With the current changes adopted by the global pandemic and the emergence of zero trust and privileged access management, we see a shift in remote access and security, where 82% of company leaders begin to adopt remote work even beyond the pandemic(1). However, with such a shift, there has been a 90% increase in security risk for web application breaches abusing user credentials and a 25% increase in phishing attacks from 2020(2). As a result, organizations began to secure data and services, enterprise assets, end-users, applications, or other subjects that contain valuable information/resources while adopting new security models for their needs.
As a result of such needs, many have implemented the Zero Trust model with a strategic initiative to prevent internal data breaches. Zero Trust is a framework based on authentication, authorization, and continuous validation. It adds a layer that controls access to the applications, resources, and any lateral movement within your enterprise, ranging from internal/external users to devices – creating and embracing identity as a new parameter within the organization.
Breaking down the Zero Trust model, we see a collaboration of architecture implementation and network security access. In essence, zero trust adaptation provides the ability to control access to resources and minimize access to those who only require it. Zerto Trust Architecture or Zero Trust Network Access are additional key terms that focus on the zero trust model. The idea behind the models is to protect company resources on an end-to-end means – previously organizations focused on creating an external security parameter. The focus now, along with external factors, is on internal security. Limiting unauthorized lateral movement within the enterprise environment by minimizing uncertainty by enabling a strategic plan to prevent unauthorized access to data, services, or other organization resources. A common maxim is “never trust, always verify
Key takeaways from Zero Trust:
- Identity is central as a number one requirement within the Zero Trust model. Market-leading companies apply robust authentication methods for their internal infrastructure, focusing on employees, customers, contractors, or clients, followed by devices and data.
- Zero Trust is embraced in the community. Steady adoption of Zero Trust projects shows that 59% of IT companies will adopt the Zero Trust model within 12 months. (3)
- Increase in security. Identity Access Management or Privileged Access Management adopts SSO and MFA for internal and external users and access policies.
- Industry matters Different industries adopt Zero Trust to their needs, from financial services, healthcare, and IT-based companies, each one presents their own needs and requirements.
Solutions for Internal Threats/Breaches
No organization can entirely eliminate security risks. Policy administrators or security officers are responsible for connecting resources to their assets (policy appliance). Suppose an internal or external threat can disrupt or gain access to a security officer’s account. In that case, the company’s resources become vulnerable to further damages or exploitations ranging from ransomware to Denial of Service (DoS) attacks. Although organizations can prevent such an attack by having more secured environments or having a specific resource broken down into several fragments within your resource, the risk is still present. Moreover, within the Zero Trust model, only a few accounts would have Administrator (“sudo”) permissions and access to the partial or complete network transparency. Hence these accounts would be the target for any attacker.
Standard techniques of social engineering or phishing attacks could be launched at these privileged accounts. A good mitigation strategy would be to implement a Multi-Factor Authentication policy. However, a compromised or corrupt employee can still gain access to any database or service for personal gain or sabotage. This falls hand in hand with storage systems and network information threats. Getting access to any monitoring or network traffic system can expose insight into enterprise architecture and help to identify the weakest link. Moreover, gaining access to the policy access management area exposes information on accounts containing any data-based resources. Albeit, some of the risks mentioned can occur, most factors depend on network and organization structure with mitigation policies set by the enterprise.
Solutions like Privileged Access Management (PAM) suit most infrastructure models of enterprises. PAM systems establish and greatly enforce privilege management policies. That helps to identify accounts and credentials that are most and least vulnerable and most and least privileged. Additionally, PAM implementations provide control of access to resources, implement password vaults, provide efficiency reports based on user analytics, and monitor and audit all activity with live threat assessment thanks to AI/Machine Learning algorithms scanning user actions in the background.
Nevertheless, implementing a PAM solution can help to secure some of these gaps. In the case of most privileged user accounts being exploited, certain PAM products contain biometric authentication, knowing instantly whether the behavior of one user has changed slightly or is abnormal. Alerting the administrator, allowing them to terminate or block the suspicious session. In the case of the compromised employee, the PAM system features a monitoring session that is recorded and streamed to show real-time access of a particular user.
These sessions can then be shown as evidence, playing back what has been accessed or executed and when accessed the live stream, such sessions can be terminated instantly, blocking user access to a particular section or server in your network. Corollary, allowing for more thorough investigation or assessment to be conducted internally. In essence, PAM systems work as an intermediary layer between users and the internal network infrastructure. A PAM solution, along with zero trust, adds an additional security layer, helping to protect and secure the internal infrastructure that you could have otherwise overlooked
Written by: Damian Borkowski – Technical Marketing Specialist