Combat identity-based attacks with Zero Trust

July 26, 2022
| No comments
Combat identity-based attacks with Zero Trust
Advertising

Share post

Identity-based threats have become a major source of attacks and data breaches. As a result, organizations today require improved identity awareness and new threat mitigation strategies, which is best achieved by implementing an identity-based Zero Trust approach. Below are the basics of how the Zero Trust model works and best practices for implementing it effectively.

The Zero Trust model is a security approach based on the idea that organizations shouldn't automatically trust everyone inside or outside the infrastructure perimeter. Instead, every entity or user trying to access the system must verify themselves.

Advertising

What is Zero Trust?

As a security framework, Zero Trust replaces the idea of ​​a network edge. It focuses on securing network infrastructure, whether it is on-premises, cloud-based, or hybrid. The framework requires that all users and entities attempting to access the network must be authenticated and authorized before they can access any resource, data, or application.

Security doesn't end when you enter the network. Users' sessions must be regularly monitored and their identities routinely verified to maintain access. This approach addresses challenges like securing workspaces with remote and hybrid workers.

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Which organizations benefit most from a Zero Trust approach

When the infrastructure model includes:

  • A multi-cloud, hybrid, or multi-identity infrastructure
  • BYOD or unmanaged devices
  • SaaS applications
  • legacy software

If the company faces the following challenges:

  • Lack of qualified SOC expertise
  • Compliance Requirements
  • Lack of threat visibility

If the organization is at high risk for the following attack vectors:

  • Insider threats
  • Attacks on the supply chain
  • Ransomware

If service providers or other third parties work within the company network:

  • The company needs to protect remote workers accessing public cloud resources.
  • The company's line of business uses IoT devices, such as sensors.

Organizations with diverse use cases can successfully implement Zero Trust by tailoring it to their specific needs, digital transformation challenges, and security strategy.

How Zero Trust Authentication works

Implementing a Zero Trust authentication framework in an enterprise requires the combination of different technologies, including identity protection, endpoint security, risk-based identity management, data encryption, and multi-factor authentication. In addition to combining technologies, the framework must be implemented on a robust cloud infrastructure to enable continuous verification.

Continuous monitoring and authentication are the core requirements of a Zero Trust architecture. To achieve this, organizations must enforce policies that address user and device risk levels and compliance requirements. This means that both the users and the devices that have permissions and attributes during the session must be continuously authenticated.

Build zero trust architecture

To build a Zero Trust architecture, organizations must first identify the network's critical resources, users, services, and data. This allows them to prioritize and create security policies.

After identifying the critical resources to protect, the next step for organizations is to figure out which users are using which resources. Implementing a zero-trust authentication architecture requires mapping all privileged accounts and controlling what and from where they connect, requiring real-time visibility.

For this reason, it is not sufficient to verify identity only at the beginning of the session, since the user's risk level may vary during the session. Therefore, continuous validation of all access requests within this framework is a must. To achieve continuous authentication, Zero Trust policies control user and application identity attributes, such as:

  • Credential Privileges
  • behavior pattern
  • user identity
  • Risk levels in authentication protocols

A comprehensive Zero Trust architecture encompasses users, applications and infrastructure:

  • User: The framework must authenticate user identity and the integrity of the user device while enforcing the principle of least privilege for all systems.
  • Applications: By applying Zero Trust to applications, apps are assumed to be untrustworthy and their behavior needs to be continuously evaluated.
  •  Infrastructure: Everything in infrastructure, from routers to IoT devices, should be zero-trusted.

Zero Trust use case: Security breach at Capital One

The security breach at US financial services firm Capital One in 2019 is a good example of unauthorized access. A former Amazon employee breached the database using her former employer's credentials. The cybercriminal stole more than 100 million consumer applications, resulting in the financial company being fined $80 million. This case demonstrates the importance of implementing zero trust and access management tools for hybrid and cloud environments. The cloud or hybrid environment is more robustly protected against unauthorized access by implementing a Zero Trust approach. A Zero Trust solution could have detected and prevented the hacking attempt as coming from a suspicious location and time.

Identity-based zero trust architecture using the right technologies

Implementing the right solution can simplify the transition to a Zero Trust architecture. It is recommended to have an identity threat protection platform that is specifically designed for real-time prevention, detection, and response to attacks that use compromised credentials to access targeted resources. Using innovative agentless and proxyless technology, this solution seamlessly integrates with all existing IAM solutions (such as AD, ADFS, RADIUS, Azure AD, Okta, Ping Identity, AWS IAM, etc.) and extends their coverage to resources previously could not be protected - for example homegrown/legacy applications, IT infrastructure, file systems, command line tools, machine-to-machine access and more. This effectively prevents identity-based attacks in dynamic and complex cloud and hybrid environments.

Identity-based attacks, in which cybercriminals misuse credentials to access resources, are one of the top threats to corporate security today. However, with an identity-based Zero Trust approach, security officers can significantly minimize the risk of a successful attack.

More at www.silverfort.com

 

About Silverfort

Silverfort is the provider of the first Unified Identity Protection Platform that consolidates IAM security controls in corporate networks and cloud environments in order to ward off identity-based attacks. Through the use of innovative agent-free and proxy-free technology, Silverfort integrates seamlessly into all IAM solutions, standardizes their risk analysis and security controls and extends their coverage to assets that previously could not be protected, such as self-developed and legacy applications, IT infrastructure , File systems, command-line tools, machine-to-machine access and more.

 

Matching articles on the topic

Attacks on the water supply

Water is one of the most valuable resources as the basis of all life. It is therefore no wonder that water supply is increasingly becoming a goal ➡ Read more

PHASR proactively strengthens endpoint security

An industry-first endpoint security solution that hardens endpoints dynamically and tailored to each user: Bitdefender's PHASR. This ensures that security configurations ➡ Read more

Using exposure management against ransomware

A leading IT security company has published its latest cybersecurity report. Only a quarter of German security experts are optimally prepared for ransomware attacks. ➡ Read more

Sophisticated Phishing-as-a-Service (PhaaS) platform

Security researchers have uncovered a sophisticated Phishing-as-a-Service (PhaaS) platform that poses a serious threat to organizations around the world. The threat actor ➡ Read more

PDFs: The Trojan Horses of Hackers

Cybercriminals are increasingly using the popular PDF file format to hide malicious code. Recent IT forensics findings underscore this: 68 ➡ Read more

Maximum IT security for OT systems

OT systems are rarely attacked directly. However, gaps and vulnerabilities in traditional IT make OT systems more vulnerable to attacks. ➡ Read more

IT resilience: cybersecurity at the storage level

More data security features for greater IT resilience at the storage level: Cyber ​​security managers can pursue a proactive data security approach at the storage level with highly secure NetApp storage and thus ➡ Read more

Algorithms for post-quantum cryptography

A provider of IT security solutions introduces Quantum Protect, a post-quantum cryptography application suite for its u.trust General Purpose Hardware Security Modules (HSMs) ➡ Read more

PR News
, , , ,