Page 92 - Cyber Defense Magazine for August 2020
P. 92
Zero Trust Model – a Modern Cybersecurity Approach
Zero Trust attempts to fix the problems, and patch the holes, in our cybersecurity strategies. At the core
of it, the Zero Trust model is based on the principal of “trust nobody.” The Zero Trust model dictates that
no one in your network should be trusted completely, that access should be restricted as much as
possible, and that trust should be seen as yet another vulnerability that can put your network at risk.
Some of the precepts of the Zero Trust model are:
• Networks need to be redesigned in a way that east-west traffic and access can be restricted.
• Incident detection and response should be facilitated and improved using comprehensive
analytics and automation solutions, as well as centralized management and visibility into the
network, data, workloads, users and devices used.
• Access should be restricted as much as possible, limiting excessive privileges for all users.
• In multi-vendor networks, all solutions should integrate and work together seamlessly, enabling
compliance and unified security. The solutions should also be easy to use so that additional
complexity can be removed.
Danger of Security Blind Spots
In recent times, we have witnessed a phenomenal rise in the use of encryption across the internet. Google
reports that over 90 percent of the traffic passing through its services is encrypted. The same is true for
all the other vendors. This rise has been driven by many factors, including privacy concerns.
However, with encryption comes the creation of a “blind spot” in our network defences as most of the
security devices we use are not designed to decrypt and inspect traffic. The Zero Trust model is not
immune to this problem as visibility is considered as one of the key elements to its successful
implementation. Without complete encrypted traffic visibility, the model will fail, introducing vulnerabilities
that can be exploited by both insiders and hackers.
TLS/SSL Decryption – One of the Main Pillars of Zero Trust
A centralized and dedicated decryption solution must be placed at the centre of the Zero Trust model and
should be included as one of the essential components your security strategy.
Many security vendors will make claims of the ability to decrypt their own traffic, working independently
of a centralized decryption solution. However, this “distributed decryption” approach can introduce
problems of its own, including inferior performance and network bottlenecks, and fixing these would
require costly upgrades. In a multi-vendor, multidevice security infrastructure, the distributed decryption
also forces you to deploy your private keys in multiple locations, creating an unnecessarily large threat
surface in your network, which could be subject to exploitation.
Cyber Defense eMagazine – August 2020 Edition 92
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.