Our digital environments have become much more dynamic and complex. The concept of zero trust is becoming more relevant than ever. A logical question arises: how can an organization move to a zero-trust model?
The journey to Zero Trust started by former Forrester analyst John Kinderwag in 2010. Since then, the Zero Trust model has become the most popular concept in the field of cybersecurity. The recent massive data breaches only confirm the need for companies to pay more attention to cybersecurity. And the Zero Trust model may be the right approach.
Zero Trust Security model refers to the complete lack of trust in anyone – even users inside the perimeter. The model implies that users and devices must validate their data every time they request access to some resource inside or outside the network.
Zero Trust Architecture is not a product or set of products, but a strategy that enterprises can and should evolve over time. Think of Zero Trust as a living defense strategy that anticipates and reacts to enemy attacks, not as a non-reactive stationary defense.
Today, the Zero Trust model is supported by three pillars: everything is dynamic, allow the fewest privileges, observe and verify everything.
The Zero Trust approach is described in the National Institute of Standards and Technology Special Publication – NIST SP 800-207 “Zero Trust Architecture”. It contains a description of the concept of creating a network architecture based on the key principle of Zero Trust and examples of its use to improve the information security of an enterprise. With this infrastructure, strong data management and AI techniques, the promise of zero trust can be realized in the next generation of cybersecurity.
NIST SP 800-207 states that in the ZTA Zero Trust Architecture, authentication and authorization of access subjects is performed before a network connection to corporate resources is established. ZTA can be used to effectively ensure the cybersecurity of IT assets. Such assets include data, services, accounts, and business processes when working remotely, using the BYOD (Bring Your Own Device) concept, and when working with cloud platforms.
The concept corresponds to the trends of the current state of cyberspace. It no longer has network perimeters, and users access work resources from different devices and from different geographic locations. At the same time, access subjects should be granted granular, minimally necessary access rights, and the entire corporate network can be considered initially untrusted. In other words, if the corporate network is considered to be probably previously compromised, it is possible to build a logical threat model in the ZTA concept much better.
For each access subject such as users, entities and devices, checks of their authenticity and access rights are continuously performed. Only after that a controlled network connection can be established on a specific port, protocol, and destination IP address within the corporate network.
Let’s analyze the main areas of the frictionless Zero Trust concept:
Zero Trust Data: Your data is what attackers are trying to steal. This means being able to analyze, protect, classify, track and maintain the security of your corporate data.
Zero Trust Networks: In order to steal information, attackers must be able to move within the network, so your goal is to make this process as difficult as possible. Segment, isolate and control your networks with modern technologies.
Zero Trust Users: People are the weakest link in a security strategy. Restrict, monitor and strictly enforce how users access resources within the network and the Internet. Set up VPN, CASB and other access options to protect your employees.
Zero Trust Devices: Due to the spread of the Internet of Things, the number of devices living within your networks has increased dramatically over the past few years. These devices are also a potential attack surface. They should be segmented and monitored like any other computer on the network.
Visualization and analytics: Give your security and incident response teams the tools to visualize everything that’s happening on your network, as well as analytics to understand what’s going on.
Automation and Management: Automation helps keep all of your Zero Trust systems up and running and monitors the implementation of Zero Trust policies. People are simply not able to keep track of the volume of events that is required for the principle of zero trust.
The widespread digital transformation and work-from-home model have further exacerbated an already outdated perimeter defense model. In the new hybrid work environment, it’s nearly impossible to succeed with traditional security, even with mobile device management MDM and endpoint protection.
Some businesses implement Zero Trust after a major incident such as a network intrusion. Others may do so in the course of upgrading their network equipment if the new one supports the appropriate mechanisms.
One of the most common cases of Zero Trust Architecture deployment scenario is an enterprise that has a main office and several geographically distributed locations connected to each other by third-party, non-enterprise network links. In this scheme, remote workers still require full access to corporate resources, and the ZTA policies enforcement unit is often deployed as access control over the cloud. As the enterprise moves to more cloud-based applications and services, the zero-trust approach requires placing a ZTA policy enforcement block at the access points of each application and data source.
