A new security standard has been gaining popularity because it combats both Zero-day malware and insider threats by taking a “trust no one” approach. This security policy is called Zero Trust.
2020 saw an unprecedented number of cyberattacks on all vectors, from ransomware to IoT attacks. The FBI reported a 400% increase in cybercrime reports during the midst of the pandemic.
Many of these attacks come from insider threats, which are typically much more difficult to guard against without the right IT security in place. A hacker gains access to a user's login and they’re inside the system and seen as a trusted user.
Between 2018 and 2020, insider attacks on businesses have risen by 47%.
Another cause of the increased threat landscape is that brand new malware variants (aka Zero-day) are coming out at a record pace. From file-less attacks to mobile ransomware, antivirus/anti-malware databases can have a hard time keeping up with all the new threat iterations.
In a traditional cybersecurity approach, a ring of protections is placed around a network, this is called a castle-and-moat concept. This approach assumes that anyone that makes it past those protections is approved to be in the castle and may move around freely according to their permissions.
This translates to if a user logs in with approved login credentials, they are assumed to be approved to be in the system legitimately and can perform tasks according to the access privileges attached to that user account.
Once a user gains access to a system, this type of strategy doesn’t continually check credentials for that user, they’re trusted.
When it comes to detecting malware, things like file-less attacks (which don’t use a malware-infected file) and Zero-day malware can make their way past standard antivirus programs because they’re looking for the “bad guys” that are on a list of known malicious malware variants. If malware is brand new, it may not be on that list.
How Zero Trust security works is to take away that default trust posture, and instead trust no one unless they’ve been verified regularly. Rather than assuming everyone inside the castle is supposed to be there, a Zero Trust approach will continually challenge the validity of users and devices to verify their legitimacy.
When it comes to malware detection, using Zero Trust security means not only relying on a database of known threats to tag the bad guys but also telling the system who the good guys are (approved programs and commands) and then only allowing those to execute in a system, stopping all that are not on the list of trusted applications.
Zero Trust isn’t just one application, it includes a number of safeguards that protect networks and data from rogue users, unknown malware, malicious systems commands, and more.
Moving to a Zero Trust cybersecurity policy can greatly improve the defenses for your Houston area business and ensure your network and cloud accounts are protected from insider threats.
Here are some of the systems that are used to create a Zero Trust Security network.
Application whitelisting designates what programs are allowed to run and that can execute commands within a computer or network. This method stops unknown malware and fileless attacks from creating problems. They are blocked automatically because they’re not on the whitelist of approved programs.
This tactic is often used along with application ringfencing, which takes the concept a step farther and designates which programs can interact and how they can interact.
Part of running a Zero Trust Security network is to not just assume anyone logged in with a legitimate user account is a legitimate user. Users need to be verified continually.
This isn’t done by interrupting users for another login throughout the day, it’s done by using advanced multi-factor authentication, which can be used to:
Ongoing monitoring of devices connected to company resources is another important part of Zero Trust security. Devices are monitored for where they’re logging in from, what they’re doing when logged in and typical use patterns.
If use falls outside of normal patterns, the endpoint management application has the ability to revoke device access to all system assets.
Additionally, endpoint device management apps allow you to remotely control things like application of security patches and updates.
Digital Crisis can help your Houston area business review your current IT security policies and enact Zero Trust Security protections that strengthen your defenses against attacks.
Contact us today to schedule a consultation. Call 713-965-7200 or reach us online.
