ZERO TRUST MODEL
ZERO TRUST MODEL
Zero Trust is a security architecture that mandates that all users, whether inside or outside the organization’s network, be verified, approved, and continually evaluated for security configuration and posture before being permitted or maintaining access to applications and data. Zero Trust presupposes that there is no typical network edge; networks can be local, cloud-based, or a blend of the two, with resources and employees located everywhere.
For today’s modern digital transformation, Zero Trust is a framework for safeguarding infrastructure and data. It is the only product of its kind to meet today’s corporate concerns, such as safeguarding remote employees, hybrid cloud settings, and ransomware attacks. While many suppliers have attempted to define Zero Trust on their own, there are a variety of standards from reputable organizations that can assist you in aligning Zero Trust with your business.
NIST 800-207 and Zero Trust
For Zero Trust, we follow the NIST 800-207 standard. Not only for government institutions but for any company, this is the most vendor-neutral, comprehensive set of standards. Other features from companies like Forrester’s ZTX and Gartner’s CARTA are also included:
In May 2021, in response to an increase in high-profile security breaches, the Biden administration issued an executive order requiring U.S. Federal Agencies to follow NIST 800-207 as a prerequisite for Zero Trust deployment. As a result, the standard has undergone extensive validation and input from a wide spectrum of commercial customers, vendors, and government agency stakeholders — which is why many private companies consider it to be the de facto standard for private businesses as well.
Based on the NIST recommendations, Zero Trust aims to meet the following fundamental principles:
Verification Updating
The “blast radius” should be kept to a minimum. If an external or insider breach occurs, minimize the effect.
Context gathering and response can be automated. For the most accurate response, include behavioural data and obtain context from the complete IT stack (identity, endpoint, workload, etc.).
What Makes Zero Trust Work?
This framework’s implementation combines advanced technologies like risk-based multi-factor authentication, identity protection, next-generation endpoint security, and reliable cloud workload technology to verify a user’s or system’s identity, consider access at the time, and maintain system security. Before assets and endpoints connect to apps, they must be encrypted, emails must be secured, and the cleanliness of assets and endpoints must be verified.
Traditional network security, which followed the “trust but verify” strategy, has been replaced with Zero Trust. The conventional method automatically trusted users and endpoints within the business’s perimeter, exposing the organization to hostile internal actors and valid credentials taken over by criminal actors, granting unauthorized and compromised accounts broad access once inside. Due to the pandemic that began in 2020, this paradigm became outdated with the cloud migration of corporate transformation projects and the acceleration of a dispersed work environment.
As a result, enterprises must constantly monitor and check that a person and their device have the appropriate access and characteristics. It also necessitates implementing a policy that considers the user’s and device’s risk, as well as any compliance or other criteria that must be considered before approving the transaction. It necessitates the organization’s knowledge of all service and privileged accounts, as well as the ability to impose restrictions over what and where they connect. Because threats and user properties are all subject to change, a one-time validation will not be sufficient.
As a result, businesses must ensure that all access requests are thoroughly reviewed before granting access to any corporate or cloud assets. As a result, Zero Trust policy enforcement relies on real-time insight into hundreds of users and application identity attributes, such as:
Identity of the user and the type of credential (human, programmatic)
Each credential’s number and privileges on each device
Connections between the credential and the device should be normal (behaviour patterns)
Type and function of endpoint hardware
Geographical place
Versions of firmware
Risk and authentication protocol
Versions of the operating system and their patch levels
Endpoint applications installed
Suspicious activity and attack recognition are examples of security or incident detections.
To contain assaults and reduce the effect of a breach after it occurs, organizations should thoroughly examine their IT architecture and potential attack pathways. Segmentation by device kind, identity, or group functions are examples of this. Suspicious protocols to the domain controller, such as RDP or RPC, should always be questioned or limited to certain credentials.
More than 80% of all network attacks involve the use or misuse of credentials. With new attacks on credentials and identity stores appearing regularly, additional credentials and data protections are being extended to email security and secure web gateway (CASB) providers, ensuring greater password security, account integrity, and organizational rules and enforcement while avoiding high-risk shadow IT services.
