Taking Your Zero Trust Strategy to the Endpoint

July 11, 2022

Twenty percent of organizations recently admitted that a historic cyberattack almost rendered them insolvent. That’s pretty sobering information in a world where threats are rising, geopolitical tensions are sky-high and the cybercrime underground is thriving. CISOs could be forgiven for wondering if now might be the time to join the Great Resignation and find a less stressful means of employment.

 

Help is available. Although by no means a silver bullet, Zero Trust offers a smarter way to manage enterprise cyber risk. The key is to understand all three elements: the user, what data they’re trying to access and – most critically - the status of their endpoint.

 

 

No More Castles, No More Moats

Traditional network security was built around a simple idea: a locked-down perimeter through which all users had to pass if they wanted access to the network assets within. Once they authenticated and passed through this “moat,” they were trusted implicitly to wander freely inside the castle grounds. Until recently, this was referred to as network based Zero Trust. It’s more correctly an “implicit trust” implementation.

 

The problem with this setup is pretty obvious. If a user’s credentials are stolen, it becomes rudimentary for an attacker to gain network access. If little security is focused inside the perimeter, attackers are left largely undisturbed to move laterally, steal data and deploy malicious payloads.

 

The pandemic accelerated the idea of Zero Trust. The world is no longer as simple from a computing perspective as it once was. IT environments are distributed across home working endpoints, cloud applications and infrastructure. That puts more pressure on IT to control access depending on what data or applications the user is attempting to reach. It makes the endpoint effectively the new perimeter.

 

But what if those endpoint devices are unpatched and misconfigured or connecting through unsecured Wi-Fi? In this new era it’s not just the user and data that needs to be monitored and authenticated, but also device posture.

 

 

The Zero Trust Difference

This is where Zero Trust comes in. But it has evolved from the "implicit trust" above into what's considered "explicit trust." It combines the notion of least privilege with contextual access to create a more agile security model fit-for-purpose for the cloud and mobile era. It’s about never trusting and always verifying. Once tested and approved, the network is segmented and what users can access is minimized to only what they need to do their jobs. This reduces the attack surface and the potential blast radius of attacks if threat actors do get in — all without impacting productivity.

 

Here’s the problem: while many organizations focus on the user and the application they’re trying to reach, they often forget the endpoint. That could be a critical omission in a world where vulnerability exploitation is on the rise. In fact, a record number of bugs were published on NIST’s National Vulnerability Database (NVD) last year, the fifth year in a row an all-time record has been set. Hundreds now exist on CISA’s “must patch” list: the Known Exploited Vulnerabilities Catalog. A misconfigured or unpatched endpoint could be as useful an attack vector as a stolen credential with the potential to bring the whole Zero Trust model crashing down.

 

 

Speed, Precision and Continuous Visibility

So what do organizations need to create effective Zero Trust policies? From an access perspective, it means focusing on:

 

  1. Multi-factor authentication (MFA) to validate the user
  2. An understanding of the applications they need to access
  3. Endpoint management and security to ensure the device is secure

 

From the lens of an endpoint security vendor, organizations need capabilities including:

 

  • Continuous checks for compliance with security policies at speed and scale across all enterprise endpoints
  • Visibility into configuration and vulnerability management status
  • Frequently refreshed risk scores based on the above
  • The ability to dig deeper if policies are broken
  • A vendor that integrates with third-party providers via open APIs
  • The speed to authenticate devices in the blink of an eye while other checks are being made, minimizing user friction

 

 

The Road Ahead

Zero Trust is no longer a “nice to have”. With the federal government now obliged to follow this path, there is a growing consensus that this should be the direction of travel for all organizations. This makes sense, especially in the context of increasingly sophisticated supply chain attacks like the SolarWinds and Kaseya campaigns that rely on exploiting trusted applications. Zero Trust makes these attacks harder for the bad guys and enables security staff to flag sooner when something is wrong.

 

Like security, Zero Trust is a journey rather than a destination. In time, we may begin to see a larger role for applications themselves in deciding whether to trust a particular browser or user. For now, organizations should focus on getting the basics right. That means remembering the outsized role that endpoint checks have in the Zero Trust process.

Tim Morris
Financial Services Strategist | Tanium
Tim joined Tanium in May 2021, after retiring from Wells Fargo, where he spent 21 years. He led the Cyber Threat Engineering and Research teams within Information & Cyber Security for the bank.

Tim has worked with almost every facet of computer and network technologies. Concentration has been with endpoint detection & response, systems & patch management, and vulnerability assessment. He has built teams that manage: endpoint security, platform engineering, incident response, digital forensics, and offensive security, i.e., "red team".

Tim was first introduced to Tanium in 2008. However, he didn't begin working with it fully until 2013. Tim was privileged to have the opportunity to be one of the first to deploy & manage Tanium at a large scale on 500K endpoints. At the same time, he was able to build one of the best cyber security engineering teams in the industry. Their effectiveness and efficiency were due in large part to Tanium - The best incident response and system management tool in the industry.

Optiv Security: Secure greatness.™

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.