Implementing Zero Trust may seem daunting, but the good news is that you are probably farther along than you think. In this blog series, Broadcom Software will look at the key factors to consider when implementing a Zero Trust framework.
According to the 2022 Verizon DBIR published earlier this year, the human element was behind 82% of breaches for 2021. While users may accidentally cause a data breach or mistakenly share data they shouldn’t, threat actors are always looking for opportunities to gain access. Once in, they will explore how they might be able to propagate and get deeper and higher access – even admin rights – onto a system and start to control things.
For example, last month, the FBI, CISA and MS-ISAC issued a joint advisory about Vice Society, a hacking group targeting ransomware attacks against the education sector. Prior to deploying ransomware, the actors spend time exploring the network, identifying opportunities to increase accesses, and exfiltrating data for double extortion – a tactic whereby actors threaten to release sensitive data publicly unless a victim pays a ransom.
So, you have observed abnormal behavior in your environment. Threat actor – or errant user? Who is the entity – and what is it doing in your environment?
Visibility: The Cornerstone of Zero Trust
Before you inspect and protect, you must have visibility. Monitoring risk is key. And it’s not just monitoring once or twice or three times; you need to continuously monitor what users are doing and which applications they’re accessing.
For example, if you trust the device, can you trust the application that runs on the device? And if you have a way of assessing the trustworthiness of an application, why aren’t you using that to judge whether it should be allowed to access your data? How can you determine the reputational health of each application and then use that information to determine whether to allow the user to access them? With good endpoint technology and good intelligence, you can assess the reputation of all the applications.
Shadow IT is another security challenge, which can crop up when users try to bypass existing security measures. Audit, a component within the Broadcom Software solution, CASB, can help identify risky services your employees have adopted. CASB and DLP are visibility tools have become more relevant in the new world of multi-cloud. With hybrid architectures, there are many areas where we don’t have the control we used to have.
Protecting systems is important – but don’t forget about the data
Data security is at the heart of Zero Trust. Some people might think, “What about the systems?” What is it that I’m allowing them access to? And if I don’t know that system contains sensitive data or whatever it might be, how do I know I’ve got the right controls in place? Systems are important – and need protection. But it’s important to first follow the data. Let me explain.
You might have a server, with data on it, that has five known vulnerabilities, and they’re not patched. But the server is just a test server and sits on an isolated part of the network. From a risk perspective, there is lower risk to the organization if it is attacked. If that server was hosting your corporate website and had critical financial data, you would be quite worried that it was carrying unknown, unpatched vulnerabilities. As a result, you would make it a priority to protect that data – and that server. So that data context really helps you prioritize security for that server.
What about all the data your security tools generate? With greater visibility, there is the risk of data overload. Security orchestration or other tools that can visualize risk across your organization can help manage volumes of data. Information centric analytics, too, can automate the analysis of security information so that it is prioritized and current.
Zero Trust means thinking differently about security
Fundamentally, Zero Trust is about thinking differently about security. Adopting a Zero Trust framework might affect your HR policies, where you buy equipment, and remote work guidelines. Implementing Zero Trust is a bit like painting the Golden Gate Bridge. You keep going but you’re not done when you get to the end because you’ve got to go back and start again.
We encourage you to share your thoughts on your favorite social platform.