We are in a time of transition towards an increasingly digital world. Traditional solutions that were useful until a few years ago are no longer useful. The rise of telecommuting and working in the cloud have changed the way we work. Now we can access the files from anywhere but that also implies changes in terms of security. In this regard, organizations must adapt to the new reality. Cybersecurity companies are launching a new concept of zero trust, is it a good solution to protect us from the dangers of ransomware?
What zero confidence offers us in terms of security
In a zero trust network, trust is that the connected equipment should not be considered as authentic, even though it is linked and verified from a corporate network. It is based on a strict authenticity verification for each person and device that wants to access resources on a private network regardless of where they are. This concept of zero trust, which comes from the English Zero Trust , is very likely an extension of access with least privileges. Thanks to it, it helps to minimize the lateral movement of attackers, that is, the techniques that cybercriminals use to explore networks. The principle we would apply would be never trust, always verify.
In a world of zero trust, we are not going to grant implicit trust just because we are behind the corporate firewall. Only authorized individuals have access to selected resources as needed. This concept is also found in Zero-Trust VPNs.
Basic components that Zero Trust must have
If we want to efficiently implement zero trust, companies must understand its three basic components. The first, we have to have some guiding principles that include the definition of business results (knowing what we are trying to protect and where it is) and designing from the inside out identifying the resources that need protection at a granular level and building security controls. . They would also describe identity access requirements with a more granular level of user and device access control management, and inspect and log all traffic.
Second, we have to have a zero-trust network architecture that is made up of the protected surface (data, applications, and resources most valuable to the business) and micro-perimeters that protect a resource rather than the network environment as a whole. We will also add micro-segmentation, for the segregation of the network environment into zones based on the different functions of the business, and access to the least privilege in which access to resources is granted according to the function of the worker and their activities.
On the other hand, the third building block is technologies that enable zero trust . There is no single solution in this regard, but we could use, for example, technologies such as identity access management, multi-factor authentication, single sign-on, user and entity behavior analysis, and also next-generation firewalls. .
Zero trust as a solution to the ransomware problem
Zero trust is not a definitive solution for ransomware attacks, however, if implemented well, it can help create a much stronger security defense. Human error is often the leading cause of cyberattacks. By focusing zero trust on user identity and access management focus, it helps reduce the attack surface significantly. This is because both internal and external users only have access to limited resources, and the rest are hidden. Also, zero trust adds threat monitoring, detection and inspection capabilities, which are necessary to prevent ransomware attacks and exfiltration of private company data.
There are also some concepts in relation to zero confidence:
- It will not eliminate the dangers of ransomware entirely, although it will significantly reduce the likelihood of such an attack.
- No single technology solution can help us achieve zero absolute trust.
- It is not designed to solve all security problems.
- The segmentation of users and resources sounds great, but in practice it is quite complicated to implement.
Ultimately, zero trust requires the commitment of the entire company, it is not enough for IT and security teams, and it requires a change in mindset and a radical change in architectural approach. It should also be executed with great care and thought, keeping in mind a long-term perspective and that one wrong move can leave you worse off.