Zero Trust Model

Zero Trust Model

The Zero Trust model is a cybersecurity framework which assume that threats exist both inside and outside the network, and no entity should be trusted by default. This approach challenges the traditional perimeter-based security model where users and devices within the corporate network are automatically trusted.

Zero trust is based on the idea that threat exists everywhere, both inside and outside traditional network boundaries. Essentially, anyone and anything can be a security risk. Hence, by assuming that a breach is inevitable, Zero Trust eliminates the automatic trust given to enterprise users and devices. Instead, users’ and devices’ access to an enterprise’s resources is based on a dynamic policy that attempts to reduce the attack surface by providing access based on the principle of least privileged.
The principle of least privilege guides every access decision, and the system continuously reviews access, necessitating constant verification through real-time information from various sources to detect anomalies and suspicious activities.

Zero trust model aims to increase the enterprise’s security posture by improving its ability to address the existing external and internal threats.

Zero Trust Model and and Endpoint Vulnerabilities

As the world becomes increasingly connected, it also becomes less secure. Today, enterprises benefit from a wealth of devices that assist in operational capabilities. However, while this benefits the enterprise, it also benefits attackers seeking to exploit such devices. Organizations have experienced exponential growth in data volume, enabling connectivity in an increasingly mobile environment. As a result, data is no longer tied to a specific location. It is both endpoints and networks which facilitate remote data access.

Endpoints make attractive targets. Not only because of the data stored on them, but also the network access that they can provide an attacker with. This includes IoT security devices which are often used as an attack vector. According to a 2020 report on Zero Trust Endpoint and IoT Security by Cybersecurity Insiders, there is a concern among 61% of organizations regarding endpoints and IoT devices gaining insecure network access and remote access (ThinkShield Hardware Defense).

Enhancing Cybersecurity with a Zero Trust Paradigm

Even more worrisome is that attackers’ tactics, techniques, and procedures (TTP) improve as security solutions become stronger. Malicious actors are finding increasingly innovative and deceptive ways to exploit the blind spots that security solutions do not cover. 40% of organizations claim that they have insufficient protection against the newest threats, according to the Cybersecurity Insiders report. Traditional perimeter-based network endpoint detection and response solutions prove ineffective. As cybercriminals have repeatedly demonstrated their ability to bypass many of these defense measures.

Malicious actors exploit the trust given to internal users and devices, resulting in successful attacks. By removing the concept of trust, Zero trust model minimizes organizations’ susceptibility to network infiltration stemming from unauthorized devices and their users.

Proactive Cybersecurity and Enhanced Device Visibility

While it is still necessary for enterprises to implement traditional security solutions as a form of tactical response, Zero trust provides a strategic framework that enables a shift to proactive security. As such, organizations can benefit from a hybrid environment that is both proactive and reactive, thus increasing the overall cybersecurity posture. Zero trust eliminates the concept of trust from the organization’s network architecture, offering more opportunities to identify threats and take subsequent action to avoid an attack. Importantly, Zero trust protects the enterprise outside its typical perimeters, which is especially relevant as telework (BYOD Security Risks), and Internet of Things (IoT Security), devices become increasingly common “within” organizations. The Zero trust model ensures that it grants network access based on who, what, when, where, and how. However, to answer such questions, the enterprise must have complete device visibility.

Zero Trust Based Principles

Never Trust, Always Verify

Enterprise network devices, and users, are typically assumed to be fully trusted as they are internal (Human Factors in Cybersecurity). However, both the device and the user’s identity can be spoofed by a malicious actor. Furthermore, unmanaged and remote assets cannot be assumed as trusted since they are out of the enterprise’s control. Even though they are considered “internal”. To eliminate the risks that come with trust, Zero Trust Model eliminates the trust component itself. Every user, device and application/workload must be treated as untrusted – every single time.

Verify Explicitly

In alignment with the Zero Trust Model, a dynamic policy, relying on identity management and other data sources, determines access to resources. Authentication and authorization should always consider all data points. Including user identity, location, device health, data classification, and more, to comprehensively evaluate the device and user’s identity. The evaluation should continue for as long as the session lasts to ensure maximum protection.

Assume Breach

Under the Zero trust model, resources are defended by the assumption that there has already been a breach. Meaning that devices and users are denied network access by default. Access can be blocked several ways, depending on the Zero trust architecture the organization decides to implement. An identity-based architecture requires heavily scrutinizing the characteristics of all users, devices, data flows, and access requests. Access to data is controlled, minimized, and monitored according to the principle of least privilege. Limiting users’ network access to the lowest level required to perform the task.

