Cibersecurity Newsletter
JULY 2021

Zero Trust

Zero Trust is a security framework that requires all users, inside or outside the organization's network, to be authenticated, authorized, and continuously validated before receiving or maintaining access to applications and data. Zero Trust assumes that there is no traditional network edge; networks can be local, cloud or a combination, or hybrid with resources anywhere, or with employees in different locations.

Zero Trust

This framework is defined by several industry guidelines and is one of the most effective ways for organizations to control access to their networks, applications, and data. This model combines a wide range of preventative techniques, including identity verification and behavioural analysis, microsegmentation, endpoint security, and minimal privilege controls to deter potential attackers and limit access in the event of an intrusion.

What are the Fundamental Principles of the Zero Trust Model?

1. Re-examine all standard access controls.

In a Zero Trust model, there are no reliable sources. The model assumes that potential attackers are present inside and outside the network. As such, every system access request must be authenticated, authorized, and encrypted.

Image35

2. Take advantage of a variety of preventative techniques.

A Zero Trust model relies on a variety of preventative techniques to prevent intrusions and minimize damage.

Image17

check

Identity protection and Device Discovery are essential for a Zero Trust model. Keeping credentials and devices ready for auditing to know which devices exist and which credentials exist in each device is the first step of Zero Trust, establishing what is normal and expected in the extended network ecosystem. Knowing how these devices and credentials behave and connect enables organizations to apply effective identity challenges and progressive authentication to anomalies.

check

Multi-factor authentication (MFA) is one of the most common ways to confirm user identity and increase network security. MFA relies on two or more evidence, including security questions, e-mail/text confirmation, or logic-based exercises to assess user credibility. The number of authentication factors an organization uses is directly proportional to network security - meaning that incorporating more authentication points will help strengthen the overall security of the organization.

check

Zero Trust also prevents attacks through least privileged access, which means that the organization grants the lowest possible level of access to each user or device. In the event of an intrusion, it helps to limit lateral movement in the network and minimizes the attack surface.

check

Zero Trust preventative models can use e-mail, encryption, and Cloud Access Security Broker security solutions to protect credentials and ensure that challenges and Zero Trust are also extended to software service provider transactions.

check

Lastly, the Zero Trust model uses microsegmentation - a security technique that involves dividing perimeters into small zones to keep access separate to each part of the network - to contain attacks. This can be done through devices and functions or, more effectively, by control and identity groups and users. If an intrusion occurs, the attacker cannot exploit outside such microsegment.

3. Promote real-time monitoring and control to quickly identify and stop malicious activities.

While the Zero Trust model is widely preventative by nature, the organization must also incorporate real-time monitoring resources to improve breakout time - the critical window between when an attacker compromises the first machine and when it can move laterally to other systems on the network. Real-time monitoring is essential to the organization's ability to detect, investigate, and correct intrusions.

Image24

4. Align with a broader security strategy.

A Zero Trust architecture is just one aspect of a comprehensive security strategy. Moreover, while technology plays an important role in protecting the organization, digital resources alone will not prevent intrusions. Enterprises should adopt a holistic security solution that incorporates a variety of endpoint monitoring, scan, and endpoint response resources to ensure the security of their networks.

Image51

Finally, as we learned from the recent Sunburst attacks, even seemingly innocent software updates for common systems can cause harm. Having a solid incident response plan, as well as business continuity and recovery plans, helps at both ends of any unexpected incidents or potential intrusions.

SUBSCRIBE OUR NEWSLETTER


Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.