Power Zero Trust

Organizations can no longer assume that a trusted asset on the network is still trustworthy, or that a legitimate end-user account remains legitimate.

Threat actors are abusing this trust and blending in with traffic, protocols, and encryption.

The Zero Trust approach to cybersecurity protects against this type of abuse. It demands proof that everything touching your network is trustworthy.

A record number of organizations, including the United States Government, are adopting a Zero Trust Architecture (ZTA) which is built around a central premise. ‘Trust ONLY IF you verify.’

As you look to implement or mature a Zero Trust strategy, here is the mindset that will power your progress.

“Zero trust is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated. Zero trust architecture is an end-to-end approach to enterprise resource and data security that encompasses identity (person and nonperson entities), credentials, access management, operations, endpoints, hosting environments, and the interconnecting infrastructure.” — NIST 800-207

You need the correct strategy, followed by the correct tools to successfully implement this approach.

LiveAction powers continuous network detection and response (NDR) so that SecOps and NetOps teams can consistently evaluate trust. It does so in a manner consistent with White House Executive Order 14028, Improving the Nation’s Cybersecurity, and Presidential Memo M-22-09, Moving Toward Zero Trust Cybersecurity Principles.

“Agencies should strive to employ heuristics rooted in machine learning to categorize the data they gather, and to deploy processes that offer early warning or detection of anomalous behavior in as close to real time as possible throughout their enterprise.
For example, agencies may benefit from detecting excessive access requests to certain data types, or when accounts associated with agency leadership are accessing a system or category of data they have not previously accessed and would ordinarily not be expected to.”

LiveAction ThreatEye uses streaming Machine Learning (MLE) on top of advanced behavioral analytics to detect the trustworthiness of everything on the network.

This platform analyzes more than 150 traits and characteristics at wire speed, collecting and analyzing long-term baseline data. ThreatEye detects advanced threats on the network and creates SOC ready alerts when traffic, assets, and behaviors are no longer trustworthy.

Nearly 90% of network traffic is encrypted. As a result, an increasing number of tools are going blind, and developing continuous trust is impossible.

However, ThreatEye is unfazed by encryption. It uses Encrypted Traffic Analysis (ETA) to record, baseline, and do complex analysis of behaviors. It does not decrypt any network traffic. This is a key point, since the U.S. Government warns against the decryption approach:

“…as CISA and security researchers have warned, network inspection devices can present security vulnerabilities through weak or incorrect implementation of encryption protocols.

 

For example, agencies should avoid relying on static cryptographic keys with an overly broad ability to decrypt enterprise-wide traffic, as even a brief compromise of such a key would defeat encryption across the agency.”