As we reach the end of the government’s 4th quarter, hackers have got the ball, and they are heading down the field toward your data. Whom the defense decides to play and whom they choose to sideline while defending the field is critical to determining who ultimately seizes the advantage. Only the most trusted players will be allowed to play.
According to the Department of Defense, Zero Trust refers to “an evolving set of cybersecurity paradigms that move defenses from status, network-based perimeters to focus on users, assets, and resources. Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the Internet) or based on asset ownership (enterprise or personally owned).” And if we take that one step further, antivirus software applications traditionally blacklist anything suspicious until a verified user intervenes. These best practices are coming more into play as government organizations reach an unprecedented number of threats to their data.
Understanding the difference between perimeter and Zero Trust models.
Traditional perimeter models build walls between trusted and untrusted sources. For example, the firewall between your local network and the internet. Zero Trust models, in contrast, basically posit that bad guys are everywhere, so you should trust no network, no user, and no location when it comes to accessing your data. A Zero Trust network is built upon five fundamental assertions:
- The network is always assumed to be hostile
- External and internal threats exist on the network at all times
- Network locality is not sufficient for deciding trust in a network
- Every device, user, and network flow is authenticated and authorized
- Policies must be dynamic and calculated from as many sources of data as possible
The Zero Trust approach builds in multiple layers of secure access to limit the breadth of any breaches that may occur. Then, with continuous auditing as required by STIGs (Security Technical Implementation Guides), you can spot bad actors before they have a chance to harm because they will be stopped at the line of scrimmage.
In Splunk’s Essential Guide to Zero Trust, they sum up the approach by saying, “A zero trust model can radically improve your organization’s security posture by eliminating the sole reliance on perimeter-based protection.”
Defending the end zone with the help of STIGs.
A key aspect of Zero Trust involves auditing to ensure that users with allowed log-in access are doing what they are supposed to be doing when they are supposed to be doing it. This is where STIGs come in. Before joining the network, they require devices to join the network to have certain cyber hygiene principles in place—such as antivirus software. The STIGs also help capture unauthorized access attempts and access, making 24/7 monitoring a must.
This level of auditing helps to deter inside threats, provides knowledge as to who is attempting to gain access, and identifies patterns to enable the tracking down of a malicious source. In essence, it’s like running blocking and tackling drills in practice to make sure no one on your team allows defensive line penetration.
Stacking your operating system’s defensive line.
In addition to simplifying auditing, STIGs can block hackers at many avenues of approach. For example, the STIGs for firewalls shut down nearly any port that the client does not use regularly. And Operating System STIGs restrict server access to defined users. They go even further to block access in general by privileged groups, like the domain admins. STIGS also removes guest accounts and asks that users not share logins.
All these steps verify who is supposed to have access to the machines and work to keep it that way. When you combine STIG mandates for perimeter security with a Zero Trust model, you shut down access to everything past the line of scrimmage, making it nearly impossible for bad actors to score on you. As Defense Information Systems Agency (DISA) observes, “The intent and focus of Zero Trust frameworks is to design architectures and systems to assume breach, thus limiting the blast radius and exposure of malicious activity.”
Assembling the right team to secure your data.
If this all sounds complicated, that’s because it is. SteelCloud’s ConfigOS is the 350 lb. ringer you want tackling threats on the field. Automating your STIG compliance with ConfigOS can simplify the process of hardening at the perimeter, provide 24/7/365 auditing protection and help you double down on cybersecurity when using the Zero Trust approach.