Zero Trust Hardware Access Use Case – A large corporate bank identified a suspicious transaction within the enterprise. Upon further investigation, it was discovered that the palm-vein scanner used for biometric authentication was compromised and, subsequently, granting unauthorized access. As a result of the compromise, the bank’s Zero Trust (ZT) model was at risk of being circumvented due to its reliance on identity-based access control.
Zero Trust is a network security model based on the principle of “never trust, always verify”. By acknowledging that threats not only originate outside the organization’s perimeter but also within, ZT eliminates the component of trust that was once automatically given to internal users and devices. Every user and device, internal or external, must be authenticated and authorized before granting access to an enterprise’s resources and data.
To implement ZT, micro-segmentation splits the network into smaller, more granular parts, each of which requires separate access authorization. In doing so, micro-segmentation controls east-west network traffic, i.e. lateral movement, as a means to reduce the attack surface. The implementation of micro-segmentation is supported by the principle-of-least-privilege whereby users only access the specific resources required to perform the task at hand. Enforcing the principle-of-least-privilege requires identity-based access control which, naturally, relies on identifying the user and their role. Identifying users is typically through multi-factor authentication, which can be done in three different ways:
The third authentication method is perceived as the most secure since this is the most difficult to compromise. However, in the bank’s case, an attacker used a man-in-the-middle attack to bypass palm-vein authentication, manipulating the Identity and Access Management system, which ZT relies on. In doing so, micro-segmentation is ineffective as the attacker can gain complete access privileges and move laterally throughout the network.
Zero Trust Hardware Access Use Case
Sepio Systems Hardware Access Control HAC-1, provides 100% hardware device visibility.
HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.
HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.
The idea is to Verify and then Trust that those assets are what they say they are.
Sepio Systems HAC-1 brings the ultimate solution to zero trust adoption by providing 100% hardware device visibility for MSSPs
With greater visibility, the zero-trust architecture can grant access decisions with complete information.
Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters.
The Hardware Access Control capabilities of HAC-1, block Rogue Devices as soon as they are detected
HAC-1 stop an attack at the first instance, not even allowing such devices to make network access requests.
HAC-1 is here to protect Government Agencies and the nation’s critical infrastructure
Lastly, embracing Zero Trust Hardware Access in critical infrastructure is key.