Zero Trust, Now and Future A Bit of Security for July 1, 2024
I attended a vendor festival in Hartford recently and I heard quite a bit about Zero Trust and AI, Zero Trust and Identity Management, and a great deal about AI in security generally. However, this talk will be about Zero Trust – and it’s necessary because the vendor community is taking the concept into a lot of areas where it really doesn’t help much.
Zero Trust is about removing unnecessary and risky assumptions from your IT and OT environment. There are four core principles that make up Zero Trust, and they all have been around for decades. Having them appear in new language is wonderful – having new things to think about is one way to fascinate our minds; we humans love puzzles.
Zero Trust has four core principles at present. They are 1) least privilege 2) de-perimeterization 3) network access control 4) continuous monitoring. All of these have been known for decades. Least privilege dates back to the 1970s. Deperimeterization (getting rid of the idea of a perimeter, where anyone or anything inside was trusted) dates back to the 1990s with the Jericho Forum. Network access control means checking the user and their device when they try to connect to the network, and block them if their system fails to meet appropriate security standards. Some sites will also route the would-be user to an anteroom where they can download patches, update their AV signatures, run a scan, and site Continuous monitoring asks that user and entity activity be checked periodically – authentication is not one and done. If a user starts doing things like offloading a lot of data, or running encryption routines against files that he or she usually doesn’t access, a security tool should step in and stop the activity, suspend the user’s account, alert a security operations center, and prepare to block or roll back those changes.
In addition, Zero Trust relies on two information security principles – identity management and network segmentation. Identity management means knowing who can access your network. The fewer, the better. The strength of their authentication should be proportionate to the sensitivity of their activities.
What’s next for Zero Trust? Continuing the theme of not taking anything for granted, we have addressed persistent permissions and access, and we validate the user’s behavior regularly. We segment and cut off sensitive information from the wider network, but we still trust every piece of code that comes into the enterprise. This is a huge vulnerability. The Software Bill of Materials - SBOM – gives us insight into the ingredients of the code we depend on, and can help us block threats before they become active. So the next step of Zero trust will be incorporating an SBOM and its natural extensions into the hardware and infrastructure to further mitigate risk across the enterprise.
A Bit of Security for July 1, 2024
What’s all this I hear about Zero Trust? What is it really, and where is it going? Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #zerotrust #ztna #iam #BitofSec
Музыка
Фильмы
ТВ Шоу
Категории видео
