Last Updated: 3rd October, 2020
Zero Trust Architecture: A zero trust architecture requires access and prohibitions to be given priority by enterprises. The aim is to enforce a zero trust policy for all communications to ensure the network cannot be placed at risk by any user, device, or system. Usually, zero trust architectures implement three core principles: that there’s no such thing as loyal users, multifactor authentication (MFA) should be a must, and for implementing prohibitions, micro-segmentation is essential.
Organizations need to adopt information security methodologies and techniques that broaden their endpoint visibility and gain control over access and permissions in order to enforce zero trust security.
What Is Zero Trust Architecture?
Zero trust architectures are constructed on the basis that there is no secure perimeter. Instead, every event and connection are considered untrusted and potentially malicious.
The aim of zero trust architectures is to keep networks protected despite increasingly sophisticated threats and complex perimeters. This is why zero trust architecture is also called zero trust network, or in general — zero trust security.
What Is Zero Trust?
A zero trust model implements data security that prioritizes access and restrictions. This is particularly relevant in today’s business environment, as organizations increasingly need to secure a remote workforce.
In a zero trust architecture, users, devices, and services receive the least possible privileges until proven trustworthy. Sometimes, when implementing zero trust network access, privilege restrictions extend even after authentication and authorization.
In particular, zero threat architectures are designed to reduce the vulnerabilities associated with cloud resources, ephemeral endpoints, dynamic attacks and the Internet of Things (IoT) devices. These architectures are often adopted by organizations with highly sensitive data and systems.
Three Key Elements Of A Zero Trust Architecture
When evaluating a zero trust architecture, there are three elements that should be considered. These elements are vital to the successful deployment and construction of zero trust architectures.
1. No False Sense Of Security
In traditional architectures, anything that happens inside the perimeter of a network is considered trusted. The assumption being that any users or activity in the network has already approved authentication and is authorized to be there. This model assumes that perimeter security is flawless and that insiders are never malicious.
To anyone familiar with security, the flaws in this model should be apparent. There are many situations in which users and events inside your perimeter are not to be trusted. For example, an attacker who has entered with compromised credentials or insider threats, which may abuse privileges or move laterally through the network. A zero trust architecture makes this explicit understanding, and prioritizes protection against insider threats.
2. Multifactor Authentication (MFA)
Multifactor authentication (MFA) is the use of credentials in combination with an additional authenticator. For example, requiring a user to scan their fingerprint or confirm a PIN sent to a mobile device. MFA significantly reduces the chance that attackers are qualified to squander compromised credentials to access your systems and data.
A zero trust architecture implements MFA as a double-check against its own security measures. It uses MFA to ensure users are who they claim to be and ensures that access and transactions are allowed correctly. MFA on top carry out a considerable role in PCI security, which helps organizations protect credit card data in accordance with the PCI standard.
Microsegmentation is the use of, access controls to isolate the various components and services on your system. It allows you to layer security measures, such as firewalls or authorization measures, for more vital security. It also enables you to restrict access to assets on a granular level, reducing the chance of an attacker taking advantage of lateral weaknesses.
A zero trust architecture leverages microsegmentation to ensure that even users or applications in a network are properly restricted. It ensures that even if an attacker does enter the network, the amount of damage they can cause is severely limited.
Microsegmentation and cloud native development often go hand in hand. However, microsegmentation by itself does not cover all of your cloud security needs. It’s significant to make the distinction between microsegmentation as a security measure, and cloud security as a whole.
Zero Trust: Best Practices For Successful Implementation
While building a zero trust architecture there are several best practices you can employ. Below are four practices to help you prioritize your efforts, securely validate devices, ensure visibility of your systems, and eliminate false trust.
1. Know Your Architecture, Including Users, Devices, And Services
To secure your network and assets creates a full inventory of your users, devices and services. This includes what data and assets each need to be accessed, what possible liabilities that access creates, and how access is managed.
In particular, focus on those assets and components that are connected to your network. For example, prioritizing focus on servers with internally or externally facing endpoints over tape backups.
It is also important to pay attention to pre-existing configurations and permissions. If you are transitioning from a traditional network model to zero trust you may need to update services and assets to ensure continued functionality.
2. Create A Strong Device Identity
To ensure that only trusted devices are allowed on your network, start by establishing a unique, traceable identity for each. These identities allow you to verify that assets are managed efficiently and to expose suspicious devices. Additionally, the identities you define for devices are necessary to authenticate permissions and access according to the policies you define.
There are several ways to identify devices, depending on the device’s hardware, platform and type. The most reliable method is to store identity information on secure hardware co-processors. This is extremely complex to fake and is a high-trust method.
When hardware, storage isn’t possible, you can deplete software-based key stores. This method provides a reasonable amount of confidence for well-managed devices. However, it can merely demonstrate reasonable confidence for poorly managed or unmanaged devices.
3. Focus Your Monitoring Of Devices And Services
Comprehensive and continuous monitoring help ensure that even if your security measures fail, you are efficient to detect and stop attacks. In particular, focus on monitoring how devices and services are interacting. For example, what is being requested, what processes are performed, and what data is accessed.
While monitoring, keep in mind that each device needs to be evaluated individually. This does not mean you should not correlate data across your devices. It does, however, mean you can’t rely on traffic choke points to detect suspicious events. Preferably, evaluate device data in context of the events occurring on your network to ensure that the traffic matches your defined security policies.
4. Don’t Trust The Network, Including The Local Network
Remember that zero trust means zero. This includes your local network. You should not be relying on your network itself to secure communications.
As an alternative, build trust into the devices and services operating within your network. For example, by enforcing encryption protocols like TLS. If you rely on local networks to be secure, you potentially reveal your connections to attacks like DNS spoofing, Man in the Middle (MitM) attacks, or unsolicited inbound connections.
Zero Trust Architecture
To recognize unique devices across the network, you can leverage user and entity behavior analytics (UEBA) tools. To be effective, UEBA tools must tie individual behavior back to a unique user. These tools can’t barely put device data in the context of your defined security policies, but also establish a behavioral baseline for routine activity.
Zero trust architecture and UEBA work together to emphasize that abnormal behavior may indicate a threat is present, even if permissions and credentials appear legitimate.
In particular, user and event behavior analytics (UEBA) features can help with the following objectives:
- Lateral movement—Attackers who penetrate a system move through the network, gaining access to more and more systems using different IP addresses and credentials. Combines data from multiple sources to uncover an attacker’s journey through the network.
- Security incident timelines—Stitches sessions together to create a complete timeline for a security incident, spanning users, IP addresses and IT systems.
- Incident detection that does not rely on rules or signatures—Identifies abnormal and risky activity without predefined correlation rules or threat patterns and provides meaningful alerts with the lowest false positives.
- Peer groupings—Dynamically groups similar entities, such as users who have the same organizational role, to analyze normal behavior across the group and detect unusual behavior.