Zero Trust Model – a Modern Cybersecurity Approach

            Zero Trust attempts to fix the problems, and patch the holes, in our cybersecurity strategies. At the core
            of it, the Zero Trust model is based on the principal of “trust nobody.” The Zero Trust model dictates that
            no  one  in  your  network  should  be  trusted  completely,  that  access  should  be  restricted  as  much  as
            possible, and that trust should be seen as yet another vulnerability that can put your network at risk.


            Some of the precepts of the Zero Trust model are:
               •  Networks need to be redesigned in a way that east-west traffic and access can be restricted.
               •  Incident  detection  and  response  should  be  facilitated  and  improved  using  comprehensive
                   analytics  and  automation  solutions,  as  well  as centralized management and  visibility  into  the
                   network, data, workloads, users and devices used.
               •  Access should be restricted as much as possible, limiting excessive privileges for all users.
               •  In multi-vendor networks, all solutions should integrate and work together seamlessly, enabling
                   compliance and unified  security.  The  solutions  should also be  easy  to use  so  that additional
                   complexity can be removed.


            Danger of Security Blind Spots
            In recent times, we have witnessed a phenomenal rise in the use of encryption across the internet. Google
            reports that over 90 percent of the traffic passing through its services is encrypted. The same is true for
            all the other vendors. This rise has been driven by many factors, including privacy concerns.


            However, with encryption comes the creation of a “blind spot” in our network defences as most of the
            security devices we use are not designed to decrypt and inspect traffic. The Zero Trust model is not
            immune  to  this  problem  as  visibility  is  considered  as  one  of  the  key  elements  to  its  successful
            implementation. Without complete encrypted traffic visibility, the model will fail, introducing vulnerabilities
            that can be exploited by both insiders and hackers.


            TLS/SSL Decryption – One of the Main Pillars of Zero Trust
            A centralized and dedicated decryption solution must be placed at the centre of the Zero Trust model and
            should be included as one of the essential components your security strategy.


            Many security vendors will make claims of the ability to decrypt their own traffic, working independently
            of  a  centralized  decryption  solution.  However,  this  “distributed  decryption”  approach  can  introduce
            problems  of  its  own,  including  inferior  performance  and  network  bottlenecks,  and fixing  these  would
            require costly upgrades. In a multi-vendor, multidevice security infrastructure, the distributed decryption
            also forces you to deploy your private keys in multiple locations, creating an unnecessarily large threat
            surface in your network, which could be subject to exploitation.








            Cyber Defense eMagazine – August 2020 Edition                                                                                                                                                                                                                        92
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.