Page 231 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 231

Initial deployment and monitoring: During the initial deployment, the Zero Trust model can operate in
            reporting-only  mode  to  ensure  that  the  key  process  and  their  related  policies  are  operative  and
            comprehensive. In this mode, access is granted for most requests, and these sessions are logged and
            continuously monitored to detect baseline patterns for the workflows. With a substantial understanding
            of the baseline behavior of every asset and subject of the enterprise, it is easier for security teams to spot
            an anomaly and prevent attacks.



            Expanding the Zero Trust architecture: Once the enterprise enters a steady operational phase, it can
            expand the architecture by including new devices, changes in network infrastructure and replacement of
            legacy  systems.  However,  the  network,  its  subjects,  and  assets  are  still  monitored,  and  policies  are
            refined to improve the model's efficiency.



            Shortcomings of the Zero Trust security model

            Eliminating cybersecurity risk entirely is a far-fetched expectation. Although enterprises can reduce the
            overall risk of cyberattacks by properly implementing and continuously monitoring the Zero Trust security
            model, the architecture is prone to challenges, and organizations need to learn to overcome them. While
            customizing the Zero Trust architecture in a piecemeal approach, legacy solutions can create policy gaps
            that bad actors use as loopholes to control the network.



            Cybersecurity professionals must be extensively trained to configure and monitor the policy engine and
            policy  administrator  properly  because  these  components  are  responsible  for  making  access-related
            decisions. Any changes in these components' configuration must be logged and audited to ensure that
            the decision-making process is flawless. Enterprise resources cannot interact with each other without the
            policy  administrator's  approval.  DoS  attacks  often  block  the  communication  path  or  traffic  to  policy
            enforcement points from many users to disrupt the enterprise operations.



            Enterprises that have security analytics to monitor and analyze the network traffic store the metadata for
            forensics and build contextual policies. This data becomes a target for attackers as gaining insights into
            the enterprise architecture can be a great advantage for further attacks. Zero Trust architecture is heavily
            dependent on artificial intelligence and other software-based agents to improve the enterprise's security
            posture.  However,  authenticating  these  components  is  an  underlying  issue.  An  attacker  could  gain
            access to a software agent's credentials and launch a botnet attack to infect other systems.













                                                                                                            231
   226   227   228   229   230   231   232   233   234   235   236