Fight Zero Day Attacks with Zero Trust
Fundamental shifts in application usage, user behavior, and complex, convoluted network infrastructure has created a threat landscape that exposes weaknesses in legacy port-based network security.
Today, users require access to myriad applications, operating across a wide range of device types, often with insufficient regard for business or security risks. Meanwhile, cloud-first and SaaS initiatives, data center modernization and workforce mobility requirements force a rethink of how to deliver secure access to applications and data.
This rethink gave rise to a philosophy known as Zero Trust, a framework that requires multiple technologies and governance processes to successfully execute. It is an effective method of protecting users, applications, data and infrastructure against determined adversaries and an evolving, sophisticated class of advanced threats that evade traditional security mechanisms.
Best of all, previous investments in security architecture are not wasted in a Zero Trust design. They are repurposed and improved to enhance efficacy.
Adopt a Zero Trust approach across the enterprise where every user, system, service, device, and packet may only access what it is authorized to access, in the right place, at the right time.
Identity and Access Management (IAM)
IAM is about defining and managing the roles and access privileges of individual users — this includes customers, contractors, suppliers, and partners as well as employees — and the context in which users are granted (or denied) those privileges. IAM systems simplify access and adherence to security protocols, corporate policies, and government regulations – both for systems administrators and users. They are centralized, automated, orchestrated, and frictionless.
A predecessor of modern IAM is network access control (NAC). NAC has been used for many years to grant endpoints — which could be a BYOD smartphone or an IoT device like a pacemaker — access to network resources once the system authenticates and authorizes that device. Most wireless vendors have built NAC into their onboarding platforms and the technology is meant to integrate easily with different types of endpoints and security products.
Deploying NAC, like newer IAM platforms, requires a lot of up-front planning and policy development but pays dividends when it is automated and working well. Structured’s engineers and compliance professionals have a lot of experience guiding clients in how to best deploy this technology.
Next-Generation Firewalls (NGFW)
NGFWs retain the same purpose as their stateful inspection forebears – to consistently protect users, data and network resources from attack – but their integrated and powerful inspection, defense and prevention capabilities now dwarf those devices released just a generation ago.
Available as either physical or virtual appliances – or even delivered via the cloud as a SASE solution – now-ubiquitous NGFWs are core to every security architecture. No longer relegated to simple port and protocol inspection of north-south network traffic to detect malware or miscreants, NGFWs supply critical capabilities for establishing and supporting a comprehensive Zero Trust security strategy.
They allow security administrators to create and automatically enforce granular controls for what users and devices are able to do or access; enable microsegmentation of network and application flows to limit damage in the event of a breach; integrate with and boost the efficacy of 3rd party threat-intelligence solutions and technologies like SD-WAN; and — oh yes — they detect and prevent advanced threats stemming from malware, phishing, and other vulnerability exploits like buffer overflows, port scans and command-and-control maneuvers.
Endpoint Protection Platforms (EPP)
EPP evolved as a response to advanced persistent threats and zero-day threats that old signature-based antivirus (AV) software could not stop. These platforms leverage advanced algorithmic capabilities inherent in artificial intelligence and machine learning and very often are delivered as subscription-based, cloud-managed solutions that include lightweight agents for endpoints.
EPPs detect, investigate and prevent known and zero-day file-based, fileless, and script-based threats – those that detonate immediately and those that dwell for days or months in a network before activating. In addition to being very powerful computing platforms that are constantly supplied with new data from global repositories, they integrate well with other on-premises and cloud-based security hardware and software tools for sandboxing, application control, data loss prevention, endpoint detection and response, and — very critical — with next-generation firewalls (NGFW).
In fact, EPPs are steadily growing to comprise all of those processes and technologies in a holistic framework.
Multifactor Authentication (MFA)
Security-minded organizations — especially those with distributed workforces also turn to multifactor (or at least two-factor) authentication (MFA) to add an extra layer of protection when end users try to access corporate applications and data. In the case of two-factor authentication, users are challenged to provide something they know (such as a password) and something they have (such as SMS confirmation on an approved smartphone).
True MFA takes the sign-in process one step farther in that it requires something you are — provided by facial recognition, iris scan, or fingerprint.
No discussion of enterprise security would be complete without a mention of modern AI-enabled, cloud-based physical security devices like cameras and BLE-enabled tech. Structured has partnered with security firms offering plug and play video surveillance solutions that seamlessly integrate with cloud-based access control to save organizations on server, storage, and maintenance costs. These systems also provide remote accessibility, powerful analytics and live alerting during unusual activity.
Structured Professional Spotlight
Brad Pierce, Managing Director of Security, CISSP/CISA/PCIP
As the Managing Director of Security for Structured, Brad leads an elite team of security and compliance professionals and ensures the Structured team is prepared to combat modern malware and advanced threats wherever they are found.
“Understanding how systems are built and how they can fail is a type of thinking that is hardwired in me and constantly drives me to learn more.”
Putting Wisdom Into Practice
By Brad Pierce, Structured Managing Director of Security, CISSP/CISA/PCIP — Zero Trust is a philosophy, a journey. No one manufacturer or security product will get you where you’re going. It will take all of your technologies, and likely some new ones, to arrive at a Zero Trust architecture. Trust is dead, long live trust! Zero…