What is threat hunting? Definition & Types
Threat hunting is a process of identifying malicious cyber activity on your network such as cybercriminals, malicious code and other vulnerabilities.
Zero trust is a security model which means to verify and never trust any user or machine who is trying to access the company network despite the fact, it is physical or digital access. A network design that is based on zero trust is known as a zero-trust network.
The traditional network security model follows Castle and Moat's philosophy. Where any previously approved identity inside the network is considered trusted while access from outside the network is controlled by Firewalls, Virtual Private Networks (VPN), Email Security, Security Protocols and Web Security, etc.
The passage of time and the emergence of modern technologies have made companies migrate towards hybrid or cloud infrastructure. Due to the increasing number of cyberattacks and remote users, it becomes harder to secure the perimeters and control of the network. Therefore, companies are adopting Zero Trust Network Model to secure their network efficiently. Zero trust network verifies every type of access attempt regardless of who and how and from where someone is attempting it.
One of the Forrester Analysts John Kindervag, has introduced the term “Zero Trust” in his research in 2010. The focus of his idea of zero trust is to trust no one and verify any request attempting to access a resource from a network. This original idea of zero trust is based on data center network design while this idea was later evolved to an identity-centric approach.
In 2014, Google adopted this identity-centric approach of zero-trust network with the name of Beyond Corp. Beyond Corp model used individual devices and users instead of perimeters for access control. Late in 2018, again Forrester Analyst Dr. Chase Cunningham with his team published Zero Trust Extended (ZTX) which emphasizes the extension of its network model more towards ever-changing and expanding attack surfaces.
The recent pandemic has shown us that cybersecurity must remain at the top priority for companies and specifically for SMBs. Zero Trust Network helps to achieve effective security measures for SMBs. The zero-trust security model can provide you with top-level security in the following use cases:
1. ZTN can provide you with continual identity verification for remote users of your company. When your employees are working from home, they need to access organizational data, resources, and services to do their job. ZTN helps you verify anyone who is trying to access your network by applying least privilege and it reduces the damage in case cyber-attack.
2. Most of the time organizations need to gain help from outside like outsourcing. In these cases, an outside company, partner, or third party may need some degree of access to your organization's assets, services, or database. Applying Zero Trust Model in this use case can help you to verify the identity of outsiders by applying Identity and Access Management (IAM) or Multi-Factor Authentication (MFA) so that you can manage their access to concerned resources or services of your organization.
Every model has core principles, the ZTN principles allow this security model not to trust anyone who is trying to access the organization network. Following are the core principles of ZTN:
The first principle of ZTN is that everyone inside and outside the network is untrusted. Everyone who is accessing the network of the organization must pass the identification phase regardless of their status of being human or machine, CEO or entry-level employee, insider or outsider, and the user or third party.
The second principle assumes that there is always a security breach in the network and the ZTN network keeps verifying the identity after a set period. If a User remains inactive for a specific time interval, ZTN enabled network will logout the user automatically and requires login when the user is active.
This principle of ZTN provides minimal privilege to the user of the network. The least privileges enable time and just enough access for the user and implement risk-based adaptive policies. For example, if a user needs to use Microsoft Office, then the user will only use MS Office. Users will not be able to use other software installed on the organization's network.
Implementation of ZTN varies from organization to organization, depending on their infrastructure and the flow of traffic and their users/clients. Nevertheless, here are some most common implementation techniques which every SMB’s must follow to secure a network using the zero-trust model.
In the first step, you must be aware of what you need to protect. Either it’s a service, data, or asset. Categorize and prioritize the importance of weak points which require protection from cyber-attacks.
Organizations have a tremendous amount of traffic flow on a daily basic 27/7/365. You must monitor and analyze your traffic flow continuously. Based on analysis, you can categorize the source of maximum and minimum traffic. This information will help you out while implementing ZTN.
As per the principle of divide and rule, it is easy to manage, control and secure the small chunks of the network instead of the whole network at once. Data from points 1 and 2 can be used to make the micro-segments of your network apply ZTN efficiently and effectively, which will prevent lateral movement of the attacker with effective micro-segmentation.
At this stage, you must construct a rough design of your zero-trust network. You must identify the points where you are going to implement ZTN and to what extent you are going to impose it. As described at the start of the article, is it either going to be a data-centric or identity-centric approach? How much least privilege can you afford for your users? You must consider numerous factors associated with your daily routine business which need your attention in securing your network using ZTN.
In the execution phase, you must define how a specific ZTN process will work. Either you are going to apply MFA of 2FA or how a new fresh user will authenticate and authorize itself. Further, you must identify how much total risk is attached when you implement ZTN. How are you going to implement it? Either direct, parallel, phased, or pilot implementation. You must use the implementation which imposes less risk for your network. In the end, you will finalize the architecture of your ZTN.
In the final stage, you must deploy your ZTN and continuously monitor it and keep a record of changes. Determine whether you are achieving your set goal of securing your network with ZTN or it still needs any modification.
A zero-trust network is essential in the present landscape of cyber-attacks. Proper research of security holes and effective ZTN architecture can protect from high scale security attacks. Companies around the globe are adopting the ZTN approach quickly to prevent themselves from malicious actors. The present dynamic nature and vastness of networks have made SMB’s hot targets for cybercriminals and ZTN is an effective way of protection against security breaches.