On-Demand Webinar: Packets Don't Lie Watch Now
Skip to Main Content

Why is Zero Trust Important?

If you want to know why Zero Trust is a critical cybersecurity strategy, list the names and consider the costs of recent ransomware attacks.

Kaseya, Colonial Pipeline, JBS Meat, Acer, Accenture. Your local school district, hospital, or city government. And more, many more.

This leads to security soul searching: what should we change?

Traditional Approaches to Cybersecurity Are Failing

Recent headline-making cyberattacks have something in common.

Threat actors accessed the network and moved laterally across, to complete these attacks, undetected.

Clearly, they outsmarted a longstanding approach to network security. NIST explains the situation:

“Traditionally, agencies (and enterprise networks in general) have focused on perimeter defense, and authenticated subjects are given authorized access to a broad collection of resources once on the internal network. As a result, unauthorized lateral movement within the environment has been one of the biggest challenges…”

Why is lateral movement one of the biggest security challenges? The primary reason is that threat actors abuse trusted devices, credentials, and encryption to blend in with network traffic.

Hidden from network defenders, attackers move across a network to find data or disruption points for a successful attack.

Zero Trust increases defensibility against these attacks and other advanced threats.

Zero Trust in Cybersecurity: Adoption Rates

It’s more than a cybersecurity buzzword.

A record number of organizations are on a Zero Trust journey.

Zero-Trust-Adoption-Rate

“In general, 72 percent of respondents have plans of adopting zero trust in the future or have already adopted it.” – Statista

This number now includes the United States Government. It must implement a Zero Trust Architecture (ZTA) by 2024.

The government needed drastic cybersecurity improvements and chose the ZTA approach.

The explanation, from a recent Executive Order:

“Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life.

The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.

The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT).”

How should organizations define Zero Trust?

Are you starting your journey or benchmarking progress? A standard definition helps. The U.S. Government calls this approach data-centric security:

“…the term “Zero Trust Architecture” means a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgment that threats exist both inside and outside traditional network boundaries.

The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.

In essence, a Zero Trust Architecture allows users full access but only to the bare minimum they need to perform their jobs. If a device is compromised, zero trust can ensure that the damage is contained.

The Zero Trust Architecture security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.”

What powers continuous monitoring?

As the government writes in its definition of Zero Trust, we must acknowledge some threats are already within the network. Detecting these threats requires modern tools, including the right Network Detection and Response (NDR) platform. This type of platform is about continuous monitoring, from core, to edge, to cloud.

NDR is one of Gartner’s newest cybersecurity categories, and leaders in this space are already emerging.

The LiveAction NDR approach, ThreatEye NV, enables continuous threat detection, hunting, forensics, and response. And it does so regardless of encrypted traffic on the network. It looks at behaviors instead of packet data and never decrypts anything.

LiveAction-NDR

The NDR platform baselines, analyzes, and correlates activity. Then, real-time Machine Learning (MLE) powers analysis of more than 150 attributes. ThreatEye NV then creates SOC-ready alerts, so you know if an asset or account may no longer be trustworthy.

metadata-analytics-zero-trust

Advanced threat detection and continuous monitoring are key parts of the ZTA framework.

Where can I find more resources on Zero Trust in Security?

Like cybersecurity itself, Zero Trust is a journey, not a destination. Here are two great resources as you consider next steps:

Memo M-22-09, Moving Toward Zero Trust Cybersecurity Principles

ThreatEye NV and Accelerating ZeroTrust on the LiveAction website