With historic breaches happening in the past year and calls from the White House to implement a Zero Trust architecture, the spotlight on Zero Trust has gotten brighter. This increased focus on bolstering security comes at a critical moment – the threat from ransomware on industrial control systems is growing, supply chains are increasingly at risk as their complexity grows and historic attacks happen multiple times a year now.
There is a real need for companies to catch up to modern day cybersecurity standards in order to combat these risks. It is crucial that a Zero Trust architecture is implemented in your environment. What is also crucial is that you don’t stop there. As these cyberattacks grow in sophistication, you will need more to protect yourself and Zero Trust should only be your baseline.
To understand how you must strive for cybersecurity beyond Zero Trust, we must first understand what it means and how you establish a Zero Trust architecture.
What is Zero Trust Security
Zero Trust security is a model and set of system design principles that assumes a breach in your network is inevitable or that a breach has already occurred. It consists of a mixture of system monitoring, secure remote access and security automations to maintain the security of your environment and give a user the least-privileged access required to endpoints within your network.
The goal in a Zero Trust environment is to reduce your chances of compromised security and give yourself more opportunities to detect threat actors. It also builds more response options to quickly deploy and address a detected threat.
“You should trust no one when it comes to cybersecurity,” Bill Johnson, CEO of TDi Technologies said. “You need to revalidate and check often. You don’t want this guy wandering around in your world for three hours before you finally figure out he shouldn’t be here.”
The Zero Trust architecture should merely be your foundation. One which you build more advanced cybersecurity defenses on top of. While Zero Trust is a great design principle, technology available today can take your further than the traits that a Zero Trust architecture stresses as key in your environment.
To see where a Zero Trust architecture takes us and how we move beyond that to an even more secure infrastructure, let’s first take a look at what it stresses and then where it leaves room for improvement:
What Are Zero Trust Architecture Traits:
- Single, strong source of user identity and user authentication to verify the user is who they claim to be and is validated by multi-factor authentication
- Machine or device authentications
- Additional context, such as policy compliance and device health
- Authorization and access control policies to ensure the right level of access at the right time.
- Least-privileged access
- Strong, extensive automated monitoring, auditing and logging of activity
- Software Supply Chain (open source, third party, downloaded, patches)
- Vendor Supply Chain (vendor, contractors, visitors)
- Employees (background checks, security awareness training)
- Security policies and procedures review and update
Going Beyond Zero Trust:
In one of our recent articles on protecting against ransomware attacks, we pointed out the mistake being made all too often is that companies are worrying about their own architecture while trusting their vendors’ or partners’ without verifying it. While Zero Trust stresses that one should not trust a user trying to connect, it doesn’t address beyond that, urging one to take a discerning look at how they are cultivating their supply chain.
Nor does a Zero Trust architecture emphasize even deeper elements of system monitoring. While you may understand changes were made, do you know exactly when and how or the result of it? There is little said of changing passwords on endpoints regularly, protocol breaks, or even reducing your footprint on your endpoints so you lower attack vulnerabilities. These areas leave holes in your shield for a bad actor to pass through.
The stress in this architecture is oftentimes placed solely on the person trying to connect. This is a great thing to build security around, but if it is your only focus, your defense will be too myopic to give you the encompassing protection that you need.
Focus Outside and In
Your security needs to start higher up at the business level, with you assessing your supply chain. Look at not only what your vendor’s technology is doing for you, but how they are protecting their self and your supply chain. Do you know if your vendors can sustain a massive attack? What is their impact to your business and how have you secured that?
ConsoleWorks is a penetration-tested technology and we are one of the first to perform the SOC for Supply Chain examination, speaking directly to the control and security practices of the product. Today’s environment has too many supply chain threats for you to not make this a critical point in your vendor evaluations. Make sure your vendor has validated that they have performed the necessary processes to protect customer and product information and to protect their business so that it will be around as you use the product going forward.
After you’ve validated your external security factors, it’s time to move beyond the Zero Trust architecture’s focus on the user and give yourself a larger picture of what is happening and how.
With ConsoleWorks, Zero Trust is innate, but the benefits exceed the confines of this architecture as well, going beyond and enabling:
- Thorough audits and logging with a universal time stamp. Know who did what, where they did it and how. The users’ session is logged by video and down to the keystroke. You have the forensic evidence you need, in any way that you need it.
- Critical configuration monitoring and change controls. If a user passes through your system undetected, you want to notice that your endpoint’s configuration is different and potentially indicating that an attack is happening. ConsoleWorks not only doesn’t trust a user, but it doesn’t trust endpoints – always verifying valid accounts and usernames, patches installed, checking against baselines and monitoring that endpoint’s configuration to ensure you remain secure and aware beyond just your users.
- ConsoleWorks watches how problems are solved, permitting you new efficiencies by replicating what works and is effective, or alerting you to man-made mistakes (innocuous or otherwise) that could inhibit the full faculties of your network and create business problems or vulnerabilities.
- Password management is handled automatically and passwords can be changed across devices, enforcing the unique password requirements for IT and OT environments.
- No software on your endpoints, reducing your burden of needing one more thing to patch and track.
- ConsoleWorks brokers the connection between users and devices, meaning they never directly connect to your endpoints and the protocol break created also prevents viruses, malware or ransomware passing through to your devices.
With ConsoleWorks inherently enabling a Zero Trust architecture, you’re going beyond this baseline defense capability and focusing on more than just users, but your whole environment. Most important, you’re also layering in more levels of defense against a threat.
With today’s environment of sophisticated attacks, plus vulnerabilities introduced through supply chains, Zero Trust is a great starting point for defense, but your defense can’t stop here.