Improved zero trust access through contextual security posture


As ransomware attacks accelerate, cybercriminal organizations are showing increasing levels of sophistication and cunning. More recently, the Federal Bureau of Investigation (FBI) revealed that some hackers target organizations facing urgent financial events to maximize leverage on their victims. These events include the release of expected earnings reports as well as mergers and acquisitions (M&A).

As ransomware gangs increasingly operate as businesses themselves (albeit in a distinctly criminal fashion), it makes sense that they seek to improve their bargaining position by putting pressure on their counterparts at the most critical times. inconvenient. Due to the potential huge sums that can be extorted, this threat will continue to metastasize.

There is a positive side to such behavior, as it becomes more and more predictable and therefore, in some ways, more easily defensible. The very events that increase the influence of hackers over their victims will at the same time make the timing of their attacks predictable.

The role of zero trust and its political drivers

Untrusted Access Templates (ZTAs) are increasingly popular as a method of protection against a wide range of threats, including ransomware. Although the zero trust principles are widely applicable, in light of the new threats facing organizations, especially those from financially motivated actors who engage in extortion, particular attention is due to the policy drivers. at the heart of ZTA systems.

A policy driver is the “brain”ZTA-based architecture, which dictates the level of control applied to human and machine network agents when they attempt to authenticate and access resources. These engines decide whether to approve or deny access, or require additional authentication factors, based on a variety of factors, including implicit geolocation, time of day, threat intelligence metrics, and the sensitivity of the data consulted.

ZTA does more than facilitate an in-depth examination of network actors who behave in a suspicious manner. It also allows simplified access by authentic users to improve productivity and reduce business interruptions resulting from security measures. Thus, properly implemented zero trust systems offer the best of both worlds: improved cybersecurity and faster generation and delivery of business value.

Adjusting zero confidence baselines for contextual security

To make this model even more powerful in the face of the evolving ransomware threat, I would suggest that ZTA systems incorporate additional factors, along with the aforementioned, to enable organizations to adopt a context-sensitive security posture. . This could take the form of increasing or decreasing the base level of review applied to network agents based on publicly announced and privately contemplated events.

The days leading up to the release of quarterly results, a critical shareholder vote or a decision to award a major contract are all examples of higher risk periods. During these times, organizations might calibrate their policy engines to be more “suspect”, resulting in more stringent authorization requirements. Likewise, when a company confidentially knows that it is at a higher risk, such as during acquisition discussions with a potential buyer or after a key cybersecurity official has notified their intention to leave the company, this could also increase the level of control applied by the policy engine.

Conversely, during low risk times, employees would encounter reduced levels of resistance when trying to access various resources. This would alleviate some employee frustration with security-related controls, generally making them less likely to attempt to evade such measures.

The implementation of such a model would certainly require substantial investments. Automation, which would be based on integrations between human resources, financial reporting, contract management and similar systems and the policy engine, is essential to maintaining a constantly adjusted contextual security posture. In addition, the development and tuning of algorithms guiding the decision-making of the policy engine will require a great deal of time and research.

Organizations implementing such contextual policies will need to ensure that they do not tip the hand in improving or relaxing security measures. For example, if authorized users could clearly detect an increase in security measures at an unexpected time (for example, not before a planned income announcement), they might have a hunch that something else is brewing than they are. should not otherwise know, such as a planned merger. Likewise, an intruder unauthorized by a patient might be able to monitor fluctuating security requirements and determine what might be a particularly critical time for their target.

That said, a well-designed and well-implemented contextual security posture could gradually reduce the likelihood that a business will experience a devastating cyberattack at the worst possible time. It would also generate additional value by reducing unnecessarily restrictive security burdens during low risk times.

Contextual security policies could also be applied outside the private sector, in government areas and adjacent to government. The stringency of security policies of federal, state, and local departments and agencies could increase ahead of major events such as elections to defend against malicious cyber actors who attempt to inappropriately influence or disrupt them. In addition to other security measures, political campaigns could automatically harden their networks as the polls approach to avoid doxxing or espionage.

Much like their corporate counterparts, governments should be careful not to reveal non-public plans or activities, such as underground military action or movement. The US military is closely focused on signature management efforts to help achieve victory on future battlefields, and these efforts should consider the impacts of automated changes in an organization’s cybersecurity posture.

Despite these caveats, there are many potential use cases for a contextual security posture. With the incredible damage done by malicious cyber actors of all stripes, from purely for-profit ransomware gangs to advanced actors in persistent nation-state threats, new solutions are urgently needed. By allowing organizations to adjust their cybersecurity defenses based on an increased range of factors, a context-aware security posture would help prevent some of the massive damage that is sure to continue otherwise.

Copyright © 2021 IDG Communications, Inc.


About Author

Comments are closed.