The attacks that exploited the Log4J vulnerability illustrated that malicious actors work quickly to find new ways of compromising organizations. This trend has been growing for several years, making it clear that organizations need to detect and respond to threats much faster than traditional, perimeter-based approaches allow. That’s why both the government and the private sectors have been embracing the paradigm shift to Zero Trust security.
Zero Trust—the idea of “never trust, always verify”—is a growing practice across all sectors. In 2022, 41% of surveyed organizations said they’ve deployed Zero Trust security, compared to 35% the year before.While the new mandates to shift toward a Zero Trust architecture are specific to federal agencies, private enterprises should also strongly consider integrating this approach into their cybersecurity strategies. A Zero Trust policy can help them ensure compliance with various other mandates, such as HIPAA and GDPR, as well as strengthen security overall.
The Core Tenets of a Zero Trust Architecture
The basic premise of Zero Trust security is that no device, identity, or connection request should be trusted implicitly. Although there are many ways of implementing a Zero Trust architecture, in 2022 the National Institute of Standards and Technology (NIST) outlines seven basic tenets:
- All-encompassing resources: Zero Trust considers all data sources and computing services as resources—not only traditional systems such as endpoints that connect to the network but also resources such as dynamic cloud computing services.
- Secured communication: You can’t trust a connection request just because it’s coming from inside the perimeter. All requests, regardless of location, need to meet the same authentication requirements.
- Session-based access: Trust must be established each time before access is granted to a resource, which means that trust can only be valid for one session.
- Attribute-based policy enforcement: You need to set up policies based on attributes such as behavior, location, environment, etc.—and these dynamic policies are used to determine resource access.
- Monitoring and measuring asset integrity and security posture: When evaluating a connection request, you must first evaluate the security posture of the asset. To achieve this, you need a robust monitoring and reporting system for endpoints and other systems.
- Dynamic authentication and authorization: In today’s dynamic environment, reevaluating trust and granting access is an ongoing process.
- Data collection: Your organization needs to collect data about the state of the network and communications—such as device posture, network traffic, and access requests—and use that information to continuously improve security posture.
Monitoring the State of Your Assets
Adhering to NIST’s tenet of measuring the posture of all owned and associated assets requires implementing a system for continuous diagnosis and monitoring (CDM). This system allows you to secure endpoints by proactively discovering those that have vulnerabilities, are compromised, or are not managed by your enterprise—so you can treat their access to resources differently and quickly mitigate vulnerabilities.
The right endpoint solution should deliver capabilities such as:
- Providing visibility into all your endpoints
- Automatically collecting data about the current state of your assets, network infrastructure, and communications
- Applying updates to configurations and software components
- Instantly changing access policies and closing endpoints while also distinguishing between internal and external devices
- Closing vulnerabilities before malicious actors can exploit them during an attack
- Reporting data to help maintain compliance with industry-specific regulations and policy requirements
Consider the Log4J example. Within a few days of the zero-day vulnerability being reported, Chinese state-backed attackers and other hackers launched more than 840,000 attacks, according to media reports. BigFix provided a way of disabling the exploitation within 24 hours by directly manipulating the metadata of the services using the Log4J java logging library—and quickly rolled out patches for affected apps. This is just one example of how having visibility into your endpoints and continuously monitoring them with the right endpoint security management software can help you implement a stronger Zero Trust Architecture.
Implementing the Zero Trust Tenets
NIST describes its Zero Trust tenets as “the ideal goal”—you may not implement each of them fully depending on your strategy. Zero Trust is not an “all or nothing” approach. Most organizations implement the principles incrementally and in several technology refresh cycles.
That said, the ability to identify and manage devices is critical to a successful implementation of a Zero Trust Architecture. As NIST explains it, simply cataloging your assets is not enough—you must have a process for observing the state of devices, monitoring and managing configurations, and identifying risks (such as vulnerabilities) before granting access requests. Implementing a solution that allows you to do these things seamlessly, effectively, and ideally all in one tool is a good place to start your Zero Trust journey.
Want to learn more about ways your organization can use Zero Trust to meet security compliance?