By Gaurav Mohan, VP, SAARC & Middle East, NETSCOUT
As hackers continue to create new attack methods and become more sophisticated, the traditional view of a solid exterior perimeter being the best defence against compromise has proven untenable.
When we dissect the conventional security assumption that everything within an organisation’s network is trustworthy, the situation worsens. This means that if threat actors are present on the network, they can move laterally within it, allowing them to instigate further breaches.
According to an in-depth analysis by IBM, the cost of a data breach in KSA and UAE has risen by 9.4% over the past year. These incidents’ cost is much higher than the global average of $3.86 million per breach and is the second highest of the 17 regions evaluated. So how can organisations protect themselves from the growing threat both inside and outside their networks?
The Zero-Trust Principle
The good news is, Zero-Trust architecture was created to tackle this issue, enabling services that accelerate digital transformation while enhancing the security posture of the network. In the Middle East, nearly 80% of the critical infrastructure organisations surveyed by IBM did not adopt zero-rust strategies, resulting in average breach costs of $5.4 million, a $1.17 million increase over those that do. And ransomware or damaging attacks accounted for 28% of these breaches.
The Zero-Trust design principles provide a new solution to an age-old problem, safeguarding networks and data. Consequently, businesses of all sizes are rethinking their security architecture, policies, and procedures in order to implement zero-trust features.
Zero-Trust is an architectural approach in which inherent network trust is eliminated, the network is presumed hostile, and each request is checked based on an access policy. In order for a request to be deemed trustworthy, context must be sought. This depends on a number of criteria, such as robust authentication, authorisation, the health of the device, and the value of the data that is accessible.
Multifactor authentication (MFA) is one example of a Zero-Trust technique. MFA offers an additional layer of protection by requesting additional evidence of user identity. Before accessing a resource, users may be required to scan their fingerprints or confirm a PIN delivered to their device. From the standpoint of Zero-Trust Architecture, MFA is used as a double-check against its own security procedures to ensure that users are who they claim to be. This considerably minimises the likelihood of malicious actors gaining access to data, devices, and systems via compromised credentials.
Protecting the Security Pillars
The Zero-Trust concept is easily visualisable as a set of pillars representing various security domains, including devices, apps, and users. All of these pillars are supported by the underlying features of a Zero-Trust Architecture, those being analytics, visibility, automation, and governance. The adoption of Zero-Trust is a long and ongoing process. As enterprises polish their architectures, their solutions become increasingly dependent on comprehensive visibility and monitoring, automated processes, and systems, as well as moving closer to full integration across all pillars. This allows organisations to make policy implementation decisions with greater agility.
Moreover, implementing and developing a Zero-Trust Architecture takes time. As policies, processes, and tools are upgraded, the architecture will continue to evolve. However, verification and consistent audits of Zero-Trust models are essential for proving the efficacy of an organisation’s security procedures. A distinguishing characteristic of a Zero-Trust Architecture is that it comes with no false sense of security. In conventional perimeter-based models, any activity occurring within the network is deemed trustworthy since it is assumed that all users and activities within the network have already been authenticated and are authorised to be there. This architecture, therefore, presumes that insiders are never harmful or destructive and that perimeter security is infallible.
However, this paradigm contains obvious problems. There are a number of circumstances in which people and events within a perimeter should not be trusted, such as when a cybercriminal has acquired access using compromised credentials, allowing them to misuse privileges or move laterally across the network. A Zero-Trust design prioritizes security against potential insider threats, hence preventing such an occurrence.
When it comes to implementing a Zero-Trust Architecture, comprehensive visibility of the entire network is a necessity for all organisations. This ensures the effectiveness of the zero-trust model. In addition, the design should include network taps to replicate wire traffic and a tool capable of duplicating and disseminating packets to existing cybersecurity monitoring tools.
Organisations should also be able to use protection groups to classify networks, servers, and services according to the danger posed to them. This will facilitate the speedy implementation of a Zero-Trust Architecture. Moreover, visibility and analytics must be essential components of the detection and validation of a company’s Zero-Trust Architectural design, regardless of whether the organisation is just beginning its zero-trust implementation journey or has already made significant progress.
Only with this level of insight can organisations view historical usage, trace networked devices, and assist in organising mitigation via Application Programming Interfaces (APIs) – and ultimately, discover all the possible dangers to their network and data.