6 Tenets of a Zero-trust Security Network
/Cybersecurity is an always evolving landscape of more advanced threats, followed by fixes for those threats, followed by new threats designed to get around those fixes.
Things have become worse lately due to the pandemic, and scammers taking advantage of the disruption and employees newly working from home on less secure networks. Everything from phishing scams to ransomware have been increasing in frequency.
Another twist that’s making cybercrime more of a threat to business wellbeing is that large criminal cartels are organizing ransomware attacks and improving their efficiency. According to the Sophos 2021 Threat Report, attacks that used to take days or weeks or carry out, now only take a few hours.
This organization of cybercrime and the increasing sophistication of threats have led to a new cybersecurity approach called Zero-trust.
What is Zero-trust Security?
The typical security structure is known as “castle and moat,” meaning that a strong perimeter is put up to keep the bad guys out of a network, and those inside the network are typically free to move around “the castle” and do what they need to do.
But with Zero-trust security, users and applications that execute code aren’t automatically trusted just because they’ve made it inside the network. This approach puts in play additional challenges and barriers designed to check user and app permissions.
Another measure taken is to identify the good guys, which is a much shorter list, rather than having to continually identify all the bad guys. This achieves better security, especially against new zero-day malware variants, because any users or applications not already whitelisted are blocked by default.
Zero-trust security isn’t a single platform, rather it’s an approach in how security measures across busines technology like advanced threat protection appliances and cloud tool settings are configured.
When implementing Zero-trust security, here are some of the core tenets to consider.
Advanced Identity Management
Due to the move of business data to cloud accounts, behind company logins, hackers are going after user logins with increased frequency. 77% of all cloud account data breaches are due to compromised login credentials.
Just because someone has the right username and password, doesn’t mean they’re a legitimate system user.
Advanced identity management puts additional authentication barriers in place. These can include things like:
Multi-factor authentication
Adding a challenge question for higher privileged users
Restricting system access if a user is logging in from outside a certain geographical region
Automatically logging users out after a timeout period
Application Whitelisting
One of the most difficult types of malware for traditional antivirus/anti-malware software to catch is fileless malware. This is because it doesn’t use malicious code at all, and instead sends commands to a legitimate Windows process, typically PowerShell.
Application whitelisting sets up your list of “good guys” and designates which programs are allowed to execute commands, and then blocks all others by default.
Application Ringfencing
Application ringfencing is closely related to whitelisting. It takes security a step further by designating what types of interactions those approved programs can have with each other.
Thus, if a hacker is trying to use one whitelisted program to send a malicious command to another, the event could be blocked if that action wasn’t approved due to ringfencing.
Rule of Least Privilege
Many companies give too many users higher access privileges in a network or cloud application than they actually need. The more user accounts you have that can do things like add other users or edit security configurations, the more at risk you are because a hacker has more targets.
Using the Rule of Least Privilege means that your company only grants the absolute minimum user privileges needed for an employee to accomplish their daily tasks. This reduces the accounts that, if taken over, could cause serious harm.
Using a Dedicated Admin Account That is Not a Regular User Account
Taking least privilege a step farther is to reduce your high-level privilege accounts to just one. If you set up a single dedicated administrative account, you can significantly reduce the risk of a devastating insider attack.
Admins then just log into that account when they need to handle administrative duties, and log back out and into their own user account when done. This also keeps that account’s password more secure because the account isn’t being used for email, etc.
Continuous Monitoring & Automated Response
Another important tenet of Zero-trust security is to continually monitor your network, including cloud account access, for any threats and to have an advanced threat protection (ATP) application in place.
ATP apps give you the ability to add automatic response that doesn’t require admin intervention, such as quarantining a suspicious threat immediately that an admin can then review later. This ensures that a network is being protected 24/7.
Need Help Implementing Zero-trust Security Measures?
BrainStomp can help your business implement some of the core tenets of zero-trust cybersecurity to ensure your network and data are protected from new and emerging online threats.
Schedule a free cybersecurity consultation today! Call 260-918-3548 or reach out online.