Zero trust: The key to stopping internal and external attacks

Towards the end of 2018, Gartner reported that over 50% of IoT device manufacturers were unable effectively to tackle threats stemming from weak authentication. What’s more, according to PandaLabs, malwareless attacks have increased in 2019.

These kinds of attacks are harder to detect, and represent new, more advanced tactics used by current cybercriminals, who carry out targeted attacks with proprietary malware, legitimate applications and goodware.

When dealing with such a landscape, the most pressing task is to detect suspicious behaviours, from users, machines, and processes. In fact, according to PandaLabs, the main challenge for 55% of companies is the detection of advanced threats.

To deal with such threats, companies must renew their security strategies. This involves questioning who is connecting to their network, why they have access to it, how long they have been able to access it – and when this access will stop – how they access it, and, most importantly, what information they can see. In other words, more complete techniques need to be employed, implementing zero trust policies where the concern isn’t finding flaws according to their origin, but rather according to their target.

However, as Forrester points out, most organizations are not really implementing the zero trust framework effectively. This is in part down to the fact that they don’t fully understand the technology and the organizational changes needed to put it into practice.

Zero trust makes use of technology such as multi-factor authentication, IAM, orchestration, analysis, encryption, scoring and file system permissions. It also requires governance policies, such as giving users the least amount of access that they need to perform a particular task.

What’s more, an appropriate zero trust strategy requires at least three key elements for a company’s cybersecurity to be covered: the network; data; human resources; workload; automation, visibility, and analysis; and a powerful API that allows integration.

Once this model has been adopted, the company is in an advantageous situation; it can tackle both external and internal attacks with a higher degree of control over security. Ultimately, it is of utmost importance to consolidate a zero trust policy as the only valid cybersecurity approach in any company, without affecting its day-to-day activity, combining technologies to search for and react to anomalies with the human work of advanced cybersecurity experts.

This is what the experts who attended the second Panda Security Summit on May 23 explained: zero trust is the only valid approach to stop new cybersecurity threats. Monitoring all activity, exposing any suspicious activity, focusing on the information that attacks are targeting, even before they can take place… All of these activities are part of anticipation and intelligence production, and are vital steps in dealing with the new modus operandi that we touched upon at the start.

Within that anticipation lies a great challenge: detecting threats coming from users, who are very often members of the organization itself. This means that security analyses need to work on different levels: in cases where internal attackers or people from the organization itself pose a threat, deep learning and sophisticated security analyses are vital. When it comes to known or unknown threats that can be identified in an agile way, statistic models and simpler machine learning can be used, with medium or low level of analysis sophistication.