Another common scenario is a business with visitors or contractors who need limited access to corporate resources. Visitors can access the Internet using the organization’s network infrastructure, but cannot access corporate resources. Sometimes they don’t even have the ability to discover corporate services through network scanning.
In late 2020 and early 2021, about 17,000 of the company’s customers were subjected to massive backdoor cyberattacks in the compromised Orion software produced by SolarWinds. Among those infected with the SUNBURST backdoor were IT giants: Microsoft and FireEye.
From March to June of this year, a malicious library with a developer’s digital signature was distributed with the SolarWinds update server. The infected module has been configured to manifest itself stealthily. Only selected victims made it to the list for a possible attack stage. A set of backdoors used for espionage. The attackers analyzed the organization’s disease infrastructure and also redirected email messages to their servers.
The following tools that correspond to the Zero Trust Architecture would also help to track the entire path of an attack within the infrastructure and respond to it in time:
Timely detection of the presence of an attacker in the infrastructure could fatally change the course of the attack and make it unsuccessful.
Like any architecture model, the Zero Trust Model has its own key principles. Setting up security policies in accordance with these principles allows you to ensure the protection of the organization’s digital space. Let’s consider the core principles in more detail.
The principles of “zero trust” imply control and continuous verification of everything. Logging every network call, file access, or email message for analysis for malicious activity is not something that one person or an entire team can accomplish. Use data security analytics on top of collected logs to easily detect threats on your network such as brute-force attacks, malware or covert data exfiltration.
Security should be woven into the business processes and architecture from the very beginning, not added as an afterthought. The network, workload, and data must be always monitored to minimize the impact of a cyber incident and speed up containment. In addition, automation should be applied wherever possible.
Individual access to resources are provided for each session. Authentication and authorization for one resource does not give access to another.
The least privilege model is a security paradigm that restricts each user’s access rights to the level they need to perform their job. The trust must be established based on context: the user identity and location, the security posture of the endpoint, the app or service being requested. By restricting access to each employee, you prevent an attacker from gaining access to a large amount of data by compromising one account.
Use Role Based Access Control to achieve least privilege and give business owners the ability to manage access permissions to their controlled data. Conduct eligibility and group membership reviews on a regular basis.
An enterprise must ensure that all devices it owns are in the safest possible state
and their communications are secure regardless of their location on the network. In addition, it is necessary to keep track of all digital assets to ensure their maximum security. “Maximum Safe State Possible” means that the employee’s device is in the most secure state and is still performing activities consistent with their mission.
Likewise, organizations should never assume that client and server endpoints are secure without first verifying. Enterprises should send only necessary information to endpoints.
An enterprise can protect resources on its own network segment with Next-Generation Firewall NGFW devices, using them as a Policy Enforcement Point. Such devices dynamically provide access based on individual requests from clients. This approach is applied to various use cases and deployment models, as the guardian helps achieve infrastructure segmentation, which in turn reduces the kill radius of a cyberattack.
You can also use overlay networks. This approach is sometimes referred to as the SDP software-defined perimeter model and often incorporates concepts from software-defined network SDN. Here the Policy Administrator acts as a network controller that sets up and reconfigures the network based on decisions made by the Policy Engine.
If an attacker is already on a company’s computer network, they can usually gain access rights to most digital assets. In addition, within traditional security architectures, verification is not expected for processes and devices inside the network perimeter. This creates huge risks and great temptations for insiders or employee devices that have previously been compromised.
According to the concept of Zero Trust Architecture, every action on the network can be a potential threat, since the network could have been hacked already. Therefore, access requests must be confirmed, authenticated and authorized before forming a response to it. Each request the user must verify their identity again. This helps eliminate lateral movement when the threat is within the company’s network perimeter. In addition, it helps to detect and respond to an incident, as well as quickly classify the type of threat.
A company should never assume that the network is impenetrable, even if its employees use a VPN while on the corporate network. Companies should implement multi-factor authentication MFA along with multi-level security controls.
