Why Zero Trust Security is Going to Be the New Standard

Sixty-eight percent of business leaders say that their I.T. security risks are only increasing. Additionally, the pandemic year of 2020 brought along with it a significantly increased number of cyberattacks across all threat vectors. This continuous evolution of threats and increased level of attacks have led to a new standard emerging called Zero Trust Security.

What is Zero Trust Security? Zero Trust Security means putting in policies and systems that do not automatically trust those outside or inside a network. Typical network security uses a “castle and moat” approach, which means it distrusts entities outside a network, but tends to trust those users and applications that already have approval to be inside a network. But new types of attacks on business networks and the increase of insider threats illustrate the need for this “trust no one” posture. Here is an example of why Zero Trust is needed. A new type of attack that’s been gaining in popularity over the last few years is called a fileless attack. This attack doesn’t contain malware or malicious code, instead it sends malicious commands to a trusted program, like Windows PowerShell. Traditional firewalls or anti-malware programs trust Windows PowerShell because it’s a legitimate Windows program, therefore fileless attacks can often go unnoticed. However, using a Zero Trust policy, any malicious commands can be blocked using a protocol called ring fencing, which designates which interactions between programs are approved, and blocks all others. The “trust no one” approach, doesn’t automatically trust Windows PowerShell, which in turn helps to mitigate malicious commands being executed. During the first half of 2019, fileless attacks grew by 256%.

What’s Involved in Setting Up Zero Trust Security? Zero Trust security is an approach to cybersecurity, it’s not one single application. It covers how every aspect of your I.T. defenses are implemented. Here are some of the standard areas and approaches that are involved when setting up this type of security posture.

Advanced Identity Management & Authentication Insider threats are one of the reasons for Zero Trust beginning to become the standard in cybersecurity. When a hacker buys or steals a user password, they can enter a system as a user, bypassing standard security systems. When a Zero Trust approach is used, policies are put in place that not everyone with a legitimate login is automatically trusted as a legitimate user. This involves adding advanced identity management applications that allow some of the following security protocols:

1. Additional challenge questions for users with high-level privileges

2. Restricted access if users are logging in from outside a specified geographical region

3. Timed logouts to reduce the risk when a device is lost or stolen

Application Whitelisting Application Whitelisting is a foundational protocol of a Zero Trust security strategy. What it means is setting up your security policies to designate which applications, files types, and program interactions are approved to run. Any that fall outside those parameters are blocked automatically. This significantly improves network security because the systems no longer have to know what a threat looks like. Any threat is automatically blocked because it's not on the whitelist. Zero-day malware can more easily be blocked using this tactic as well as the aforementioned fileless attacks by designating the program commands that are whitelisted and blocking all others.

Conditional Policies with Endpoint Device Management The multiple endpoints that connect to a network each pose their own risk. An employee’s mobile device could have a malware-laden app installed or a remote employee’s laptop might have been breached. Endpoint device management with conditional policies set up can not only allow you to monitor how endpoints are interacting with your network, it can also automatically block any activity deemed dangerous. Geographical parameters are one of the conditions that can be set up with standard Zero Trust policies, which keep devices from accessing sensitive information if they’re outside a designated area.

Automated Advanced Threat Response Policies Between the time a system administrator receives a network alert email and when they see the email and take action, a lot of damage can be done by a network intruder. Hackers use automated scripts to immediately deploy sophisticated attacks the second they gain entry into a network. One of the tactics when setting up a Zero Trust security plan is to include automated responses in advanced threat protection (ATP) applications. These preset policies deploy automatically at the same time they’re notifying a system admin of a threat detection. This removes the threat response time lag and improves system security.

Is Your Network Security Set Up for Zero Trust Protection? Texas I.T. Pros can work with your Denton or Wise County business to set up Zero Trust security protocols in your existing systems and make recommendations for upgraded protection. Contact us today to learn more! Call 940-239-6500 or reach out online.