Zero trust: is it a good solution against ransomware?

What zero confidence offers us in terms of security

In a zero trust network, trust is that the connected equipment should not be considered as authentic, even though it is linked and verified from a corporate network. It is based on a strict authenticity verification for each person and device that wants to access resources on a private network regardless of where they are. This concept of zero confidence that comes from english Zero Trust, it is most likely an extension of least privilege access. Thanks to it, it helps to minimize the lateral movement of attackers, that is, the techniques that cybercriminals use to explore networks. The principle we would apply would be never trust, always verify.

In a world of zero trust, we are not going to grant implicit trust just because we are behind the corporate firewall. Only authorized individuals have access to selected resources as needed. This concept is also found in Zero-Trust VPNs.

Basic components that Zero Trust must have

If we want to efficiently implement zero trust, companies must understand its three basic components. The first, we have to have some guiding principles These include defining business outcomes (knowing what we are trying to protect and where it is located) and designing from the inside out identifying the resources that need protection at a granular level and building security controls. They would also describe the identity access requirements with a more granular level of user and device access control management, and inspect and log all traffic.

Second we have to have a zero trust network architecture It is made up of the protected surface (data, applications and resources most valuable to the company) and micro perimeters that protect a resource rather than the network environment as a whole. We will also add micro-segmentation, for the segregation of the network environment into zones based on the different functions of the business, and access to the least privilege in which access to resources is granted according to the function of the worker and their activities.

On the other hand, the third basic component is the technologies that enable zero trust. In this aspect there is no single solution, but we could use, for example, technologies such as identity access management, multi-factor authentication, single sign-on, user and entity behavior analysis, and also next-generation firewalls. .

Zero trust as a solution to the ransomware problem

Zero trust is not a definitive solution for ransomware attacks, however, if implemented well, it can help create a much stronger security defense. Human error is often the leading cause of cyberattacks. By focusing zero trust on user identity and access management focus, it helps reduce the attack surface significantly. This is because both internal and external users only have access to limited resources, and the rest are hidden. Also, zero trust adds threat monitoring, detection and inspection capabilities, which are necessary to prevent ransomware attacks and exfiltration of private company data.

There are also some concepts in relation to zero confidence:

  • It will not eliminate the dangers of ransomware entirely, although it will significantly reduce the likelihood of such an attack.
  • No single technology solution can help us achieve zero absolute trust.
  • It is not designed to solve all security problems.
  • The segmentation of users and resources sounds great, but in practice it is quite complicated to implement.

Ultimately, zero trust requires the commitment of the entire company, it is not enough for IT and security teams, and it requires a change in mindset and a radical change in architectural approach. It should also be executed with great care and thought, keeping in mind a long-term perspective and that one wrong move can leave you worse off.

Related Articles

Leave a Reply

Your email address will not be published.