Logically, the discussions we have started here would be related to the elimination of the idea, the term, etc., of the threat (this is the effort of the debates about Zero Trust).
So, what would be the rationale for using this new term, of "threat", "threats" associated with Zero Trust?
Especially since perimeter, for example, has often shown that it is effective close to a limit... So do the appropriate policies... Or the old cybersecurity efforts that have been developed over time, since cybernetics took the unbridled momentum of the present moment.
Proof of the fact that there is something wrong is the fact that cybercrime is beginning to overcome the limitations of the imagination but, above all, it reveals to us the fragility of what already exists. The fragility that, already, also gives thought about the governmental, state levels (see the measures at the state, the governmental level that is imposed with the character of law).
And everything is "based" on an undeniable truth: The world of cybernetics is advancing far beyond human possibilities of adaptation, in fact, its requirements are those that permanently exceed us, without considering the financial possibilities of modifying the old and new structures of adaptation, evolution, etc., for example, to the new structures called Zero Trust, SASE, etc.
Then, above any effort, lies the world of cybercrime. A world that has practiced its every gesture precisely on the haste of development and adaptation that I mentioned before. A world that has persevered by accumulating cybersecurity problems, permanently developing their elements of fragility, and releasing them little by little, depending on the possibility of adaptation of those who fight for cybersecurity.
Where else do you put that this world of cybercrime, develops its systems also on account of state-funded activities (funded by the state), related to espionage, information control and/or utility, etc.
Yes, you read that right, in many ways cybersecurity specialists depend on far too many problems to have the maximum chance of success, being possible only to adapt, possibly reduce cyber risks (even the simple lack of training of simple or advanced users).
Starting from scratch, the problems with which cyber security must fight starting from the simple computer (computer system). There are many facts of the past that reveal problems with processors, memories, with storage media.
Advancing only on the hardware line we are dealing with almost any element of networking, connectivity, printers, blah, blah, blah, proven over time as elements exploited by cyber fragility.
About operating systems, whatever they may be, cyber troubles constantly tend to over-saturate any cybersecurity effort... Pay attention to the emphasis "whatever they may be".
Then comes the turn of the software elements, each with its own problems, with its possibilities of exploitation...
So, we come to a quick, valid, undeniable conclusion... Zero Trust seems like the only real alternative, at least for the start of a cybersecurity approach...
Yes, in the end, no one can eliminate the risk of cybersecurity, but a properly implemented and maintained ZTA can reduce risk and protect against common threats.
The title of this post says a lot... We will address the threats but, constructively, only after we have addressed solutions in the event of disaster prevention (they are a good starting point in understanding what we must do).
So, first, it's all about maintaining a Zero Trust mentality. And, in order to adequately address the modern environment to dynamic threats, it will be necessary to:
- Coordinated and aggressively monitor the system, system management, and defensive operations capabilities.
- The constant assumption is that all requests for critical resources and all network traffic can be malicious.
- The assumption is that all devices and infrastructure can be compromised.
- Accepting that all critical resource access approvals involve risk and preparing to perform rapid damage assessment, control, and disposal/mitigation operations.
In other words, the Zero Trust principles summarized in the previous post may be invaluable guidelines, but the basic principles are:
- Never trust, always check – Treat each user, device, application/ workload, and data flow with mistrust, authenticate and explicitly authorize everything with the least privilege required using dynamic security policies.
- Assume compromises – Consciously operate and protect resources assuming an adversary is already in the environment, by default reject and carefully review all users, devices, data streams, and access requests, continuously record, inspect and monitor all configuration changes, access to resources, and network traffic for suspicious activity.
- Verify explicitly – Access to all resources must be done in a consistent and secure manner, using multiple attributes (dynamic and static) to gain trust levels for contextual resource access decisions.
So, we come to a synthesis of some gestures that need to be structured, organized, etc. in a manner of constant, sustained action, which eliminates the static elements of perimeterization, and the other correlated ones, expressly desired to be placed as secondary elements in the Zero Trust architectures.
Let's now move on to the top ten strategies to mitigate cybersecurity (exposed by the NSA):
- Update and apply immediately available software – As much as possible it is advisable to automate processes to the maximum possible, possibly using an update service provided by the manufacturer; Automation is necessary because threat actors study the patches and create exploits, often shortly after the release of the patch, exploits called "N-day" that can be as harmful as a zero-day; Updates must be authentic, signed, and delivered over protected links to ensure the integrity of the content.
- Defend Privileges and Accounts – Assign privileges based on risk exposure and as necessary to maintain operations.
- Implementation of signed software execution policies
- Create a system recovery plan
- Actively manage systems and configurations
- Continuously demonstrate proactive efforts to detect / identify intrusions
- Use modern hardware security features
- Segment networks and deploy network defense systems
- Integrate threat reputation services
- Use multi-factor authentication.
So, new and new elements of action that are starting to look more and more clearly like policies...
And it is enough for this post!
Publication "NIST Special Publication 800-207" – Zero Trust Architecture.
Dorin M, January 6, 2022
Thank you for your visit!
Whenever you consider that it "worth", I expect you with feedback, comments, or donations in
the account RO95BRDE090SV31723640900 opened at "BRD-Groupe Société Générale" S.A. Romania or
Paypal donation (using the button below)
or on Patreon (using the button below).