Maksim Kabakou - Fotolia
Security Think Tank: Yes, zero trust can help you understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back
Understanding attack pathways can be a complex task. As the number of technologies required to keep pace with the competition increases all the time, organisations must find a way to simplify the overall process of securing their environment.
One way of dealing with this problem is to implement a zero-trust strategy. Yes, I know, you’ve heard this one before, but please bear with me here as there can be a lot of misinformation on what zero trust is and can ultimately do. Creating a zero-trust strategy (and it is a strategy, not a technological solution) allows you to architect the IT environment so that the “never trust, always verify” sentiment is at the forefront of all network security.
A good zero-trust strategy limits the possibilities open to attackers as it stops lateral movement, which is the mainstay of most cyber attacks. The opportunity to re-architect the IT environment to work as part of a zero-trust strategy will also support the organisation in understanding its whole IT estate, and the interactivity between data, devices and systems.
Additionally, the monitoring side of a zero-trust strategy will, when supported by a strong security operations centre (SOC), provide an overall picture and understanding of the environment and what is happening within it.
Paul Holland, Information Security Forum
Zero trust switches the focus of security from the outside-in, to inside-out, starting at the resource level: be that data, assets, application or services (DAAS).
Protecting each discreet resource with a protect surface (a set of protective measures commensurate with the criticality of the resource to the organisation) allows for granular levels of control and visibility. It also restricts the ability to attack other resources – each connection made outside of the resource will trigger another request that would need to be verified, as the connection starts off again as untrusted.
This idea of a protect surface also plays into the hands of organisations that are investing in new technology, ideas and applications. Adding in a new DAAS resource to a zero-trust architected environment becomes a reasonably simple process – once the criticality of the resource is agreed, the protect surface is added to the resource.
By leveraging a zero-trust strategy, implementing the right operational environment and underpinning it with the right technologies, an organisation can understand its environment in detail and enhance its security posture. Importantly, it has the added benefit of being able to secure new resources quickly and simply, aiding the push to change that modern, progressive organisations crave.
Read more from the May 2022 Security Think Tank series
- Solving for complexity in the network by Mike Lloyd of Redseal.
- Defenders must get out ahead of complexity by Jack Chapman of Egress.
- Identify, assess and monitor to understand attack paths by Rob McElvanney of PA Consulting.