Why Zero Trust Security is Going to Be the New Standard
Sixty-eight percent of business leaders say that their I.T. security risks are only increasing. Additionally, the pandemic year of 2020 brought along with it a significantly increased number of cyberattacks across all threat vectors. This continuous evolution of threats and increased level of attacks have led to a new standard emerging called Zero Trust Security.
What is Zero Trust Security? Zero Trust Security means putting in policies and systems that do not automatically trust those outside or inside a network. Typical network security uses a “castle and moat” approach, which means it distrusts entities outside a network, but tends to trust those users and applications that already have approval to be inside a network. But new types of attacks on business networks and the increase of insider threats illustrate the need for this “trust no one” posture. Here is an example of why Zero Trust is needed. A new type of attack that’s been gaining in popularity over the last few years is called a fileless attack. This attack doesn’t contain malware or malicious code, instead it sends malicious commands to a trusted program, like Windows PowerShell. Traditional firewalls or anti-malware programs trust Windows PowerShell because it’s a legitimate Windows program, therefore fileless attacks can often go unnoticed. However, using a Zero Trust policy, any malicious commands can be blocked using a protocol called ring fencing, which designates which interactions between programs are approved, and blocks all others. The “trust no one” approach, doesn’t automatically trust Windows PowerShell, which in turn helps to mitigate malicious commands being executed. During the first half of 2019, fileless attacks grew by 256%.
What’s Involved in Setting Up Zero Trust Security? Zero Trust security is an approach to cybersecurity, it’s not one single application. It covers how every aspect of your I.T. defenses are implemented. Here are some of the standard areas and approaches that are involved when setting up this type of security posture.
Advanced Identity Management & Authentication Insider threats are one of the reasons for Zero Trust beginning to become the standard in cybersecurity. When a hacker buys or steals a user password, they can enter a system as a user, bypassing standard security systems. When a Zero Trust approach is used, policies are put in place that not everyone with a legitimate login is automatically trusted as a legitimate user. This involves adding advanced identity management applications that allow some of the following security protocols:
Additional challenge questions for users with high-level privileges
Restricted access if users are logging in from outside a specified geographical region
Timed logouts to reduce the risk when a device is lost or stolen