Your home security will be dramatically improved if you complement your main door lock with an alarm and a CCTV system that tracks everyone who knocks on your door, walks through it, and moves through your home. But that will not prevent criminals from breaking your windows and quickly taking what is within their reach, trying to manipulate and turn off your alarm system remotely, or monitoring each of their movements to collect confidential information. Likewise, a Zero Trust Network Architecture (ZTNA) is an essential first step in advancing enterprise security, but a comprehensive Zero Trust strategy requires additional steps to be taken.
About the Author Chris Mayers, Citrix's Chief Security Technical Architect.
ZTNA closes the door to network-level attacks that would otherwise put business processes at risk. Secure paths to critical business resources, on-premises or in the cloud, through multi-factor authentication, machine learning-based analytics, and continuous monitoring. However, in many organizations, the network is not the weakest link: the vast majority of reported vulnerabilities are in applications, not the internet. Some of these weaknesses are well known and have been around for a few years, others are the result of new ways of working and consumerization.
Therefore, companies need to think beyond ZTNA and also consider application security. A good start is to fix the most critical known application flaws. In a world that is gradually moving away from monolithic applications towards cloud-based microservices architectures, it makes sense to focus not only on internal applications, but also on new public cloud or hybrid cloud-based microservices. .
By securing applications and microservices, artificial intelligence and machine learning are powerful tools for warning complex attacks, including zero-day attacks, considerably faster than human intervention alone could. Another main component of application security is a web application firewall (WAF). In the hybrid cloud era, WAF should be as easy to incorporate on-premises as it is in the cloud, and should offer low latency and high performance, ensuring a frictionless user experience despite progressive backup security monitoring. . .
Another increasingly critical attack surface is application programming interfaces (APIs). APIs are universally used to let applications talk to each other and to mechanize workflows between applications. As a result, APIs provide access to a myriad of corporate data. Leaving it stranded means putting critical data and ultimately the business itself at risk; and without API monitoring, data exfiltration can still go unnoticed.
API security
For strong API security, the initial step is an inventory to discover unknown APIs (or "spectres") and enforce API access control across the enterprise through standardized authentication mechanisms. In the next step, APIs can be guarded against abuse by setting API call thresholds. In addition to this, progressive monitoring summarizes essential information about API usage, performance, crashes, authentication failures, and more. Here too, machine learning provides a powerful mechanism for getting information, safeguarding APIs, and enforcing desired state. By safeguarding APIs, authorities, for example, can set rules to deny any requests from other countries, reducing the risk of abuse. Companies and service providers in all industries can prevent their applications from being slowed down or even killed due to excessive API traffic. After closing the doors to application and API level attacks, another essential step is to ban malicious bots from the property. Not every single bot is bad; Many companies, for example, use chat bots and voice bots to handle incoming messages and calls from service customers. But adversaries also use bot technologies: within minutes of going live, malicious bots will examine a new place of business for weaknesses as well as information that can be gathered. According to security scholars, bots account for XNUMX% of Internet traffic. This means that more than a third of the time, commercial applications do not serve the clients of the service. To circumvent this, the initial step is to distinguish malicious bots from harmless bots. This can be done by filtering out poor bots based on reputation score, geolocation, or something called a bot fingerprint, using multiple factors to distinguish them from humans and look for anomalies in their behavior. Modern Application Delivery Management (ADM) technologies help to do this, being able to identify even complex bots. Therefore, bot mitigation technology is an essential part of online security. For example, it allows online retailers to be alerted whenever competitors attempt to automatically collect cost information from their sites, while improving the customer experience of the service and reducing costs by minimizing traffic.
Globally
Zero trust is at the forefront of cybersecurity technology. But a zero-trust environment cannot be achieved simply by incorporating a zero-trust network architecture: while ZTNA will strengthen the gateway to the enterprise network, application security, API security, and bot mitigation. they will help close windows of opportunity that can still be left open to attackers. . Security is only as good as its weakest link, so companies must use a comprehensive zero-trust strategy to avoid putting their business at risk. In the same way as at home, the best approach is to be proactive and not wait until the moment when a burglar is already in the house.