Zero Trust and Cyber Resilience

For the past few years, we’ve been hearing more and more about Zero Trust Network Access (ZTNA), or the Zero Trust Security Model. This model of network architecture and cybersecurity, which was outlined in 2010 by John Kindervard of the analyst firm Forrester, has gained considerable momentum in the context of recent major breaches and information leaks (eg Marriott, Equifax, Capital One, MGM).

Its popularity is unprecedented and, according to Grand View Research, ZTNA is expected to be a $59.2 billion market by 2028. That’s great! But... what is it all about?

According to Gartner, ZTNA is the creation of logical separations or barriers, based on user identity and context of use, around an application or set of applications. Identity and policy compliance are systematically validated, and switching from one resource to another is not allowed (without prior re-authentication). The goal is to prevent someone from accidentally stumbling upon a resource to which he or she is not entitled, and to reduce the attack surface by preventing an intruder from jumping from one resource to another once he or she has gained access, legitimate or not.

It's important to mention that ZTNA is not a product itself. Anyone who tries to sell you a ZTNA suite or product doesn't really understand what they are talking about. A product may be based on it and follow its guidelines, or it may facilitate the implementation of a ZTNA approach; but claiming to sell ZTNA would be like claiming to sell efficiency. It's an idea, a conceptual framework for reforming and organizing enterprise cybersecurity.

So what does it actually look like?

Specifically, it assumes that no one has access to a resource or the network by default. Don't worry, it's not personal! It's like going through customs: everyone has to show their passport to gain access to the gates; yet, a domestic traveler who has gone through security won’t have access to the international area. The same goes for users requesting access to a given resource: it’s essential that their identify is verified to validate that they are authorized to access it, in accordance with the company's policies. In other words, instead of protecting the perimeter or the local network (read: the office), the aim is to protect the resources themselves.

Just because you have access to the network, doesn’t mean that you can automatically access the files or applications that are stored there.

Why? Because if an ill-intentioned individual managed to sneak behind the firewall's lines of defense, they would have access to virtually all of the company's resources that are not protected by a second layer of security (e.g. a password, MFA). And even then, they could still cause significant damage by encrypting the network, stealing information, installing ransomware, etc.

Securing individual resources, either logically or by decentralizing servers to cloud resources, limits the damage in the event of an intrusion. You don't have all your eggs in one basket, but that doesn't mean that the local network should be left unprotected. Not everything is in the cloud, and office workers still need access to their local applications and files.

In case this sounds somewhat familiar, you experience it every day: That's why Microsoft asks you to re-authenticate every now and then.

Remember: conceptually, ZTNA does not recognize the notion of implicit access rights. With that in mind, it becomes very relevant to have an overview of network traffic, and the ability to track and trace a user's movements on that network. The longer it takes an organization to contain a breach, the more expensive it grows. Knowing that the average time to identify and contain data breaches was 287 days in the United States in 2021, there is room for improvement.

This is where Limnetic can help you.

Limnetic tracks and documents the actions of all users, objects, or devices on the network in an anonymous way. The metadata, or in other words the information allowing the specific identification of an individual (IP address, operating system version, browser version, etc.) is kept in a separate and encrypted database. Only a designated administrator has the key to decrypt them, if needed.

Usage data is correlated and allows for quick identification of suspicious behavior. If necessary, the administrator can access the encrypted data and identify the author of the suspicious acts and determine if actions must be taken to secure the network or block the user or device in question. Limnetic can even intervene directly on the network and block suspicious data flows, by their origin, their destination or for any other reason.

Once the breach is contained, the administrator can trace the culprit’s actions in detail to ensure the integrity of local resources.

This is a tremendous asset for anyone looking to make the jump to a ZTNA approach, to strengthen cybersecurity measures at the local level, and to take the first steps on the road to cyber resilience.

References:

1. ?The term "Zero-trust" as coined in April 1994 by Stephen Paul Marsh in his Ph.D Thesis: Marsh, S.P. (1994), "Formalising Trust as a Computational Concept", Ph.D Thesis, University of Stirling.
2. TechCrunch, March 30 2020, "Marriott Hotels Breached Again", https://techcrunch.com/2020/03/31/marriott-hotels-breached-again/.
3. CSO Online, February 12 2020, "Equifax data breach FAQ", https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html.
4. CNN Business, July 30 2019, "A hacker gained access to 100 million Capital One credit card applications and accounts", https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html.
5. ZDNet, February 19 2020, "Details of 10.6 million MGM hotel guests posted on a hacking forum", https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/.
6. Grand View Research, July 14 2021, "Zero Trust Security Market Size Worth $59.43 Billion By 2028 | CAGR: 15.2%: Grand View Research, Inc.", https://finance.yahoo.com/news/zero-trust-security-market-size-100500414.html.
7. Gartner, "Gartner Glossary: Zero Trust Network Access (ZTNA)", https://www.gartner.com/en/information-technology/glossary/zero-trust-network-access-ztna-, retrieved May 29 2022.
8. IBM, "Cost of a Data Breach Report 2021", https://www.ibm.com/security/data-breach, retrieved May 29 2022.