The Zero Trust Strategy

Sub Title : An informative feature on vulnerabilities and strategy to reduce risks to zero. An end-to-end cybersecurity strategy called ‘Zero Trust’ provides a useful antidote to the problem

Issues Details : Vol 15 Issue 4 Sep – Oct 2021

Author : Major General Harvijay Singh, SM (Retd)

Page No. : 60

Category : Military Technology

: October 4, 2021

The inclination to Trust often leads to Vulnerabilities that can be Exploited to Attack. A vicious deficiency in any Relationship and System.

Vulnerability is a weakness or opening that allows unauthorised persons to find a way into a website, operating systems, web applications, software, networks, and other Information and Communication Technology (ICT) systems.

Exploit is a specific code or technique that uses a vulnerability to gain unauthorized access.

Attack would be from hackers and targeted attacks such as ransomware and malware outbreaks

Simply stated; Vulnerability is an opening and the exploit is something that uses the opening to gain access. This access ultimately leads to an attack on the compromised systems. The need, therefore, is to reduce the risk arising out of these vulnerabilities; an end-to-end cybersecurity strategy called ‘Zero Trust’ provides a useful antidote to the problem.

Zero Trust starts with the presumption that no user, endpoint/workload, application, or content can be trusted at any entity. It must be scanned to validate the identity of the endpoint, workload, or application that it communicates with as well as scan any content that it sends, receives, or maintains at rest for malicious activity.

Like any other competitive activity, there will be compromise of give and take, i.e What are the users willing to lose in case of a cyber-attack versus how much are they willing to put into preventing and mitigating those attacks?

While Zero Trust can be a little overwhelming in terms of resources, time and budgets, the take in terms of defeating persistent breaches is overwhelming. Trust is focused across four major components:

  • Users.
  • Endpoints and Workloads.
  • Applications.
  • Content.

Users. In the issues of Cybersecurity vulnerabilities, people are either the strongest or the weakest link against threats. Human error and weakness more often provide the vulnerability window to exploit systems. Any Cybersecurity Strategy must therefore begin with a user.

Endpoints and Workloads. These are remote computing devices that communicate back and forth with a network to which they are connected. They include: Desktops, Laptops, Smartphones, Tablets, Servers, Workstations, and Internet-of-things (IoT) devices. Endpoints represent key vulnerabilities. Mobile users connecting to internal resources from off-premises endpoints are among the most vulnerable. In a worst-case scenario, attackers can take control of the device and use it in a botnet to execute a DoS attack.

Applications. Today, our daily lives depend on apps (applications) for instant messaging, online banking, business functions, and mobile account management. According to Juniper Research, the number of people using mobile banking apps is approaching two billion—around 40 percent of the world’s adult population. While the convenience that these apps afford is great, the vulnerabilities associated with them are also humongous – Content Management Systems and e-commerce platforms are the most targeted.

Content. Content in simple terms is the data stored in a PC, server or network nodes. User satisfactions is achieved through improved data access by enhancing bandwidth and minimizing latency. Content will include: Web objects, applications, database queries, downloadable data objects and media streams. Active content is a type of interactive or dynamic content that includes programs like Internet polls, JavaScript applications, stock tickers, animated images, streaming video and audio, weather maps, embedded objects etc or, be sent via instant messages and email. Active content may automatically download into users’ computers without their knowledge or consent and deliver and execute malicious code on users’ computers. Malicious and harmful programs take full advantage of the vulnerabilities present in active contents.

Risks are the product of several seemingly small deficiencies in various parts of the system. Taken together, these oversights can add up to serious consequences. Many cyberattacks rely on user inattention, escalated privileges and/or sideloaded software. With the cloud, fragmented network of networks, the networks have numerous edges, and the overall surface of the vulnerabilities expand.

Preventing Targeted Attacks

Data is stored on the PC, Servers and the Cloud; protection of the network as a system of systems therefore is crucial. Establishing complete protection includes Network Access Control to oversee devices on the network and assessing risks related to data storage and transmission and continually monitoring the network by creating enhanced visibility. This allows real time analysis of malware, oversight of command-and-control communications, and monitoring of suspicious activities.

  • A judicious risk assessment; determining the relevance of the threat and likely effect on the system.
  • Continuous/real time assessment of vulnerabilities; to decide on what assets were exposed to prepare an action plan and extract metadata from network traffic.
  • Sandboxing: programs are enabled in their own isolated area, where they can be worked on without posing any threat to other programs.