Satya Gupta, Founder and CTO, Virsec talks about different aspects of zero trust security and how it can help with preventing cyber attacks and potential cyber threats
Recent attacks demonstrate the need for unconventional cybersecurity solutions
In March, the computer system of one of the nation’s largest school districts, Broward County School District, was hacked by criminals that demanded $40 million in ransom, or it would erase files and post students’ and employees’ personal information online.
With 271,000 students, Broward is the nation’s sixth-largest school district with an annual budget of approximately $4 billion. The ransomware caused a brief shutdown of the district’s computer system and the Fort Lauderdale-based district reported that it is working with cybersecurity experts “to investigate the incident and remediate affected systems.”
This attack and the recent SolarWinds and Verkada breaches demonstrate the significant need for cybersecurity solutions that act differently than traditional offerings. To better protect our enterprise systems, a Zero Trust model must be defined and expanded to cover applications and workloads during runtime wherever they may reside. This is the only way to ensure that the correct code and processes can execute and nothing else, regardless of the threat environment.
Guidelines from the NSA, NIST, and even Google, tout the benefits of Zero Trust. According to the NSA, “The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information.”
- What is Zero Trust?
Forrester states that Zero Trust enables regular business operations while adapting security architecture to support new users, cloud adoption, and IoT devices, unlike traditional perimeter-based security.
Due to the rapid and growing adoption of digital transformation due to the COVID-19 pandemic, Zero Trust is rapidly becoming the security model of choice.
However, security leaders often struggle with the fundamental shifts in strategy and architecture required to implement Zero Trust holistically. Security leaders often don’t know where to begin or are overwhelmed by the fundamental changes in strategy and architecture Zero Trust requires. However, Zero Trust does not require that you abandon your current efforts. Quite the opposite. With the right approach, organizations can take advantage of this model quickly if they outline and understand the functional building blocks of a successful implementation and leverage existing investments.
To provide insight into what you will need to consider in building your strategy, let’s examine what’s good about Zero Trust and how it can be extended to workloads and make it automated, practical, and achievable.
- Zero Trust Must Go Deep
In the past, Zero Trust has been viewed as enforcing rules around access control, but this only skims the surface and misses much of today’s advanced risks. Attacks like SolarWinds have demonstrated that the security battleground has moved into applications and at runtime – when code is executing.
Threat actors often bypass traditional security tools and derail legitimate code as it executes at the memory level. Many exploits now leverage remote code execution (RCE) to hijack control during runtime and open persistent backdoors into critical systems.
Zero Trust can and should be applied to protect critical workloads during runtime, but this requires visibility and awareness deep into the application realm. Unfortunately, most conventional security tools treat code during runtime as a ‘black box’ and lack insight or control at this critical stage.
Gartner has recognized this gap and recommends that organizations should “at runtime, replace antivirus-centric strategies with “zero-trust execution.”
- Trust Requires Application-Awareness
It seems apparent that you must have an in-depth awareness of what is supposed to happen and what is occurring during runtime to enforce Zero Trust. That’s a tall order because within an application, there are hundreds of files, thousands of processes, and millions of memory cells that define the correct execution and control flow of application code.
Unconventional cybersecurity tools can automatically map applications in-depth across the complete application stack and identify the correct files, scripts, directories, libraries, inputs, processes, memory usage, and more. This comprehensive application awareness provides a deep foundation for Zero Trust, which can be applied in real-time as application code executes.
- Zero Trust Must Be Automated
While it is a powerful concept, Zero Trust has to be practical at its core, and that requires automation. Attacks happen at compute speed and damage can be done in milliseconds, and responses can take hours, days, months or even longer.
Adequate security must go deep and be application-aware, but it also must be automated, continuous, and easy to manage. Any deviations from proper execution must be detected almost immediately, while protection rules can automatically trigger to stop attacks at the earliest stage in the kill chain before damage is done.
- Prior Knowledge Not Required
Most security tools require prior knowledge to stop attacks. That means you’ll never stop attacks the first time and will always be slow to react and create new signatures or rules to prevent newly discovered exploits. It’s an endless game of whack-a-mole that you’ll never win. Modern-day attackers are aware of this and can easily make thousands of malware variants that will not trigger these reactive defenses.
This is why Zero Trust is essential and must be implemented in-depth, within application workloads, and automated. Chasing every possible threat is an infinite problem and a battle that we, as an industry, are losing. The time is now to change our approach and our traditional thinking. If we ensure that critical applications only do the right thing and prevent deviations during runtime, we can fundamentally change the security equation.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybsercurity, go to AI-Techpark.com.