Operationalizing Zero Trust Framework.
Sunday McDickson Samuel- SMS
PRACTICAL CYBERSECURITY: Leveraging The RIGHT MIX of Technologies To Keeping Organizations Out of The Media Due To Wrong Reason of Data Breaches!!!
The Zero Trust Framework is a radical shift in network security. It is not a solution to be purchased off the shelf but a mindset on how organizations should approach securing their IT infrastructures (on-premises and cloud) against devasting data breaches caused by external and internal adversaries.
There needs to be clarity around the Zero Trust framework, especially within the cybersecurity vendor’s space. You'll undoubtedly receive five different answers to your question about the Zero Trust framework from five different vendors!
Added to the seeming confusion around the Zero Trust framework is the model to be adopted. The framework has two categories, i.e., those championed by the Cybersecurity and Infrastructure Security Agency (CISA) and the Defense Information Systems Agency (DISA).? While CISA is responsible for the civilian side of things, DISA, on the other hand, is solely responsible for implementing the military side of things.
?
I aligned with the DISA Zero Trust Framework. Hence, I’ll be leveraging it for this paper.? There are seven (7) pillars of the DISA ZT variant, i.e.,.
1: Users.
2: Devices.
3: Network.
4: Data.
5: Application and Workload.
6: Automation and Orchestration.
7: Visibility and Analytics.
Implementing the Zero Trust framework should ensure your organization does not end up in the media for the wrong reasons (data breaches).
With the DISA’s ZT version successfully implemented, organizations can expect the following benefits frictionlessly:
1. Continuously verify users and the devices they use.
2. Make access to data, endpoints, applications, and privileges conditional.
3. Continuously verify data and applications explicitly.
PRACTICAL IMPLEMENTATION OF ZERO TRUST FRAMEWORK.
1: BROWSER ISOLATION
The practical Implementation of the Zero Trust framework should begin where users spend most of their time, i.e., the browser. The browser interfaces the internal and external (Internet) networks. Current security solutions for the browser are based on the antiquated detect-and-response approach, where everything is TRUSTED at first. Fusing ISOLATION technology captures Internet access in the TRUST but VERIFY mantra of the Zero Trust Initiative.
DISA achieved isolation across 3,500,000 (THREE million, five hundred) users of the DoDiN network via cloud-based internet Internet Isolation (CBII).
领英推荐
2: MICRO-SEGMENTATION.
Micro-segmentation, in practical terms, means having a firewall around every asset (IT, IoT, and OT) across on-premises and cloud IT infrastructures. When implemented correctly, micro-segmentation closes all privileged ports and protocols, making lateral movement impossible for threat actors. The genuine usage of privileged protocols, such as RDP, SSH, WinRM, etc., goes through a Just-In-Time (JIT) MFA process, effectively applying MFA to every asset (legacy inclusive) across on-premises and cloud IT infrastructure.
?
3: ACTIVE DIRECTORY AND AZURE AD SECURITY.
Active Directory is the application that glues together most enterprise networks. As the de facto identity store, almost every operation across the IT infrastructure revolves around it.
Over 80% of reported data breaches and ransomware attacks have leveraged AD-based vulnerabilities and misconfigurations in the last few years. Therefore, having a comprehensive security platform that covers the three main stages of AD is expedient. The three stages of attacks on AD are before the attack, during the attack, and after the attack.
?
4: COMPREHENSIVE MONITORING AND AUTO-RESPONSE OF SECURITY EVENTS.
?
Events generated across the IT infrastructure (on-premises and cloud) encompass logs and flows of all types. Hence, monitoring logs alone without flows (NetFlow, IPFIX, jFlow, sFlow, etc.) proves that comprehensive monitoring is lacking, which shows a classic case of having a false sense of security. It is best for any logging platform (SIEM) to be able to receive logs from all core or edge network devices, like firewalls, routers, and switches, across on-premises and cloud infrastructures. This is because logs are reactive and do not allow for real-time or predictive analysis of security events.
5: COMPREHENSIVE ASSET VISIBILITY AND INVENTORY.
No one can secure assets that they have no visibility into. It is super expedient for organizations to have visibility into ALL IP-enabled devices (IT, IoT, and OT) assets on their network. Visibility should extend to IT and device parameters such as IP and MAC addresses, device models, serial numbers, open ports, peer-to-peer statistics, flow analysis, inherent exploitable vulnerabilities, etc.
?
TECHNOLOGIES MAPPING OF ZERO TRUST PILLARS.
1: Users. ?Comprehensive Active Directory and Azure AD Security.
2: Devices. Comprehensive Active Directory and Azure AD Security.
3: Network, Micro-Segmentation, NAC, PHYSICAL LAYER 1 RDM and NDR
4: Data: Micro-segmentation, Data Security, and Encryption.
5: Application and Workload. Micro-Segmentation, API Security, RASP, IAST, DAST, SCA, and CNAP.
6: Automation and Orchestration. SIEM with SOAR CAPABILITY.
7: Visibility and Analytics.? SIEM, NDR, and ASSET INVENTORY.
Finally, shoot me some lines via [email protected] if your organization is interested in a detailed presentation of the recommendations outlined herein.