An architecture based on micro-segmentation significantly reduces the user’s ability to move laterally throughout the network by isolating workloads through granular segmentation policies. Essentially, the network splits into smaller parts, each of which requires separate access. Micro-segmentation is an effective Zero trust approach as, often, a perpetrator’s point of infiltration is not the target of attack. Micro-segmentation prevents the lateral network movement that facilitates the actual attack. A strong Zero trust architecture will incorporate numerous aspects from various approaches to enhance the Assume Breach principle. Finally, all configuration changes, resource access and network traffic should be logged, inspected, and constantly monitored for suspicious activity.

Adopting the Mindset

Implementing a Zero trust model is a long process that requires integration across all departments and processes. For Zero trust to be effective, the entire organization must adopt the mindset of “never trust, always verify”. Leaders must be willing to put in the necessary investments that Zero trust adoption requires. While staff and users need to make an effort to understand the concept and why is it necessary for cybersecurity, in an attempt to avoid security fatigue.

Physical Layer Visibility

A Zero trust architecture relies on a strong Continuous Diagnostic and Mitigation system (CDM) to identify and manage devices, and to log network activity. As such, the enterprise must have complete asset and network visibility to accurately evaluate the access requests.

A lack of visibility presents a substantial risk to the Zero trust model, which relies on device characteristics and device monitoring to evaluate access requests. A compromised device can bypass Zero trust security policy measures and gain network access by spoofing a legitimate, trusted device. Spoofing devices sit on the physical layer visibility and run completely passively with no inbound traffic manipulation. Operating under the radar of existing security software solutions, including NAC and IDS (Moving Beyond NACs).
As such, network access might be granted based on an inaccurate evaluation due to a lack of visibility. More worrying is that, by going undetected, Rogue Devices can bypass micro-segmentation and enable the attacker to move laterally throughout the network. Network access can facilitate harmful attacks. Since Spoofed Devices go undetected, the attacks can persist for long periods of time. Furthermore, as Zero trust is specific to network access, IoT security is at risk since IoT devices are also vulnerable to Physical Layer manipulation.

Growing Risks and Hardware Attack Threats in an Expanding Device Landscape

Within the framework of the Zero Trust Model, IoT cybersecurity covers a broad spectrum as the number of IoT devices in use has increased by astonishing amounts. Now includes everyday devices that are not typically deemed a security risk. And, since such devices require network access, they are an attractive target to hardware attackers. The risk of a compromised device is a serious concern for many organizations and is deemed the greatest endpoint and IoT threat for more than half of organizations (Cybersecurity Risk Management).

Access Policies

A Zero trust architecture uses data access policies as a source of information when evaluating access requests. Policy creation is based on asset and network traffic data. Yet the visibility challenges mentioned above will have a knock-on effect on effective policy creation. Policies developed without complete information due to a lack of asset and network visibility will negatively impact the validity and reliability of such policies.
Endpoint and IoT security policies are relevant to Zero Trust Model as these devices will make access requests. And the Policy Engine (PE) will depend on such policies to determine the access decision. Furthermore, since Zero trust expands outside the enterprise’s perimeters, endpoint and IoT security policies are essential in ensuring that such devices maintain their security posture when operating in a non-enterprise-owned environment. However, 43% of organizations’ greatest security challenge is the inability to enforce access policies on endpoint and IoT devices. Harming the efficacy of the overall Zero trust architecture.

More importantly, any policies that are in place will not be enforceable on assets that are not visible. With a lack of device visibility limiting the Zero trust architecture efficacy, enterprises are beginning to focus on applying Zero trust to the hardware level. Starting at the first layer of defense ensures that a more comprehensive Zero trust architecture is in place to provide a stronger overall Zero Trust approach.

Zero Trust Hardware Access Role in Enhancing Security Posture

As it can no longer be assumed that internal users and devices can be trusted, Zero Trust is being adopted by many organizations. Based on the principle of “never trust, always verify”, organizations adopt Zero Trust to enhance their security by treating every user and device. Internal or external. As a potential threat and eliminating any automatic trust given to those requesting network access. Additionally, with Zero Trust, users and devices are only provided with the necessary network access to perform the task. Reducing the possibility of malicious lateral movement. However, a Zero trust architecture relies on numerous data sources for the PE to make an accurate decision.

The lack of visibility and access policy challenges put the efficacy of the Zero Trust Model architecture at risk. Such challenges allow Rogue Devices to bypass identity-based authentication and micro-segmentation, providing an attacker with unauthorized network access. Without the enterprise even knowing. To mitigate the risk, organizations must focus on Zero Trust Hardware Access. Doing so means that Zero Trust applies to the first layer of defense. And can therefore better protect the organization from intruders.

Hardware Access Control with Sepio

With Sepio HAC-1, a Zero Trust Hardware Access approach can be achieved through complete device visibility and a policy enforcement mechanism. That, when combined, also enable Rogue Device mitigation. As a result, the enterprise benefits from a stronger overall zero trust architecture as hardware attack tools can no longer bypass the Zero trust model.

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

Zero Trust Model - The Three Components
April 27th, 2021