One Security Principle Will Solve Most Security Issues

With the increasing use of cloud services, remote workers, and mobile devices, the traditional network security approach does not seem to be the best strategy. This approach automatically trusts users and endpoints within the organization’s perimeter without consistently verifying them.

To have good security, it’s essential to lock down your infrastructure to prevent compromise. This is where the zero trust approach comes in.

What is Zero Trust?

Zero trust is not new technology; it has been around for a while, but we are now uniquely stacking various technologies to strengthen it. So what does zero trust mean? It means that if something is compromised, it is isolated and controlled so that nothing else on the system can be compromised. It's a way to get the best of both worlds.

Previously, the old-school approach to securing critical systems, such as nuclear power plants or utilities, was to air gap them. This meant these critical digital assets were not accessible from the internet, ensuring they couldn’t be accessed by anyone, anywhere, anytime. However, this approach had its drawbacks, as managing or controlling these systems required physical access, which was inconvenient.

Zero trust offers a solution by allowing for a system where if one part is compromised, it doesn't impact any other part. This is achieved by isolating and containing components or entities running on the same physical server. Essentially, it's like creating a mini air gap with internet access.

Many companies focus solely on preventing threat actors from gaining access. However, it's crucial to also focus on controlling and minimizing the risk if a threat actor does gain access, which is inevitable.

Zero trust has main two components:

• Segmentation (Isolation and Containment)
• Detection

Let's look at an example of segmentation and how it can be implemented at different levels in your organization:

Endpoint

At the most basic level, an endpoint consists of programs. By setting up your endpoints so that each program runs in isolation from others, if one program is compromised, it won’t affect any others.

For instance, if an employee falls victim to a phishing attack and clicks on a malicious in their email client, only the email program would be compromised, leaving the rest of the system intact.

Wouldn't zero trust solve a lot of our problems? Instead of chasing AI solutions, implementing zero trust at the application level could address the primary ways systems are compromised today. With today's computers, where resources are abundant, each endpoint and application could run in a separate isolated virtual machine. This way, if one application is compromised, it will be contained.

Network

If the first level of segmentation fails and all applications are compromised, the second level involves containing the compromise within the computer itself. This is akin to network access control on steroids. Every system attempting to communicate on the network is verified and validated, and traffic is scanned in real-time for anomalies or infections. If anything, suspicious is detected, the system is isolated or quarantined.

If you implement both levels of zero trust, every application is isolated, and even if a computer is compromised, it will be contained, significantly reducing your problems.

Using an internal firewall to segment the internal network and isolate every device is a valid way to apply zero trust on the network level.

Detection

However, what if segmentation fails? You need strong detection capabilities to quickly identify and remediate any compromise. Monitoring and tracking data are crucial to catching compromises in a timely manner.