Zero Trust Networks

A summary from The First Step Towards Zero Trust

By Wiggs Civitillo

Zero trust embodies the idea that instead of relying on trust-based perimeter defenses (e.g., firewalls, DMZs), companies need interlinked security measures spanning their ecosystems that can enforce policies based on user context, data access controls, and device postures. Simply put, zero trust is a framework that facilitates a, “Never trust, always verify,” approach to cybersecurity.

When deployed effectively, the zero trust framework can provide companies the ability to monitor and defend against the lateral movement of malicious actors and code that has rendered perimeter defenses inadequate. Sophisticated cybercriminal attacks like denial-of-service, command-and-control, cryptojacking, phishing, ransomware, and even social engineering—to name a few— could be more readily addressed and prevented, saving companies an average of $2.3 million per incident.

During a recent interview with the Security Intelligence Podcast, Chase Cunningham, the principal analyst with the security and risk team at Forrester, shared his belief that the easiest place to start implementing zero trust is with devices and users. As the primary points where most breaches actually start, eliminating the really easy, simple stuff—bad passwords, the absence of multi-factor authentication (MFA), the unpatched systems that touch your networks, and all of the basic security hygiene issues that users and devices cause—companies can eliminate a large part of the problem. With more employees working remotely today than ever before, the attack surface for potential threats has grown much faster than the endpoint security measures in place at most companies.

In order to ensure that your endpoint management solution is meeting the requirements of zero trust, you must evaluate whether it builds digital trust – i.e., does your solution provide the right user, under the right conditions, the right access, to the right data, and does it integrate with your broader ecosystem.

The Right User

An essential element to ensuring that you’re dealing with the “right user” is the creation of user roles and corporate access policies (privilege controls) to be assigned and deployed to groups of users within your organization. Creating these dynamic role profiles and policies allows authentication and modification of access to company resources in real-time.

The Right Conditions

Zero trust deployments should be able to analyze contextual factors to help specify conditions surrounding data transmission and usage. Contextual behavior analytics can identify a variety of factors (where employees are logging in from, what files they’re attempting to access, the frequency of their requests, etc.) to help evaluate anomalies and identify potential threats. This contextual data should also be leveraged to facilitate risk-based profiling and conditional access to inform and enforce corporate policies in real-time.

The Right Access

Once users and permissions are defined, company data must flow extensively throughout a distributed web of company-owned and employee-owned laptops, cell phones, tablets, and IoT devices to facilitate ever-available resources for your employees. Enforcing VPNs, certs, and gateways and encrypting data can limit exposure for data in transit and containers deployed on each endpoint can facilitate the separation and independent management of company and personal data.

The Right Data

Data distributed to endpoints should facilitate employee productivity while limiting the risk of exposure. Employees will need access to a multitude of applications, and you will need a management layer to prevent malicious downloads and connections to untrusted third-party app stores. In order to streamline access to and protect whitelisted applications, single-sign-on can be leveraged with a mobile threat defense, anti-malware software, and automated patch management.

Once you have confirmed that your endpoint management solution builds digital trust, you must ensure that it can integrate with your broader security ecosystem to facilitate contextually-aware defenses. This interoperability is essential to your zero trust deployment as it will allow you to enforce dynamic security policies in real-time.

Wiggs Civitillo