensively.

A practitioner's guide to implementing Zero Trust

Table 1
Step	Action	Description
1	Inventory and Assess	The first step is to gain a comprehensive understanding of your current environment. This includes identifying all users, devices, applications, and data, as well as mapping all traffic flows. This is a foundational step in understanding your attack surface.
2	Implement Strong Authentication	Multi-factor authentication (MFA) is a critical component of Zero Trust. However, not all MFA is created equal. Phishing-resistant MFA provides the strongest protection against credential theft.
3	Enforce Continuous Device Trust	Device trust assesses the integrity and security posture of every device to determine if it can be trusted to access resources. This means validating device posture not just at initial login, but continuously throughout a session, monitoring security controls like firewall status, antivirus protection, OS updates, and compliance with security policies. If a device falls out of compliance or its security status changes, access should be immediately revoked or restricted.
4	Embrace Micro-Segmentation	Micro-segmentation involves dividing the network into smaller, isolated segments. This helps to contain the blast radius of an attack and prevent lateral movement. By implementing granular access controls between segments, you can ensure that users and devices only have access to the resources they absolutely need.
5	Continuously Monitor and Verify	Zero Trust is not a "set it and forget it" solution. It requires continuous monitoring and verification of all network activity. This includes monitoring for anomalous behavior, such as unusual login attempts or data access patterns.

‍

The path forward

The F5 breach is a stark reminder that the threat landscape is constantly evolving. As adversaries become more sophisticated, our defenses must adapt. By embracing a Zero Trust architecture, federal agencies can move beyond reactive, perimeter-based security and build a more proactive and resilient defense. For government organizations specifically, solutions that are aligned with federal mandates for Zero Trust helps accelerate compliance while strengthening security posture. The journey to Zero Trust is a marathon, not a sprint, but it is a journey that every organization must embark on to secure their critical assets and stay ahead of the threats of tomorrow.

‍

The limits of traditional security

Embracing a Zero Trust future, today

A practitioner's guide to implementing Zero Trust

Table 1
Step	Action	Description
1	Inventory and Assess	The first step is to gain a comprehensive understanding of your current environment. This includes identifying all users, devices, applications, and data, as well as mapping all traffic flows. This is a foundational step in understanding your attack surface.
2	Implement Strong Authentication	Multi-factor authentication (MFA) is a critical component of Zero Trust. However, not all MFA is created equal. Phishing-resistant MFA provides the strongest protection against credential theft.
3	Enforce Continuous Device Trust	Device trust assesses the integrity and security posture of every device to determine if it can be trusted to access resources. This means validating device posture not just at initial login, but continuously throughout a session, monitoring security controls like firewall status, antivirus protection, OS updates, and compliance with security policies. If a device falls out of compliance or its security status changes, access should be immediately revoked or restricted.
4	Embrace Micro-Segmentation	Micro-segmentation involves dividing the network into smaller, isolated segments. This helps to contain the blast radius of an attack and prevent lateral movement. By implementing granular access controls between segments, you can ensure that users and devices only have access to the resources they absolutely need.
5	Continuously Monitor and Verify	Zero Trust is not a "set it and forget it" solution. It requires continuous monitoring and verification of all network activity. This includes monitoring for anomalous behavior, such as unusual login attempts or data access patterns.

‍

The path forward

‍

The limits of traditional security

Embracing a Zero Trust future, today

A practitioner's guide to implementing Zero Trust

Table 1
Step	Action	Description
1	Inventory and Assess	The first step is to gain a comprehensive understanding of your current environment. This includes identifying all users, devices, applications, and data, as well as mapping all traffic flows. This is a foundational step in understanding your attack surface.
2	Implement Strong Authentication	Multi-factor authentication (MFA) is a critical component of Zero Trust. However, not all MFA is created equal. Phishing-resistant MFA provides the strongest protection against credential theft.
3	Enforce Continuous Device Trust	Device trust assesses the integrity and security posture of every device to determine if it can be trusted to access resources. This means validating device posture not just at initial login, but continuously throughout a session, monitoring security controls like firewall status, antivirus protection, OS updates, and compliance with security policies. If a device falls out of compliance or its security status changes, access should be immediately revoked or restricted.
4	Embrace Micro-Segmentation	Micro-segmentation involves dividing the network into smaller, isolated segments. This helps to contain the blast radius of an attack and prevent lateral movement. By implementing granular access controls between segments, you can ensure that users and devices only have access to the resources they absolutely need.
5	Continuously Monitor and Verify	Zero Trust is not a "set it and forget it" solution. It requires continuous monitoring and verification of all network activity. This includes monitoring for anomalous behavior, such as unusual login attempts or data access patterns.