3 minute read
ZERO TRUST AND DEEP OBSERVABILITY: THE CYBERSECURITY PARADIGM
from VAR Magazine
By Garth, Senior Director at Gigamon
system, the only users are employees, or the network used to be secure. But these measurements of trust are not adequate. Trust based on assumption is leaving organisations vulnerable and open to risk. For threat actors, these negligent metrics of trust can be used against an organisation, enabling network infiltration and data breaches.
Advertisement
A Zero Trust framework eradicates any implicit trust and instead analyses whether an organisation should allow access for each individual case. With Bring-your-ownDevice (BYOD) strategies so prominent following the rise of remote and hybrid working, it is more important than ever before that trust is earned rather than freely given. Everything should be considered a potential threat until proven otherwise.
However, it’s not a simple nor quick architecture to implement. There are many components to Zero Trust and most organisations are still at the very beginning of their journey. Micro-segmentation, for example, is an essential part of Zero Trust. It provides the therefore critical in supporting a comprehensive Zero Trust strategy.
Ultimately, Zero Trust’s main goal is to discover and classify all devices that connect to the network — not just those with endpoint agents installed and operational — and to strictly enforce a least-privilege access policy based on a granular analysis of the device. This is impossible to do for assets, devices, users and traffic you cannot see.
Security teams who combine Zero Trust and deep observability will be best placed to prevent cybercriminals from infiltrating their network and therefore to ensure the continuity of their business. With cybercriminals becoming increasingly sophisticated, and attacks being much more strategic, this holistic visibility is essential in helping organisations reduce risk. Adversaries will no longer be able to hide behind blind-spots and operate undetected.
Looking To The Future
Today’s technology landscape demands
From healthcare facilities to large financial institutions, no industry is completely safe from ransomware. It has become a huge risk to business continuity and it’s now a common discussion in boardrooms. In response to the exponential rise in ransomware, Zero Trust architecture has become a well-regarded solution to protecting both on-premises and the cloud. In fact, while only 51% of IT and security professionals in EMEA claimed to be comfortable implementing Zero Trust in 2019, that number rose significantly to 83% in 2022.
Put simply, a Zero Trust architecture removes the implicit trust that’s given to internal network traffic, users or devices. With this defence in depth approach to security, businesses can improve both productivity and resilience, as systems run more efficiently and downtime can be reduced. However, to get Zero Trust right, security teams need to ensure they achieve deep observability from cloud to core.
Why Zero Trust Matters
Implicit trust within the tech stack can be a huge liability for organisations. IT teams often struggle to implement the appropriate trust measures; they usually take for granted that the organisation owns the ability to control workloads in a data centre or a multi-cloud environment with granular policy controls and restricts the spread of lateral threats. Yet it is only one element in a wider defence in depth strategy. To make it all possible, IT and security teams need absolute visibility and insight into what is happening across their infrastructure.
The Role Of Deep Observability
Deep observability is the addition of real-time network-level intelligence to amplify the power of metric, event, log and trace-based monitoring and observability tools in order to mitigate risk. With it comes increasing intelligence to bolster an enterprise’s security posture – because while threat actors can bypass endpoint detection and response tools or SIEMs, they will leave behind a trail of metadata that deep observability allows security teams to analyse. It is change and reliability for the future. The very nature of cloud-based applications and the expansion of SaaS (Software-as-aService), combined with the hybrid working model, means that Zero Trust is becoming increasingly popular for businesses concerned about becoming ransomware’s next target. However, if organisations are going to commit to this security initiative, they need a strategy in place to help them get there. Discussions in boardrooms need to continue, and IT and Security teams should be putting plans in place that span the coming five years and realistically reflect the challenges security teams face in their day to day.
It’s no secret that ransomware now presents businesses with one of the biggest enterprise risks of our generation. Zero Trust enabled by deep observability will be crucial to ensuring business continuity in 2023 and beyond.