Why Zero Trust in Endpoint Security is Necessary
Many organizations have experienced a dramatic growth in remote laptop and mobile devices, and this rapid adoption often results in substantial gaps. Despite an average spend of over $4 million per annum on endpoint protection, 48% of all endpoint devices remain undetected by their organizations’ IT departments.
As a result, they receive next to no protection, and their underlying software becomes increasingly outdated as patches and maintenance go unfulfilled. Thanks to these shadow endpoints, 63% of surveyed enterprises also find a lack of visibility to be one of the most significant cyber threats to their overall security posture.
While it’s (usually) non-mission-critical devices that are operating off-radar, the legacy approach of perimeter security means that these devices often still benefit from trusted access to internal resources.
These are the access points so valued by attackers.
Once access has been gained, perimeter-based protection such as an Intrusion Detection System (IDS) can only detect whether this endpoint then begins acting in a recognizably malicious way. Lateral movement across established trust links allow an attacker to broaden their understanding of your vulnerable areas and launch an attack accordingly.
Zero trust eliminates the potential links between devices and removes any access they’ve previously had to sensitive resources and databases.
The Core Principles of the Zero Trust Model
The zero trust philosophy makes two core assumptions:
- “Assume the network is always hostile”
- “Accept that external and internal threats are always on the network”
While these may seem drastic on paper, consider how a perimeter-based security posture assumed that everything outside the safe zone was dangerous – zero trust is simply an extended form of this. By reducing the ‘safe’ zone down to individual endpoints, zero trust in endpoint security allows enterprises to remove the assumed trust that attackers rely on for lateral movement.
As a result, cyber threats are significantly diminished. But knowing a philosophy is one thing – actioning it is another beast entirely.
The following components are detailed by leading standards bodies, such as NIST:
- Verify continuously: Verification needs to be gained before and during access – all the time, for all resources.
- Limit the blast radius: Work to minimize any assumed trust, thereby reducing damages in the event of a breach.
- Automate context collection and response: The most accurate insight and response can only be gained by incorporating behavioral data and context from the entire IT stack.
How to Implement Zero Trust in Endpoint Security
A user-first approach to zero trust aims to grant or deny access based on three things: who the user is, whether the device is safe, and the IAM policies of your organization.
This could look like the following:
An authorized employee is using one of the newly-assigned mobile devices, and wants to print a page from a shared PDF. Making a request to the printer, the validity of both devices is confirmed, before access is granted.
After this, the employee then realizes they need an app to print from their phone, so goes to the app store and downloads an unauthorized app. Because mobile devices are monitored – and this download has altered its trust score – their access to the shared PDF is now placed under heavier scrutiny.
This can take the form of downgraded, view-only access, or simply be a datapoint for the behavioral analytics engine in the background.
To achieve this, zero trust often demands a few of the following abilities:
#1: Biometrics & Multi-Factor Authentication (MFA)
When trying to establish user identity, biometrics stand as the champion.
Connecting your users to their corresponding trust profile is crucial to assessing their normal behavioral profiles, and therefore their risk. Achieving this user-device link in a different way is MFA, though there’s generally more user complaints around MFA’s inconvenience when it’s clumsily implemented.
#2: Identity and Access Management
IAM allows for one user to be authenticated across multiple cloud platforms, and often internal systems.
This is how a security team is able to assess and enforce a user’s own security policies depending on the specific device they’re using. To achieve this level of visibility for remote endpoints, they need to be registered on a cloud identity provider.
#3: Access Rules
Some rules that you may want to include are:
- Requiring a device to run a minimum version of its OS
- Not being rooted
- Remaining at a certain threat level, as judged by a zero trust provider’s analysis engine.
Alongside these access rules, consider setting remediation advice – meaning that users of noncompliant devices understand how to resolve the issue. It’s with these rough guidelines in place that you can begin assessing the tools on the market, and how well your current one fits your organization’s demands.
Understanding what the security controls are, how granular their trust frameworks are, and how they handle unclassified data are all crucial to assessing an endpoint zero trust provider’s suitability.
Gain Full-Stack Zero Trust with Check Point
Avoiding piecemeal solutions lets you cut out shadow devices for good, and prioritize the genuine users and devices that your enterprise relies on. Check Point’s approach to zero trust is driven by cohesive compliance across people, devices, and networks – unified into a single pane of glass.
Miercom’s zero trust tool assessment provides an in-depth comparison of the space’s new and exciting offerings.
Since Check Point’s approach is holistic, you’re poised to gain a contextual understanding of concerning behaviors, see how well your organization is adhering to corporate regulations, and set up tight-knit automation with neighboring components of your IT and IAM tech stack.
See here to find out how Check Point plays a vital role in absolute zero trust.
Comentarios