What is Zero Trust?
Zero trust is a new concept in information security, which states that when companies trust individuals and devices on their networks, significant risks can occur. The zero trust security model proposes that users should not be trusted by default, even if they already have access to the network—because users can sometimes be malicious, and user accounts are often compromised by attackers. The entire network requires identity and device authentication on an ongoing basis.
Traditional IT security policies such as VPNs and firewalls create perimeters around the entire network, controlling access to the network, but allowing users and devices to access any resources on the network once they are authenticated. Unfortunately, relying solely on perimeter methods is ineffective and risky, because in today’s IT environment, many users work remotely and many assets are in the cloud or outside the control of the organization.
In contrast, a zero trust architecture provides strong protection against the types of attacks that plague businesses today, such as theft of company assets and identities. Restricting who can access any part of your network or any specific system greatly reduces the chances of hackers accessing your secure content.
The zero trust model relies on micro-segmentation, a fundamental principle of network security. Micro-segmentation allows IT to isolate network resources, making it easier to contain potential threats and prevent them from spreading across the enterprise. Organizations can apply policies enforced by role-based access to protect sensitive systems and data in each network segment.
The Importance of a Zero Trust Network
Enterprise networks are getting more complex, and threats are also evolving. Many attacker techniques are focused not on penetrating the network, but on achieving a long-term presence within the network and moving laterally inside it. A security perimeter is only used as a first-line defense to protect your internal network, not a comprehensive strategy to protect your infrastructure and data.
Zero trust networks are focused on making internal application traffic more secure. This model overturns the long-standing belief that all traffic behind the firewall is legitimate. In a zero trust network, no network connection is considered secure by default.
Traditionally, network administrators have assumed that all entities on an internal network are trusted, whether they are applications, servers, or part of network software or hardware. Some systems inside the network did not require authentication at all, or relied on static shared credentials. In addition, traditionally internal network connections did not use encryption, even for sensitive services.
These assumptions made it very easy for attackers to establish a hold on corporate networks. A single attacker who manages to penetrate the network, a Trojan run by an authorized individual, or a misconfiguration in a network firewall, were enough to enable compromise of the entire network, leading to catastrophic data breaches.
This is now a thing of the past—in a zero trust network, all applications must follow a consistent authentication and authorization scheme, and all communication must be encrypted. Instead of assuming that every entity in the network can be trusted, network infrastructure verifies everything against string authentication and authorization protocols.
Zero Trust and Incident Response
Zero trust networks enable stricter control over access to resources, ensuring that the system authenticates all access attempts. A zero trust approach employs all available information to authenticate legitimate requests.
Here are key principles about zero trust relating to incident response:
- Assume you cannot trust the organizational network—this means that you also should not trust the internal personnel and perimeter defenses of the network. This is contrary to a perimeter-centric approach, where everything behind security devices is trusted and deemed safe. This principle covers breach containment and minimizing damage from an adverse event.
- Use identity, application, device, and data insights—traditionally, many of these assets took a secondary position to network-based detections. When you assume you can’t trust the network, you must inspect identity, application, device, and data insights for every transaction.
- Authenticate every resource access attempt—you can no longer inherently trust that any user and device on a “secure network” should have access. Verify every resource, using all available signals mentioned above, to check that the request is legitimate.
- An automated response is essential—given the current threat landscape, an automated detection remediation response is critical. It is the only way organizations can analyze large volumes of data and respond fast enough to catch and prevent advanced adversaries in time.
Here are three logical components of a zero trust approach:
1. Enforce a secure enclave per resource
In the NIST model, the concept of a policy decision point (PDP) is the juncture of activity, where the administrator requirements are enforced over resource access. It’s common to interpret this as a perimeter. However, it is different from the broad perimeter, generally referred to by the industry.
Rather, it is much like a secure enclave per resource that organizations can control to create concise requirements. Within that enclave, it’s possible to apply a granular policy to ensure the least privilege for all resources.
2. Minimize unauthorized access
Another focus of zero trust is minimizing unauthorized access. When you use a robust control plane of a minimal trust zone and strong enforcement point (PDP), it is possible to combine signals to make sure access request decisions are made with the best available data.
Zero trust systems unite sources such as risk-based models of device health, user behavior, compliance boundaries, and data classifications. This process ensures resources are accessed correctly, under the right conditions, with the right motivations.
3. Minimize trust zones to minimize the involvement of other resources for any single incident
Even in a zero trust environment, you cannot eradicate all security incidents. There is likely no technology that can remove the threat of a persistent adversary achieving access to a system.
Rather, the cornerstone of zero trust networks—minimizing trust zones—should be considered. By minimizing the trust zone, you can minimize the involvement of other resources for a single incident. So, when an incident occurs, the smaller trust zone decreases the risk to other systems.
This process can reduce the delay in identification and make incident response more successful.
In this article I explained the basics of zero trust, a new concept in network security. I showed how zero trust networks are fundamentally different from traditional networks—they require authentication for every network connection, even between trusted systems, encrypt all communications, and closely monitor access anomalies.
Finally, I showed how zero trust concepts will change the approach to incident response. Until today incident responders were working in the dark, discovering the traces of an incident based on clues in the environment. In a zero trust network, the network itself can automatically detect an attempted breach and lock down sensitive systems. Incident responders can then hone in on the network segment under attack, take advantage of granular data about the devices and user accounts involved, and eradicate the threat.