Zero Trust, your organization can benefit from Zero Trust immediately if:
You are required to protect an infrastructure deployment model that includes:
· Multi-cloud, hybrid, multi-identity
· Unmanaged devices
· Legacy systems
· SaaS apps
You need to address key threat use cases including:
· Ransomware – a two-part problem involving code execution and identity compromise
· Supply chain attacks – typically involves unmanaged devices and privileged users working remotely
· Insider threats – especially challenging to analyze behavioral analytics for remote users
Your organization has these considerations:
· SOC/analyst expertise challenges
· User experience impact considerations (especially when using MFA)
· Industry or compliance requirements (eg. financial sector US government Zero Trust Mandate)
· Concern in retaining cyber insurance (due to the rapidly changing insurance market as a result of ransomware)
Every organization has unique challenges due to their business, digital transformation maturity, and current security strategy. Zero Trust, if implemented properly, can adjust to meet specific needs and still ensure a ROI on your security strategy.
The 2021 software supply chain attack
Sunburst demonstrates the importance of why organizations can’t drop theirguard with even standard service accounts and previously trusted tools. All networks have automated updates within their technology stack, from web applications to network monitoring and security. Automating patches is imperative to good network hygiene. However, even for mandatory and automated updates, Zero Trust means preventing potential malicious actions.
The technical analysis of the Sunburst attack illustrates how any tool, especially one commonly used in a network, can be taken over from the vendor/update mechanism – and how Zero Trust architecture principles should be applied to mitigate these threats.
Zero Trust and the principle of least privilege mandate strict policies and permissions for all accounts, including programmatic credentials like service accounts. Service accounts in general should have known behaviors and limited connection privileges. In the case of Sunburst, an overly permissioned service account enabled lateral movement for attackers. They should never directly attempt to access a domain controller or authentication system like ADFS, and any behavior anomalies should be quickly identified and escalated as they happen.
With so many different interpretations of zero trust, it can be intimidating when trying to identify the solution that fits your organization’s needs. To lend a hand, we’ve put together 7 key questions to better assess solutions and services.