Zero Trust implies ALWAYS distrust of users and devices

Although Zero Trust is not a new concept, it is usually applied with lukewarm or insufficient actions. Zero Trust must be applied globally in systems, developments and operations, focusing on both users and devices, without forgetting to protect data.

Thus, DotForce has developed a map to quickly and easily understand how to apply the Zero Trust model in each area of ​​the organization: from users, through administrators, systems and data.

To Learn More Click: best email hosting uk

1. Users

Although the user is the main point of entry for the vast majority of attacks, it is organizations that must implement solutions that prevent this from happening.

Los delitos más frecuentes en Internet - Blog de tugesto - Aprende a  emprender

First, the Zero Trust method must be applied at logins. If a user does not have multiple authentication factors resistant to phishing, man-in-the-middle and social engineering attacks for ALL their accounts, they are highly exposed to cyberattacks . In addition, for productivity, Passwordless authentication (without passwords) combines the best protection with the greatest ease and speed of access.

There are advanced cyber intelligence solutions that alert the organization to credential theft . Unfortunately, passwords are reused by all users, so even personal account credential leaks are dangerous for the organization. These solutions use counterintelligence to alert the victim very shortly after their credentials are compromised . In addition, they prevent the use of compromised passwords in Active Directory or any other application.

To Learn More Click: best vps hosting uk

2. Administrators

Zero Trust implies granting least privileges . Each user should only have the permissions that are really necessary. This becomes even more important with an Administrator.

Solutions that manage administrative privileges prevent many cyberattacks, especially the most dangerous ones. They are called PAM for its acronym in English (Privileged Access Management), although the last generation has become Privileged ACTIVITY Management , and it only grants privileges to perform administrative tasks without maintaining permanent administrative accounts to reduce the attack surface.

3. Systems

We have been protecting networks and endpoints for decades, but we must lay the foundations for a new way of working that is here to stay. Antivirus has given way to EDR (Endpoint Detection and Response), and new generation Firewalls and Cloud Access Security Broker (CASB) already exist. The problem is that the attacks have not only been modernized, but there are new methods of attack that require new defense strategies .

To Learn More Click: buy domain name uk

First of all, traditional VPNs are out of date. Every organization should have a software-defined network (SDN) that easily provides a secure connection to its private networks. But to apply the Zero Trust method, the resources to which users have access must be strictly necessary . In addition, access can currently be limited according to the user’s schedule and location , among other parameters.

On the other hand, the scope of a SIEM is limited, because it is limited to monitoring event logs, so it must be supplemented with network traffic surveillance to avoid having blind spots.

The NDR solutions (Detection and Response Network) monitor local networks and cloud to detect and anticipate, with Machine Learning, signs of an attack

The Technology of Deception or Deception emulates our network so that the attacker uses his time trying to access fictitious assets. This helps our cybersecurity team detect them and have enough time to counter these attacks.

But if there is something that is necessary in the current panorama, it is the integration between solutions. For example, the union of NDR, EDR, and Deception is called eXtended Detection and Reponse or XDR .

Most importantly, automating incident response is essential to reduce manual workload. Each SOC must have a next-generation SOAR (Security Orchestration, Automation and Response) . The SOAR brings together all the alerts that come from EDR, Firewall, SIEM, XDR, etc., and correlates them, eliminating duplicate alerts to generate only a few incidents from countless alerts.

4. Data

Last but not least, data security takes over. Failure to properly take care of this critical asset can lead to problems, from being the victims of espionage, to being sentenced to literally million-dollar fines .

First, every organization must have an inventory of all the data it contains, as they cannot protect themselves if they do not know what they have. Fortunately, there are access governance solutions that list all existing data, classify it, eliminate unnecessary access , since no user should have access to data that they do not need for their work, and create reports that allow to know the current situation.

We cannot forget that, to store or share confidential data, encryption is essential. Hardware encryption is the most robust that exists , but we cannot resign ourselves to insecurely encrypting the content we share in the cloud, not even via email . There are solutions that encrypt this content via hardware, with a private key protected with a unique PIN for each user. Again, each user can be enabled and disabled with a single click, so the organization is in control of the data at all times.

In conclusion, Zero Trust implies ALWAYS distrust of users and devices, minimum privileges, automation, cyber intelligence and Machine Learning. The right investments in cybersecurity pay off, bring stability, and improve productivity.