One Step Closer to Zero Trust with Continuous Security Validation

Author: Jason Wild, Cyber Security Tech. at rThreat

The rise of Zero Trust

If you have spent time within the security space over the past few years, you have likely witnessed the sudden proliferation of the buzz-word “Zero Trust”. Despite the abundance of ongoing conversations around the importance of adopting Zero Trust into our security postures, there is often little clarity on what a Zero Trust model actually looks like.

Moreover, many vendors promote their different products as one-size-fits all Zero Trust solutions. This can make it even more difficult to pin down exactly what “Zero Trust” means in the first place, and what it can do to help organizations secure their information and assets in the face of modern threats.

As defined by NIST SP 800-207, Zero Trust is not specific to any singular product or network component, but “an evolving set of cybersecurity paradigms that move defenses from static, network-based parameters to focus on users, assets and resources.”

It’s a reference architecture and an operational mindset that describes the necessary shift of cyber defenses from a traditional perimeter-defined network model to a more flexible model that constantly adapts to the ever-changing threat landscape security teams defend against today.

In short, it’s all about “Defense-In-Depth”, working from the assumption that a threat actor can be anywhere in your system environment - on the edge, in the cloud, or at your core.

In a 2020 study, the identity and access management vendor Okta found that Zero Trust growth rose 275% year-over-year, with 60% of North American and 40% of global organizations working towards implementation of a Zero Trust mindset in their operations.

This number continues to rise as more and more businesses shift their infrastructure from on-premise and siloed networks, accessed by controlled devices, to open network environments, user-owned and mobile devices, cloud-based infrastructure, and remote work-from-home models.

Attack surface management

In simpler terms, Zero Trust can be thought of as no more than an expansion of traditional information security. There is no one specific product or tech stack implementation that provides Zero Trust, but rather it is a framework of concepts that utilizes technical and administrative security controls to remove excessive trust of processes and reduce vulnerability. Think of it as a playbook for managing the attack surfaces of today that are at times exponentially larger, and spread deeper, than they were in the past.

Traditionally, organizations have defined their discrete network perimeter with security appliances, such as firewalls and IPSs, that are able to filter out untrusted external traffic before it ever reaches internal traffic. Inside this perimeter, much of this traffic is often implicitly trusted. Zero Trust seeks to extend this lack of trust to all phases of the network. Instead of implicitly trusting user accounts, applications, systems, or processes, trust is continuously evaluated at all points of access.

Additionally, the outsourcing of business operations to third parties has provided increased efficiency and expense reduction at the cost of an expanded attack surface for threat actors to exploit. As we have all unfortunately seen, the result of this implicit trust in third-party supply chain components has caused not only the high-profile recent attacks on SolarWinds and Kaseya/Coop, but a dramatic rise in ransomware attacks on businesses of all sizes.

Whatever the right fit for an organization’s Zero Trust architecture, the reality of the situation is that the continued increase in complexity of our business logistics and technology stacks has led to a greatly expanded attack surface to manage. There is now a cyber attack on average of once every 39 seconds. Small and medium-sized businesses are the most at risk to this environment. While 43% of cyber attacks target these organizations, nearly 70% are unprepared to respond in the event of one.

Managing an organization’s attack surface can no longer stop at the firewall. It’s crucial that we move beyond excessive trust and ensure that continued access requires continued verification. Zero Trust architecture can take many forms depending on the situation, but typically this requires the implementation of Defense-in-Depth, utilizing tools such as network segmentation, multi-factor authentication (MFA), privileged access management (PAM), and Endpoint Detection and Response (EDR).

But with the increasingly saturated market of security products claiming to provide organizations with Zero Trust, how can anyone trust that they have chosen the right one for their organization? It can be disorienting to determine which are actually creating the most value for a limited security budget. rThreat is focused on addressing this challenge, by bringing a Testing-in-Depth approach to the Defense-in-Depth mindset of Zero Trust.

rThreat and Zero Trust evaluation

The unfortunate irony of the ongoing Zero Trust paradigm shift is that, as with many trends, buzz-word heavy branding and a lack of understanding of what the words mean can often inevitably lead to a false sense of security among organizational leaders. Added to this, each increase in the number of security hoops that employees must jump through can inadvertently encourage them to find ways to bypass these security controls to perform their duties and meet deadlines.

Whatever stage of moving towards Zero Trust your organization may be in, and however you choose to implement a Zero Trust framework, rThreat can provide the last piece to fine-tune your Zero Trust posture: continuous validation of your defenses, wherever and whenever you want.

Optimized for cloud-based delivery, rThreat is a sophisticated breach and attack emulation platform designed to provide security teams with a controlled environment for on-demand interactions with real-world threats, and validation of an organization’s capability to detect and respond to those threats.

With a library of known and custom malware showing the behaviors of today’s threat actors, teams can determine which tools and processes are working best, which tools and processes overlap or don’t meet standards, and expose gaps in their organization’s defenses. They can also proactively expose their security teams to threat activity, to refine processes and conduct ongoing security training. This not only reduces cost and overhead, but increases your team’s productivity while they are able to focus their time and efforts towards what is truly useful.

The rThreat platform allows an organization to validate its third-party supply chain surface for security vulnerabilities as well. As the responsibility for securing sensitive data, such as financial, healthcare, or other personally identifiable information, ultimately rests with the organization at the top of the chain, ensuring the security of this information from both external and internal threats is critical. rThreat provides evidence to clients and auditors alike that an organization’s security controls are effective.

Today’s world brings a growing number of sophisticated threats around every corner. If we truly hope to have any chance of keeping our systems, data, and applications protected, it has never been more important to rethink the way we secure our organizations from the ground up. Moving towards Zero Trust with rThreat provides the visibility your organization needs into the real-world effectiveness of your risk management and incident response programs.

Follow Us

One Step Closer to Zero Trust with Continuous Security Validation