Use Cases for Zero Trust
While Zero Trust has been called a standard for many years, it is becoming more formalized as a response to securing digital transformation and a variety of complex, devastating threats that have surfaced in the last year.
While Zero Trust may help any business, yours can begin to reap the benefits right now if:
You must safeguard an infrastructure deployment model that contains the following elements:
Multi-cloud, hybrid, and multi-identity environments
Devices that are unmanaged
Systems that are no longer in use
Apps that are available as a service
You must handle major threat use cases, such as:
Supply chain attacks – often include unmanaged equipment and privileged individuals operating remotely) Ransomware – a two-part problem including code execution and identity compromise)
Insider risks are exceedingly difficult to manage when people operate remotely.
These are some of the things to think about in your company:
Expertise difficulties for SOC/analyst
Considerations about the user experience (especially when using MFA)
Requirements of the industry or regulations (e.g. financial sector or US Government Zero Trust Mandate)
Due to their business, digital transformation maturity, and current security strategy, each firm has distinct problems. If effectively implemented, Zero Trust may adapt to fit individual demands while still providing a return on investment for your security strategy.
What are the Zero Trust Model’s Core Principles?
The following are the main elements of the Zero Trust paradigm (based on NIST 800-207):
Continual checking is required.
The “blast radius” should be kept to a minimum. If an external or insider breach occurs, minimize the effect.
Context gathering and response can be automated. For the most accurate results, include behavioural data and acquire context from the complete IT stack (identity, endpoint, workload, etc.).
1. Consistent Verification
At any moment, there are no trusted zones, credentials, or devices due to continuous verification. As a result, the phrase “Never Trust, Always Verify” has become popular. For this to work effectively, several key elements must be in place: verification that must be applied to such a broad set of assets on a continuous basis; verification that must be applied to such a broad set of assets, and verification that must be applied to such a broad set of assets on a continuous basis.
Conditional access depends on risk. This guarantees that workflow is halted only when risk levels change, allowing for continuous verification without compromising the user experience.
Policy that is simple to implement and works dynamically. Because workloads and users change often, the policy must account for not just risk, but also compliance and IT needs. Organizations are nevertheless subject to compliance and organizational-specific standards, even if they have zero trust.
2. Keep the Blast Radius to a Minimum
If a breach does occur, it is vital to reduce the consequences of the incident. An attacker’s scope of credentials or access pathways is limited by Zero Trust, allowing systems and people time to respond and mitigate the attack.
Using identity-based segmentation to limit the radius. Because workloads, users, and credentials change often, traditional network-based segmentation can be difficult to manage operationally.
The concept of least privilege. It is vital that all credentials, even those for non-human accounts (such as service accounts), are scoped to the minimum capacity necessary to accomplish the activity. As the scope of the job changes, so should the scope of the project. Many attacks make use of privileged service accounts, which are frequently unmonitored and have excessive permissions.
3. Context Collection And Response Can Be Automated
More data can help you make more effective and accurate judgments if it can be analysed and acted on in real-time. The National Institute of Standards and Technology (NIST) offers advice on how to use data from the following sources:
User credentials (service accounts, non-privileged accounts, privileged accounts – including SSO credentials) — human and non-human
Virtual machines, containers, and workloads delivered in hybrid deployments are all examples of workloads.
Endpoint — any device that accesses data
Data and network
SIEM SSO Identity providers and other sources (usually via APIs) (like AD)
Stages of Implementing Zero Trust
Stage 1: Visualize – comprehend all of the resources, their access points, and the risks involved.
Stage 2: Minimize – detect and stop threats or mitigate the consequences of a breach if one cannot be prevented immediately.
Stage 3: Optimize – ensure that all aspects of the IT architecture and all resources, regardless of location, are protected without compromising the user experience.
UK Cyber Security Group Ltd is here to help
Please check out our Cyber Essentials Checklist
Please check out our Free Cyber Insurance
If you would like to know more, do get in touch as we are happy to answer any questions. Looking to improve your cybersecurity but not sure where to start? Begin by getting certified in Cyber Essentials, the UK government’s scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks. Or just get in touch by clicking contact us