blog-zero-trust-security-model.jpg

What is Zero Trust?

The simplest description of Zero Trust is that nothing in a network environment should be trusted until it is validated against a list of known values. This means users, systems, and processes are all validated prior to any action being authorized, whether that is a login (access), an automated process, or a privileged activity (authorization).

Using this approach, nothing in the network is assumed to be trustworthy until it has been verified. Even when a process or command is validated, strong controls are put in place to ensure that any potentially damaging activities are tightly restricted to limit possible damage to revenue generating systems.

Cyberwarfare differs from the traditional warfare models that most people understand in one significant way – it is entirely defensive in nature, and there are no offensive capabilities in a corporate environment. Unfortunately, within the realm of legality, the only option for corporations is to be able to withstand an attack from an external adversary. Developing defensive strategies, and monitoring the perimeter of the network are literally the first line of defense in the protection of a corporate network. The Zero Trust model brings a lot of focus to the potential that something, or someone within the network perimeter has been compromised. This has often been overlooked in most cyber-defense strategies because the focus has been on external threats, and the assumption has been that the internal network is safe and trustworthy.

Corporate network environments have traditionally been built with the idea of securing an external perimeter against penetration from external sources. Although this is a good starting point, it does little or nothing to secure an environment from an internal threat. Nobody likes to think that someone inside their network would do something to cause a security compromise, whether inadvertently, or deliberately, but common-sense dictates that this must be considered in a healthy security program.

It is important that the reality of an internal threat be confronted directly in a security program. Although every effort is made to ensure that users are thoroughly vetted during the hiring process, seldom do programs account for changes once the initial background checks are run, or baseline scans are run on servers.

Originally proposed in 2010, the Zero Trust security model in its purest form has largely been determined to be impractical in most customer environments. Discussions related to implementing this model are often heated, and tend to devolve to an ‘all or nothing’ disagreement over whether it should, or can, be practically implemented in a corporate environment.

BeyondTrust products support the practical and intelligent implementation of elements of a Zero Trust security model in corporate networks using pieces that make sense but don’t hamper productivity. This hybrid approach provides companies with the ability to select the parts of the Zero Trust model that make sense to implement in their environment with a common-sense approach toward long-term security. Ultimately, the goal of any corporate computing network is to assist with revenue generation, so implementing controls that don’t interfere with that goal is important to the bottom line.

BeyondTrust and “Zero Trust”

The key to implementing elements of Zero Trust within a corporate network is to concentrate on controls that restrict access from point to point within the network environment, and detect unusual activity rapidly. Restricting lateral movement within the network, or the ability to move from point to point once access is granted is key to this strategy. BeyondTrust products offer the ability to help in this area.

PowerBroker Password Safe (PBPS)

PowerBroker Password Safe helps discover and secure login credentials on all servers and network devices within a customer environment. In addition, discovery scanning can assist with detecting and securing newly provisioned identities on servers. Using the strong controls that authorize access to specific servers, or credentials, and scheduling capabilities, it is possible to secure servers from unauthorized access. Some of the key features that are standard in PBPS that will help to control access within an environment are:

Retina Vulnerability Management

Retina helps discover and scan assets for vulnerabilities within an environment. Applying a regular scanning schedule provides an internal and external view of the health of a customer environment.

PowerBroker for Unix & Linux (PBUL)

PowerBroker for Unix & Linux is an agent-based solution provides absolute control over activity on Unix and Linux operating systems. It is expected that Unix and Linux servers will comprise nearly 85% of all servers in corporate environments over the next several years. Most cloud services offer low cost Linux servers primarily, and due to the open source software model of the Linux operating system, it is a cost-effective solution for most enterprises. Developing strong controls over users and activity will be crucial to deliver peace of mind. Some of the key features that have been implemented in customer environment that provide advanced levels of control and support the Zero Trust model are:

PowerBroker for Networks (PBN)

PowerBroker for Networks is designed to provide strong control over network devices where other tools cannot be installed. Typically, network devices provide little or no control over user activities once access is gained. Using PBN, it is possible to strictly validate all activity prior to execution.

PowerBroker for Windows (PBW)

PowerBroker for Windows provides strong control over Windows operating systems on both servers and desktops. This level of granular control over program execution delivers complete control over user activity and can transparently authorize privileged or administrative activity using user group or role membership.

BeyondInsight, the PowerBroker Privileged Access Management Platform

The PowerBroker Privileged Access Management Platform is a central interface that provides a dashboard view of activity within the network. This interface takes input from all available sources and builds a risk profile for servers, and users to baseline standard behavior. The more products that report into the console, and the larger the data set, the better the analytics. The analytics console looks at user behavior and baseline characteristics of activity, and can report when suspicious user, account, or asset activity takes place.

Practical Application of Zero Trust

Combining all of the elements of the above products, it is possible to enforce the best elements of a Zero Trust model in any corporate environment without disrupting business processes. Zero Trust is really about knowing who is doing what within your network, and making sure that in the event that something uncharacteristic happens you have the ability to respond to control or limit any threats to the network.

As a corporate information security program matures, it is possible to intelligently apply stronger controls over activity in an environment. Shifting the focus from looking at external threats primarily to take a holistic view of both internal and external activity provides a new level of protection to a corporate network. Setting aside the tradition of securing the perimeter and trusting everything internal is the first step toward implementing a Zero Trust model. Combining many risk factors, such as server maintenance windows, user work schedules, point of origin, and behavior monitoring, it is possible to achieve most aspects of Zero Trust without implementing draconian controls that would hamper creativity.

BeyondTrust is happy to help customers who have a desire to rationally implement these elements into their security program. Please contact us for further information, and to consult on how this can be approached in your environment based on your use cases and situation.