Although the zero trust strategy usually includes comprehensive Identity and Access Management (IAM), the Swiss security specialist Exeon Analytics warns against relying predominantly on IAM.
Zero Trust is all too often based primarily on constant verification of user identities, which is ineffective in cases of stolen identities, says Exeon. Zero Trust is an overarching security strategy that aims to continuously audit and verify access to resources both internally and externally. It is based on the principle that network devices and users must constantly prove their identity because they are not automatically trustworthy. Access to resources is limited to the absolute minimum and all identities on the platform are evaluated according to the same criteria as hosts.
IDS/IPS systems are tasked with detecting suspicious or unauthorized activity, virus infections, malware and ransomware, zero-day attacks, SQL injection, and more. However, they often only detect known signatures, such as previously identified malicious domains or IP addresses. If a domain has not already been flagged as malicious, it can be missed by traditional security solutions, making it difficult to achieve Zero Trust alone.
Network detection and response
In order to effectively implement the Zero Trust security strategy, companies should make greater use of network analysis tools, as the analyst firm Forrester recently recommended (“The Network Analysis and Visibility Landscape, Q1 2023”). According to the Forrester report, security teams should use network detection and response (NDR) tools to monitor their networks, scan for threats, detect applications and assets, and capture malicious data packets. These measures contribute to the effective detection of threats within IT infrastructures.
NDR facilitates early detection of reconnaissance activity and lateral movements when an attacker is already on the network. This is done without agents, which cannot be installed on many systems. Using machine learning (ML), NDR systems are able to detect anomalies in traffic without relying on pre-stored, known indicators of compromise (IoCs). These ML models are designed to be continuously trained to detect new threats and attack techniques. This approach significantly speeds up the detection of malicious activity and enables early defense against attacks. Additionally, it helps identify unknown, suspicious behavior and minimizes the time attackers can remain on a network undetected, thereby increasing overall security.
More at Exeon.com
About Exeon
Exeon Analytics AG is a Swiss cybertech company specializing in protecting IT and OT infrastructures through AI-driven security analytics. The Network Detection and Response (NDR) platform ExeonTrace offers companies the opportunity to monitor networks, immediately detect cyber threats and thus effectively protect their own company's IT landscape - quickly, reliably and completely software-based.