[BreachExchange] Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
Destry Winant
destry at riskbasedsecurity.com
Tue Jun 25 03:56:13 EDT 2019
https://www.darkreading.com/perimeter/never-trust-always-verify-demystifying-zero-trust-to-secure-your-networks/a/d-id/1334995
The point of Zero Trust is not to make networks, clouds, or endpoints
more trusted; it's to eliminate the concept of trust from digital
systems altogether.
Standard security models operate on the assumption that everything on
the inside of an organization's network can be trusted, but that’s an
outdated notion. With attackers becoming more sophisticated about
insider threats, new security practices must be taken to stop them
from spreading once inside networks.
Enter Zero Trust, which is a cybersecurity strategy that addresses the
shortcomings of these failing approaches by removing the assumption of
trust altogether. Though much mythology surrounds the term, it's
crucial to understand the point of Zero Trust is not to make networks,
clouds, or endpoints more trusted; it's to eliminate the concept of
trust from digital systems altogether.
Simply put, the "trust" level is zero.
Understanding What Zero Trust Is and Isn't
Zero Trust is not only a general best practice but also a strategic
security initiative. Breaches often have been tied to internal causes,
either malicious or accidental, which means sensitive business and
customer data must be protected by giving users the least amount of
access needed for them to do their jobs.
Adopting a Zero Trust architecture defines the business use of
segmentation and provides a methodology for building a segmented
network. Zero Trust architecture is like tailoring a suit. Think about
how custom clothing is made — the designer first measures you, then
creates a pattern and next, after those two steps are complete, the
sewing begins. Zero Trust follows a similar process. The only way to
architect an effective and secure network is by first understanding
what needs to be protected and how those systems work.
Zero Trust is a powerful prevention strategy when implemented across
the entire enterprise — from the network to the endpoint and to the
cloud. With a comprehensive approach, Zero Trust becomes a business
enabler. Here are the methodologies I recommend following when
implementing a Zero Trust network architecture to simplify protection
of your sensitive data and critical assets.
Zero Trust Methodologies
Minimize Risk
Protect critical assets by limiting access by role and a
"need-to-know" basis. It's crucial to inspect all traffic for
malicious content and unauthorized activity, both inside and outside
your network, and also ensure all data and resources are accessed
securely based on user and location. You must identify the traffic and
data flow that maps to your business flows, and then have the
visibility into the application, the user, and the flows.
Understanding who the users are, what applications they're using, and
the appropriate connection method is the only way to determine and
enforce policy that ensures secure access to your data. Additionally,
it's important to adopt a least-privileged access strategy and
strictly enforce access control. By doing this, businesses can
significantly reduce available pathways for attackers and malware, and
prevent attackers from exploiting vulnerabilities hidden in trusted
applications.
Simplify Operations
Security teams can automate and streamline Zero Trust policy
management, from creation and administration to deployment and
maintenance. Simplify deployment and enforcement with a
next-generation firewall, architected around User-ID and App-ID.
Security teams must be able to define things with higher fidelity to
keep their companies secure. One of the key steps to a Zero Trust
network is to ensure that teams write their policy rules on the
segmentation gateway based on the expected behavior of the data, the
user, or applications that interact with that data. This is what
next-generation firewalls, serving as a segmentation gateway in a Zero
Trust environment, allows you to do.
Accelerate Execution
Another core tenet of Zero Trust is to log and inspect all internal
and external traffic for malicious activity and areas of improvement.
To better monitor environments, evaluate where you may already have
security analytics to make the most of the tools you already own. It's
also important to reduce time to deploy, manage, and integrate across
your enterprise — on-premises, within the cloud, and across partner
ecosystems. Security teams should also effectively use limited
resources by minimizing incident volume and reducing response and
remediation time for critical incidents, which will also simplify
compliance and auditing.
With a Zero Trust approach, businesses can protect what matters —
their data, assets, applications, and services.
More information about the BreachExchange
mailing list