Page 231 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 231
Initial deployment and monitoring: During the initial deployment, the Zero Trust model can operate in
reporting-only mode to ensure that the key process and their related policies are operative and
comprehensive. In this mode, access is granted for most requests, and these sessions are logged and
continuously monitored to detect baseline patterns for the workflows. With a substantial understanding
of the baseline behavior of every asset and subject of the enterprise, it is easier for security teams to spot
an anomaly and prevent attacks.
Expanding the Zero Trust architecture: Once the enterprise enters a steady operational phase, it can
expand the architecture by including new devices, changes in network infrastructure and replacement of
legacy systems. However, the network, its subjects, and assets are still monitored, and policies are
refined to improve the model's efficiency.
Shortcomings of the Zero Trust security model
Eliminating cybersecurity risk entirely is a far-fetched expectation. Although enterprises can reduce the
overall risk of cyberattacks by properly implementing and continuously monitoring the Zero Trust security
model, the architecture is prone to challenges, and organizations need to learn to overcome them. While
customizing the Zero Trust architecture in a piecemeal approach, legacy solutions can create policy gaps
that bad actors use as loopholes to control the network.
Cybersecurity professionals must be extensively trained to configure and monitor the policy engine and
policy administrator properly because these components are responsible for making access-related
decisions. Any changes in these components' configuration must be logged and audited to ensure that
the decision-making process is flawless. Enterprise resources cannot interact with each other without the
policy administrator's approval. DoS attacks often block the communication path or traffic to policy
enforcement points from many users to disrupt the enterprise operations.
Enterprises that have security analytics to monitor and analyze the network traffic store the metadata for
forensics and build contextual policies. This data becomes a target for attackers as gaining insights into
the enterprise architecture can be a great advantage for further attacks. Zero Trust architecture is heavily
dependent on artificial intelligence and other software-based agents to improve the enterprise's security
posture. However, authenticating these components is an underlying issue. An attacker could gain
access to a software agent's credentials and launch a botnet attack to infect other systems.
231