The classic approach to cybersecurity has traditionally called for creating a sealed-off perimeter, protecting the network from potential exterior threats. However, today, with an increasing number of people and devices connected, this is changing. The lines dividing the intranet and extranet are much more blurred. Now there is just one connected ecosystem in which the best option for a company is to trust no one and nothing.
What is the Zero Trust model?
First proposed in 2010 by John Kindervag of Forrester Research, the Zero Trust model, or ZT, is an updated version of the classic Trust but Verify vision in which the inner circle of a network is trusted by default. In contrast to this, the ZT model calls for total distrust of everything, no matter the origin.
With the frenetic growth of the IoT, trust issues facing networks have grown exponentially. According to Gartner, by the end of 2018, more than 50% of IoT device manufacturers will not be able to effectively deal with threats stemming from weak authentication.
This means companies will need to implement vital changes to their security strategies, with a number of things to be kept in mind: 1. Who is connected to the network and why do they have access?; 2. How long have they been connected and when were they connected till, how did they get access?; and, importantly, 3. What information do they have access to?
Applying this model means that any device that attempts to access the system or any device already connected that changes its location will need to be verified again. Furthermore, all activity by the device will be logged from the first moment it accesses the network in order to detect any unusual behavior.
Other security specialists support Forrester’s view: focus on security at all levels; ignoring internal security does not work. According to specialists, the most serious data breaches occur when hackers have gained access to a network by getting through external barriers such as corporate firewalls. Once inside, they can operate with little resistance.
Controlling information is vital in the ZT model as it shifts attention away from the most traditional points, focusing on any breach in security. This is advantageous as it means it is no longer necessary to worry about the origin of breaches or their intention. Therefore, there is no room for surprise and and companies can be prepared for anything as they can control the attack.
Zero Trust eXtended
In 2018, experts at Forrester, such as Chase Cunningham, expanded on the ZT model with a new strategy called Zero Trust eXtended, or ZTX. According to Cunningham, the main problem is that most organizations are not really effectively implementing the Zero Trust model. This is partly due to the fact that companies don’t fully understand the technology and the organizational changes necessary to put it into practice.
Like its predecessor, ZTX is focused on information, but allows for a more efficient evaluation of applying the model. The ZTX model focuses on the following pillars:
– The network: What effect does technology have on the principals of isolation, segmentation and network security?
– Data: How are the categorization, outline, isolation, encryption and control of data permitted?
– Human resources: How are network users and the company’s infrastructure protected? And how can the threat that users create be mitigated?
– Workload: How are the cloud, applications and other things that a business or organization uses kept secure?
– Automation and orchestration: How does technology handle the principles of distrust and verification of the model?
– Visibility and analysis: Are analyses and useful data available? How are a system’s blind spots eliminated?
Any implementation of the ZTX model must address at least three of these pillars, as well as have a powerful API that permits integration. If these two premises are not met, explains Cunningham, then the model is not a ZTX model, although it could fit the definition of a ZT model.
Zero Trust eXtended for companies
The advantages of a company implementing ZT in its strategy are clear: both external and internal attacks can be prevented, and companies have more control over their security. Of course this implies investing time and resources, both in technology and in training, to efficiently implement a change in strategy.
To achieve a ZT (or ZTX) model, one should maintain exhaustive control of authentication, as well as of identity management and encryption. Given that the report on ZTX implementation was published recently, widespread implementation of the model still has a long way to come.
That said, companies can work towards making changes to their security policies by implementing measures that give them greater network control. Something for which tools such as Panda Adaptive Defense 360, have been especially designed for. Thanks to tools like this, we can monitor all activity and detect any suspicious activity, allowing us to focus on the information that attacks are after, even before they take place. Adaptive Defense 360 covers most of the pillars in the ZTX model thanks to its superior combination of EPP and EDR technology. Gartner has praised Panda Security’s complete vision and ability to execute and named Panda a Visionary in the Gartner Magic Quadrant for Endpoint Protection Platforms. Additionally, to minimize the possibility of an attack (both malware and non-malware derived), Panda Adaptive Defense 360 offers complete behavior visibility of all endpoints, users, files, processes, logs, memories, and networks. That’s to say, it trusts no one and nothing.