What Is Zero-Trust Security and Why Should You Be Using It?

What Is Zero-Trust Security and Why Should You Be Using It?

The cybersecurity threat landscape has become more dangerous over the last 12-18 months. The pandemic didn’t only cause people to explore their new skills and interests while in lockdown, it also fueled an explosion in ransomware, phishing, and other attacks.

In 2020, ransomware attacks increased 485%. We’ve also seen several far-reaching attacks this year, including those that targeted Colonial Pipeline and JBS (Pilgrim’s Pride & Swift brands).

Another big ransomware attack that happened recently was the hack of Kaseya, a software provider for MSP companies. This attack was a one-to-many. It first hit the IT companies that used the Kaseya software and through them hit about 1,500 of their clients. 

Yet another attack that occurred in 2021, was on the Microsoft Exchange Server. Hackers deployed 4 zero-day exploits that allowed them to take over the servers of an estimated 30,000 organizations in the U.S. and 250,000 globally.

What can a company do to combat the increase in cyberattacks? How can you improve network security to ensure you’re not the next ransomware victim?

The model that more and more companies are finding critical for their continued network protection is called “Zero-Trust.”

What Does Zero-Trust Security Mean?

The way that legacy cybersecurity has been done is to identify a threat and then neutralize it. It has largely been a “castle and moat” approach, where you put a perimeter of defenses around your network and then anyone inside the network is assumed to be a legitimate user or program.

Zero-trust takes a different approach in two key ways:

  1. Instead of having to identify a specific type of threat or malicious code, it addresses anomalous behaviors.
  2. It doesn’t assume that anyone that made it past the “moat” is automatically authorized to be inside the “castle.”

Using a zero-trust security strategy does not mean using one particular program or application. Zero-trust is a method of how you handle your security apparatus, and it is instituted by using several tactics.

For example, instead of just assuming all users that log into your network are supposed to be there, a zero-trust approach will use conditional multi-factor authentication to ensure everyone inside the network is authorized.

Tactics Used in Zero-Trust Security

Following are some of the tactics that make up a zero-trust security strategy. This type of model is more secure and helps address some of the newest and most sophisticated threats.

We’ll explain more as we go through each one.

Application Safe-Listing

Hackers are always looking for ways to trick a system into allowing malicious code to execute. Often, ransomware and other types of malware are so new (“zero-day”) that they haven’t been cataloged in a threat database yet.

If a threat isn’t yet known, then how does it get identified?

Application safe-listing is designed to address this problem. Instead of telling your system what applications can’t run (which would mean it would have to know them all), it tells your system what applications CAN run.

If an application isn’t on the safe list, it’s blocked by default.

Application Containment

Another zero-trust tactic that is closely related to safe-listing is application containment. This tactic helps combat fileless malware. 

Fileless malware uses malicious commands sent to a trusted Windows process like PowerShell to get by antivirus/anti-malware programs. This is particularly difficult to protect against without using zero-trust because fileless malware doesn’t contain malware as is recognized by antivirus programs. 

In 2020, file malware attacks skyrocketed by 900%

The way that application containment addresses fileless malware is by blocking all non-approved interactions that your system processes can have. Meaning, that if fileless malware instructs Windows PowerShell to have another system remove certain security settings, that action can be blocked so PowerShell can’t execute the malicious command.

Contextual Multi-Factor Authentication

Multi-factor authentication (MFA) is a powerful zero-trust tactic for protecting user logins to networks, remote services, websites, and cloud accounts. 

Contextual MFA adds more sophistication to the authentication process to protect your company. For example, it might prompt an additional challenge question if a user attempts to log in from outside the country.

Parameters that can be used include:

  • Location
  • IP address
  • Time of day
  • Device settings
  • And more

Control Privilege Levels

The more users you have with high-level privileges, the more you risk a devastating cloud account hijacking. Another important zero-trust tactic to use is implementing strict privilege controls.

Ways to do this include adopting the Rule of Least Privilege, which states that you should only give users the lowest privilege necessary for them to complete their daily tasks.

In certain platforms like Microsoft 365, you can even go a step farther by setting up a dedicated admin account. Any system admins use that account when doing administrative activities and then log back out and into a lower-level user account when finished.

Start Putting Your Zero-Trust Strategy Together Today

C Solutions can help your Orlando area business take the steps necessary to implement zero-trust security to shore up your defenses against the newest threats.

Schedule a free consultation today! Call 407-536-8381 or reach us online.