Complexity has outstripped legacy methods of cybersecurity as there is no single, easily identified perimeter for enterprises. As a result, security teams are shifting network defenses toward a more comprehensive IT security model to accommodate this new security climate.
The Zero Trust approach enables organizations to restrict access controls to networks, applications and environments without sacrificing performance and user experience. Simply stated, it’s an approach that trusts no one.
As more and more organizations leverage cloud computing, the traditional network security perimeter has all but vanished, and security teams are finding it difficult to identify who and what should be trusted with access to their networks. As a result, a growing number of organizations are considering adopting a Zero Trust network architecture as a key component of their enterprise security strategy.
What is a Zero Trust Architecture?
Perimeter network security focuses on keeping attackers out of the network. However, this traditional approach is vulnerable to users and devices inside the network.
Traditional network security architecture leverages firewalls, access controls, intrusion prevention systems (IPSs), security information and event management tools (SIEMs) and email gateways by building multiple layers of security on the perimeter — layers that cyber attackers may have already learned to breach. “Verify, then trust” security trusts users inside the network by default. So anyone with the right user credentials can potentially be admitted to the network’s complete array of sites, apps and devices.
Zero Trust assumes the network has been compromised and challenges the user or device to prove that they have an acceptable risk level. It requires strict identity verification for every user and device attempting to access resources on a network, even if the user or device are already within the network perimeter. Zero Trust also provides the ability to limit access once anyone is inside the network, preventing an attacker from exploiting lateral freedom throughout an organization’s infrastructure.
Recently, Zero Trust, as a concept came into focus when U.S. President Joe Biden issued an executive order requiring agencies to have a plan to adopt a Zero Trust framework within 90 days. The order also provided clear recommendations and timeframes for public and private organizations to implement key technology and process improvements.
Zero Trust enables organizations to reduce risk to their cloud and container deployments while also improving governance and compliance. Organizations can gain insight into users and devices while identifying threats and maintaining control across the network. A Zero Trust approach can help identify business processes, data flows, users, data and associated risks. The model helps to set policy rules that can be automatically updated based on associated risks,.
Adopting Zero Trust enables organizations increase their level of continuous verification, enabling them to detect intrusions and exploits quickly in order to help stop attacks before they can succeed:
Phishing emails targeting employees
Lateral movement through corporate network
Redirecting a shell to a service to compromise a corporate machine
Stolen developer password
Stolen application database credentials
Exfiltration of database via compromised application host
Compromising application host via privileged workstation
Using developer password to elevate application host privileges
Installing keylogger via local privilege escalation on workstation
Organizations seeking to implement a Zero Trust security framework must address the following:
Identify Sensitive Data – Identify and prioritize data according to risk: know where it lives and who has access to it.
Limit and Control Access – Establish limits to users, devices, apps and processes seeking data access; a least-privilege access control model should be limited to a “need-to-know” basis.
Detect Threats – Monitor all activity continuously related to data access, comparing current activity to baselines built on prior behavior and analytics; combining monitoring, behaviors, rules, and security analytics enhances the ability to detect internal and external threats.
A strong Zero Trust security model features the following principles:
Authenticated access to all resources – Zero Trust views every attempt to access the network as a threat. While traditional security often requires nothing more than a single password to gain access, multi-factor authentication (MFA) requires users to enter a code sent to a separate device, such as a mobile phone, to verify they are in fact who they claim to be.
Least privilege-controlled access – Allowing the least amount of access is a key principle of Zero Trust. The objective is to prevent unauthorized access to data and services and make control and enforcement as granular as possible. Zero Trust networks grant access only when absolutely necessary, rigorously verifying requests to connect to systems and authenticating them beforehand. Constricting security perimeters into smaller zones to maintain distinct access to separate parts of the network limits lateral access throughout the network. Segmented security becomes increasingly important as workloads become more mobile.
Inspect and log activity using data security analytics – Continuous monitoring, inspection and logging of traffic and activities. User account baselines should be established to help automatically identify abnormal behaviors indicative of malicious activity
Why Lookout Zero Trust?
Lookout Continuous Conditional Access (CCA) provides a modern approach to Zero Trust. WIth insights into endpoints, users, networks, apps and data, Lookout provides unprecedented visibility to organizations, enabling them to effectively detect threats and anomalies, support compliance requirements and stop breaches. From an endpoint perspective, CCA enables you to create policies that take into account typical threat indicators such as malicious apps, compromised devices, phishing attacks, app and device vulnerabilities, and risky apps. Our access platform monitors for anomalous user behavior such as large downloads, unusual access patterns, and unusual locations. And data loss prevention (DLP) indicates the risk sensitivity of what someone on the network might be attempting. Leveraging device telemetry and advanced analytics, the platform enables organizations to respond efficiently and intelligently. You can restrict access to sensitive data, request step-up authentication, or take specific action on content, such as masking or redacting certain keywords, applying encryption and adding watermarks. In the event of a breach, you can shut down access altogether. With Lookout CCA, your organization is in complete control, protected from endpoint to cloud. That’s the key benefit of an integrated security and access platform. And it’s the way a modern Zero Trust architecture should be designed. To learn more about our endpoint-to-cloud solution, check out our SASE solution page.