• Lanny Hart

Why should you trust Zero Trust?

Today's IT landscape sees one story after the other where an organization announces that they were the victim of a breach where sensitive data has been either encrypted via ransomware, exfiltrated, or both. Over the past five years, breaches and cyber-attacks have dramatically increased year-over-year.

According to a 2022 CISO report released by CrowdStrike, the volume of ransomware data leaks increased 82% in 2021 compared to 2020. To make matters worse, the threat landscape is expanding and malicious actors are moving beyond malware-based attacks – beginning to utilize methods that are termed "living off the land".

"Living off the land" is where threat actors use compromised credentials and built-in tools like PowerShell to compromise an organizations network.

The same 2022 CISO report showed that in the fourth quarter of 2021, 62% of all detections that were indexed by CrowdStrike did not contain malware.

Okay, so there's no doubt that the threat landscape that all organizations must navigate today is fraught with danger at every turn. This has led to an explosion of security products and terms that have been brought to market to protect us from the threat actors. Acronyms like EDR, MDR, XDR, SIEM, 2FA, and MFA have been front and center when discussing solutions to secure an organization's network.

While I believe in a layered security approach and each of those solutions can be used to establish a robust solution to protect your organization, there is another solution that has started to gain attention over the past year. It’s an especially valuable asset in the continued fight against threat actors.

Enter Zero Trust.

Zero Trust is an approach to cybersecurity where only what is explicitly allowed to run can run. Having a Zero Trust solution in combination with other solutions like 2FA, a managed EDR platform, and a robust backup strategy is a well-balanced and affordable way to protect your organization.

There are many different applications that classify as Zero Trust, such as endpoint security solutions and internet facing solutions. In fact, many of today's endpoint security Zero Trust solutions go well beyond simply performing application white-listing. A strong Zero Trust solution can also be used to establish policies to protect storage (especially storage used for backups and extremely sensitive data).

Some Zero Trust solutions have a feature often referred to as “ringfencing” – which focuses on preventing threat actors from using tools such as PowerShell to exfiltrate data or access their command-and-control infrastructure on the internet.

As the threat actors continue to advance their capabilities, Zero Trust solutions will continue to gain acceptance as a crucial tool to effectively protect your network.

P.S... It wouldn’t be a surprise to me if having a robust Zero Trust solution soon becomes a requirement to be able to purchase cyber-insurance in the near future.

Lanny Hart, Technical Architect & IT Security Officer