Multi-factor authentication drastically reduces the possibility of online identity theft, as knowing the victim’s password is not enough to commit fraud. When choosing one or another factor or method of authentication for the system, it is necessary to build on the required degree of security, the cost of building the system and ensuring the mobility of the subject.
Here are a few key recommendations for implementing the Zero Trust Model:
Zero Trust Networks Access ZTNA describes an approach to designing and implementing computer networks. The basic concept is that network devices should not be trusted by default, even if they are connected to a managed corporate network. Today, most corporate networks consist of many interconnected segments: cloud services, remote and mobile connections, and many IoT devices.
The traditional approach to allocating a conditional corporate perimeter or trusting devices connected to it via VPN does not make sense in such diverse and dispersed environments. Instead, a zero-trust network approach provides access to applications by verifying the identity and integrity of devices, combined with user authentication, regardless of location.
Reduce risk from persistent threats by applying security-centric design principles. The use of technologies such as built-in user isolation and least privilege access also helps to comply with regulations and privacy rules. With well-organized account management, organizations also gain greater control over user access, which reduces the risk of security breaches from inside and outside.
A zero-trust approach to security includes collecting user information, managing user accounts, and orchestrating access privileges to help regulate access to systems or networks for individual users in an organization.
Increasing competitive advantage
Organizations that move from a standard perimeter security approach get benefits of Zero Trust Architecture such as automation, security, and governance, which increases their overall competitive advantage and business agility.
An enterprise implementing a ZTA would be expected to have Identity, Credential, Access Management (ICAM) and asset management systems in place.
There are several approaches to building a ZTA: advanced identity, access management and loss prevention, logical micro-segmentation, and network-based segmentation. Each of these approaches have the same goal: to isolate environments as much as possible so that an attacker who compromises one application or component cannot easily move within the organization and compromise other environments.
The target picture of an organization’s transition to ZTA might look like this:
It is advisable to consider the transition to ZTA through the prism of the following key areas: identification, devices, networks, applications and data.
Impact on the decision-making process
At ZTA security policy management components are key to the entire enterprise. Any administrator with access to the rules settings can make unauthorized changes or make errors that break the work. Control components must be properly configured and tested to mitigate risks.
Denial of Service
If, as a result of a DoS attack or traffic interception, an attacker violates or denies access to the security policy management component, this can adversely affect the operation of the entire computer network. An enterprise has the ability to mitigate the threat by replicating such components in multiple locations.
Attackers may use phishing, social engineering, or a combination of attacks to obtain valuable account credentials. Implementing multi-factor authentication could be one of the additional protections for credentials. It can reduce the risk of access from a compromised account.
Visibility on the web
Some of the traffic on an enterprise network may not be transparent to traditional network analysis tools. This does not mean that the enterprise cannot analyze encrypted traffic – it is possible to collect metadata and use it to detect suspicious activity. Machine learning methods allow you to explore traffic at a deep level.
Storage of network information
Network traffic and metadata used to build contextual policies can be the target of hacker attacks. Another source of intelligence for an attacker is the control tool used to encode access policies. Like stored traffic, this component contains resource access policies and can show which accounts are most valuable for compromise.
Implementing a Zero Trust Architecture is the best practice for building security. This is confirmed by the standardization of this model and the increasing number of large enterprises that have implemented this approach to their digital security. However, moving away from traditional security practices can be a daunting task. Helenix has unique experience in development and deployment of security solutions and building robust security architecture. We and our partners are ready to help you choose the right transition strategy to build or improve your ZTA. You can learn more about our competencies in the Custom Development section.
Zero Trust is an architectural approach that assumes that any transaction, entity and person are not trusted until it is proven that they can be trusted, and this trust must be confirmed again and again. Its purpose is to provide network security.
Effective Zero Trust solution follows the five basic authentication principles to strengthen your security: constant monitoring and verification, the principle of least privilege, device access control, micro-segmentation, and multi-factor authentication.
The Zero Trust approach focuses on three main principles: the level of security is high and visible as a whole picture; all events are continuously evaluated; each access attempt is considered as a potential threat.
Define your protective surface and map your business processes. Create a network with zero trust. Describe the zero trust policy in detail. Organize monitoring and maintenance of your computer network.