According to the 2019 State of the Internet report, hackers made 30 billion attempts to attack businesses via successfully stolen credentials in 2018. Up to 2% of these attempts were successful. From just one entry point, the attackers were then able to make movements across an enterprise network, achieve fraudulent transactions, or take advantage of the business with malicious intent.
Once your organization has shored up its outer walls, and segmented the core applications that are business-critical, your people are your last line of defense. However, this doesn’t make this part of your security arsenal any less essential. As the Zero Trust eXtended framework says, “Most breaches are ultimately an inside job.” You don’t need an angry employee with an axe to grind, all you need is one instance of credential theft, and a flat network that’s easy to leverage for lateral movement within your data center.
Attacking this Head-on with your Zero Trust Model
A strong Zero Trust security strategy will include strict enforcement of user access, as well as authentication and monitoring of user behavior and movements, both within the data center and as users connect to the web. Governance of each user’s access and their privileges means that even if the worst happens and their credentials are successfully stolen, there is no way for an attacker to escalate this breach, or to make movements outside of what that specific user is entitled to access.
Think about an HR employee for example. An individual working in the HR team will need access to all the data and applications that are relevant to their role, and might also need permissions to certain financial systems for payroll, or applications that handle candidate information for on-boarding. However, they do not need extended access to anything outside of this, including other financial applications outside of their own purview, or further sensitive data connected to current employees such as medical information. In the same way as your workloads are isolated using micro-perimeters, your user access can follow suit, allowing each employee to access just what they need, and nothing further.
Features of a Strong Solution for User Identity that Leverages Zero Trust
Following the Forrester guidelines for a Zero Trust model, here’s how your security solution can check all the boxes for identity and access management, and achieve this high level of granularity and control. Whichever features you opt for, make sure that your solution can work seamlessly across any platform or infrastructure, and takes immediate effect on both active and new sessions of user activity. Without these two cornerstones, you’re starting from a place of blind spots and security gaps. With them, you’re well placed for success from the start.
- Isolate user interactions: Using an Active Directory User Group, intelligent micro-segmentation can isolate user access exactly the way we described above, giving specific users access to certain servers and applications via specific ports and processes. This access control can be enforced between workloads in the same segment of the network, and even allows for simultaneous connections from the same server/Jumpbox.
- Third party access management: User groups can support enforcing specific policies for each third-party connection, strengthening security where it’s weakest, while allowing the benefits of third-party integrations and partnerships. Define policies for the data center at large, as well as individual applications and workloads, providing access to just what each user needs – and no more.
- Privileged identity management: Especially when it comes to administrative usage, this is an essential area for credential security. Admin/root access passwords are often left unchanged, and can be an open door for attackers to gain a foothold. When testing your network for weaknesses, it’s important to look at propagating using root passwords, as well as where attackers could move laterally from the initial breach.
- Two-factor authentication: 2FA has become a baseline, heavily reducing the risk of credential compromise. If it isn’t already in place in your organization – it should be. If your managers worry that people will feel slowed down by this essential security tool, remind them of ordinary 2FA tasks that we all consider the norm, such as taking money out of an ATM with a bank card and a pin number. Soon, 2FA will be this equivalent for the workplace.
- Web security: Phishing scams are becoming increasingly sophisticated and manipulative, and you can’t always rely on employee education to help users spot attacks ahead of time. Strong security solutions will include web security gateways that block user access ahead of time to any malicious websites.
- User behavior analytics: You can learn a lot about the way your employees act from monitoring ‘business as usual,’ which can then help to build policy that learns from your real employees, and can alert you to anomalous actions. This could be anything from a login at an unusual time of day, to credential use when an employee should be on vacation.
Following the Zero Trust eXtended pillars is best-practice for protecting your network and its users from external and internal threats. This includes a Zero Trust model for more than just networks, applications and data alone. User Identity Access Management is a key part of your Zero Trust strategy, managing individual user access, simultaneous connections, and third-party access management. When done right, this can all be achieved from the same core technology that handles your application segmentation. This lessens the learning curve and streamlines your overall security posture with a truly holistic approach to Zero Trust.
Want to find out where your network stands when it comes to achieving a Zero Trust security strategy? Check out Infection Monkey: Zero Trust Edition, an open-source tool that can get you quick answers and recommendations in line with Forrester’s best-practices. And download our paper on how to get to zero trust implementation faster.