Story image

Why total visibility is the key to zero trust

07 Dec 18

The zero trust model of information security has become a fixture in both the strategies of enterprise security teams and the roadmaps of security solution developers.

Perimeter-focused security architectures that default to high trust levels on the internal network continue to fail disastrously and expensively, according to ForeScout. 

A recent analysis by the Online Trust Alliance found that business-reported cyber incidents nearly doubled in 2017.

In fact, in the first three quarters of 2017, data breaches exposed more than seven billion records, a four-fold increase over 2016.

The Ponemon Institute puts a price tag on this carnage, estimating the cost of each stolen record at US$141, and the average total cost of a data breach at US$3.62 million.

ForeScout Asia Pacific and Japan systems engineering senior director Steve Hunter says, "Today’s enterprise environments rely heavily on cloud-based services and infrastructure, which effectively erase the network perimeter. Workloads, data, and the workforce itself are mobile now, and need agile security."

"Users also demand more access options to more accounts, data and resources.

"Concurrently, the volume and diversity of devices connecting to network resources overwhelms traditional endpoint management. Because many of these devices don’t or can’t run corporate management agents, security teams may be blind to many of the devices on their networks, unable to identify their users, assess their security state, or control their activities." 

These systemic failings of perimeter-focused security led Forrester Research analysts to develop zero trust as an alternative approach.

In early iterations, the zero trust model focused narrowly on the concepts of protective segmentation and least-privilege access control, with little specific direction on how existing security controls could be leveraged in practical implementations. 

Over time, the basic model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.

This is a comprehensive framework that maps relevant security technologies to seven key dimensions of a typical enterprise environment where zero trust principles pertain: networks; data; people; workloads; devices; visibility and analytics; and automation and orchestration. 

Hunter says, "CISOs can now use the ZTX framework to identify technologies that will enable their zero trust strategies. At the same time, security vendors use it as a roadmap to extend their solutions’ functionality across framework dimensions.

“They create zero trust platforms that address multiple requirement sets, integrate readily with third-party products through advanced APIs, and orchestrate processes to enable cross-product automation, visibility, analysis, and policy enforcement." 

One example of a zero trust strategy is the goal of discovering and classifying 100% of the devices that connect to the network, not just those with endpoint agents installed and operational, and then to strictly enforce least-privilege access policies based on a granular analysis of the device, user identity and authorisations, software stack, configuration compliance and security state.

To enforce restrictive access policy, one must see, assess, and control everything on the network. 

Hunter says, "To realise such a strategy requires a comprehensive device visibility and control solution capable of seeing and controlling hosts that conventional endpoint management systems can’t: visitor and BYOD devices, corporate endpoints with disabled agents, rogue devices, IoT devices, network switches and routers, factory floor and other OT systems, and virtual machines in public clouds." 

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.