Zero trust is a security framework that focuses on the idea that no entity should be given automatic access to a network; instead, each must be verified for privileges. Born from the understanding that the outside and inside of a network can create cybersecurity threats, it replaces traditional authentication methods and helps protect increasingly fragmented and diverse networks.
About the Author Rich Orange, UK&I Vice President, Forescout. When implementing the zero trust model, it is essential that organizations understand each connected user, their devices, and the data they are trying to access. This should already be the foundation of any security framework, after all, visibility is the backbone of security, but it's extremely important when trying to create appropriate policies and compliance controls as part of a 'zero trust' strategy. . Ultimately, companies need to know who and what is trying to access what before they can create the right parameters and controls.
So is a device a user?
The idea of a "user" being scrutinized when applying zero trust. This definition has become even more complex with the massive increase in network-connected devices, including Internet of Things (IoT) and operational technology (OT) devices. With all these new technologies connected to the network, the potential attack surface is greatly expanded. This requires companies to determine an identity for everything that comes into contact with the network: users, devices, virtual infrastructure, and cloud computing assets. An effective way to assess connections is to segment devices into device categories. With IoT devices, no human assistance is required to collect, access, and share information, or to automate functions and improve efficiency. This technology is the fastest growing category of devices. Industrial IoT is a common connection in industrial and manufacturing settings through machine-to-machine (M2M) communication. This has also been adopted by health, business and insurance applications. OT is grouped into networks but requires the same level of security. According to Gartner, by 2021, 70% of EO security will be managed directly by the COI or CISO, up from 35% today. Smart devices can be extremely problematic when it comes to security decisions. For example, in the case of widespread DDoS attacks, botnets like Mirai can take control of unmanaged IoT devices with weak credentials, potentially leading millions of them to disrupt critical services. .
Devices are always unique.
To fully understand a device, and therefore determine what access it should be authorized to access on the network, it's not enough to look at its IP address. It needs to be verified with much more: granular details and complete situational awareness are essential to keep any network fully secure. This information may include the latest patch management received by the device, as well as its business context. IP-connected cameras are a good example. The same type of camera can be used for various functions in a business, from video conferencing to video surveillance. In the financial sector, for example, video is used to monitor customers and is integrated into ATMs to analyze check deposits; however, this same model of camera could be used on an oil rig, where it is used for health and safety purposes. This means that the camera must be able to share communication paths with various data center applications and cloud services, and these paths will be unique to the company using them and the desired function. That is why the foundation of the zero trust model must be based on identity and device context.
IoT and OT devices require special measures
Another basic principle to keep in mind when creating a zero trust ecosystem is that it should go beyond users and include non-user devices. Users who, in a traditional environment, would be granted automatic access because they are separated from the network, will no longer benefit from this privilege, which means that anyone or anyone trying to gain access may be treated as if they were not a user. For this to be an efficient process, it is important to use an agentless device visibility and network monitoring solution for IoT and OT devices, as agent-based security products often do not support this type of technologies. This, combined with a detailed understanding of every device on or attempting to access the network, traffic flow, and resource dependencies, will help build an extremely robust zero-trust architecture. Finally, network segmentation should be used to maintain complete control of all company systems. Segmentation can help meet the critical principles of zero trust and risk management by continuously monitoring the network for access to user devices to protect critical business applications. It can also be used to limit the effect a breach could have on systems by blocking IoT and OT devices if they are acting suspiciously, preventing lateral movement on the network. Segmentation can provide additional controls and precautions for devices that cannot be patched or upgraded by keeping them in separate areas, reducing the attack surface. Zero trust can be difficult to fully achieve, but if the right measures are put in place, such as careful examination of every device and effective network segmentation, security teams can be assured of their probability of breach. full to the absolute minimum.