Trust is good, control is better: The Zero Trust architecture turns traditional security models on their head by checking every access – a revolutionary strategy that offers opportunities for greater security, but also brings challenges in implementation.
The term Zero Trust is not just a technology, but a whole package of measures that pursue an improved security strategy. An interview with answers from Frank Jonas, Head of Enterprise Sales DACH, Kaspersky.
1. Why is Zero Trust a paradigm shift in cybersecurity, and which weaknesses of traditional security models does the concept address?
The Zero Trust strategy was developed to add additional security to a security architecture. It's not a paradigm shift, which would mean taking a completely new approach. Zero Trust is more of an additional strategy that builds on existing solutions.
2. What security improvements and IT benefits does Zero Trust offer, specifically in defending against insider threats or lateral movement?
The major advantage of Zero Trust is that authentication is performed for every transaction between users, devices, IT applications, the corporate network, and especially the cloud. This significantly complicates, but not eliminates, lateral movement, as hackers cannot easily move on after penetrating an IT infrastructure.
Subscribe to our newsletter now
Read the best news from B2B CYBER SECURITY once a month3. How does Zero Trust address the security challenges of integrating IoT and cloud services into corporate networks?
Zero Trust ensures that both IoT devices and cloud access can only be used if authentication ensures that only authorized access occurs.
4. What practical hurdles exist in the implementation of Zero Trust, e.g. with regard to existing IT systems and costs?
The BSI clearly states that implementing a Zero Trust strategy is a long-term and financially challenging task in addition to existing solutions. Therefore, the first priority is to implement traditional endpoint, network, perimeter, and cloud protection in such a way that all technically available options are utilized, including "Managed Detection and Response" and other "Threat Intelligence Services (TI)," e.g., in the form of data feeds from various manufacturers to enrich firewalls, SIEM, and other IPS systems. Security decision-makers are well advised to question how this data is generated. The research and analysis effort and the time aspect (when was malware first detected and added to the TI data pool) are crucial for data quality and, consequently, for the level of protection provided.
5. How does Zero Trust protect against ransomware attacks – and where do vulnerabilities remain?
Attackers aiming for a ransomware attack rely on lateral movement to find the systems they want to encrypt and where important data can be extracted, thereby increasing the potential for pressure on the targeted companies. Therefore, Zero Trust plays an important role in making ransomware attacks more difficult. Attacks cannot be made impossible per se; our professional activities in incident response, malware research, and malware analysts also allow us to identify many "bypass methods." This means that hackers always find ways to circumvent password barriers and the like.
6. What role does the human component play in a Zero Trust architecture, e.g. in defending against social engineering attacks?
Zero Trust reaches certain limits when it comes to social engineering attacks. This type of attack is essentially based on deceiving employees of a company into performing seemingly authorized actions, such as transferring money, under the belief that they have received the instruction from a superior.
In these cases, the deceived person can still carry out all transactions for which he or she is authorized according to the Zero Trust principle.
7. How does Zero Trust work in hybrid working models, and which technologies can complement the approach?
As described, Zero Trust builds on and complements an existing security architecture. In this respect, traditional cybersecurity and Zero Trust are two sides of the same coin. Overall, both aspects result in maximum cybersecurity. Hybrid work models are equally supported, as users receive authorized access to the desired applications and data either from home, within the company network, or while on the go.
8. What risks does the reliance on Zero Trust technologies entail, e.g. in terms of overhead or false security?
Risks will always exist, as there is no such thing as 100% security. Hackers are always one step ahead because they are in control. According to the BSI (Federal Office for Information Security), we see 250 completely new attack methods worldwide every month. The MITRE ATTACK&CK Framework now contains approximately 50.000 attack methods and sub-methods. Therefore, it is important that all parties involved not only rely on technical solutions, but also continuously raise employee awareness through training. Ultimately, clicking on phishing links is done by the user, and even Zero Trust cannot prevent this.
9. How does Kaspersky's Cyber Immunity approach reflect the principles of Zero Trust?
What Kaspersky understands by the "Cyber Immunity Approach" is ultimately the "further development" of the Zero Trust principle. Cyber Immunity means that we harden system components with an operating system (Kaspersky OS) specially developed for security aspects so that they can only do the things they were designed for. This makes an attack impossible. However, the implementation of Cyber Immunity will take a long time. If you imagine a modern car, for example, all network-capable components would have to be hardened in this way. To do this, all component manufacturers would have to implement Kaspersky OS in their products. However, we are convinced that this path will be taken in the next few years. The first products, such as "thin clients" or a "cyber-immune mobile phone," already exist.
10. Will Zero Trust become the long-term standard in cybersecurity? What trends and challenges could influence the approach?
The expansion of traditional cybersecurity architecture will continue. As described, managed services and the increased use of IT services – primarily data feeds from various relevant providers – are crucial for achieving maximum protection. Zero Trust solutions will accompany this path. The sooner the better, of course, depending on available budgets. Cyber immunity will determine the distant future of expansion measures to reduce companies' attack surface to a minimum. "Standing still" in the expansion of security architecture means regression, as hacking methods will continue to develop exponentially in terms of quantity and sophistication – to the detriment of all internet users.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/