Ntirety CEO Emil Sayegh addresses the rising threat of zero-day threats and makes the case that implementing Zero Trust is a game changer for creating a modern security philosophy that is prepared to take on the evolving threats surrounding us all in the present cybersecurity landscape.
The war between Russia and Ukraine has spurred a tidal wave of cyberattacks and disinformation. Cyberattacks have become a more prevalent threat than ever, and the trend will only continue. At the moment, the most common forms of cyber-warfare include known threats and zero-day attacks such as ransomware, distributed denial of service (DDoS) attacks, espionage, and malware.
You might have heard the term zero-day attack, but you might not have an actual idea of how serious this threat is, or how to respond to a threat you don’t know about. For the first time in history, zero + zero can net out to be a “positive.” Before we all collectively gasp at this violation of thousand years of mathematical history, let’s explore how it’s possible when it comes to cybersecurity.
Inside the Zero
A zero-day attack is a cybersecurity event that is leveraged by an outsider with bad intent. These attacks find and exploit digital cracks in the security bubble — things such as malware, software flaws, security flaws, and overall vulnerabilities. Zero-day refers to flaws that are discovered first by attackers, before the vulnerable party can issue a fix. With that upper hand, an attacker has the choice of attacking immediately, launching additional attacks, monitoring additional information, or waiting for an opportune time to strike (when it might hurt the target the most).
Until developers and operators find a way to address the flaw with updates and patches, zero-day vulnerabilities are a threat from day zero to the day the vulnerability is discovered. All you have to do is look at the recent Microsoft Exchange Server HAFNIUM exploit that affected thousands of systems for evidence of the impact.
Zero-day vulnerabilities pop up in a variety of ways that include:
● Attack chain tactics that leverage malicious sites and false advertisements
● Exploits that are delivered by spear-fishing tactics
● Infecting websites that company users are known to visit
● A compromised system, server, or network software
Making matters worse, successful zero-day attacks maximize the amount of time between that first attack to first discovery, broadening the potential for damage.
Zero Plus Zero Equals Positive
There is a palpable sense of inevitability and a notion that there is little that can be done to prevent zero-day attacks. These attacks can be prevented and leading the way is one of the best security principles in practice today—Zero Trust.
Under the old models, compute elements were trusted because they originated within the four walls of the data center. The cloud, remote work, and rapid growth changed the playing field and the requirements for security. Zero Trust follows three basic principles:
- Assume breach – Every transaction is treated as though it is from an unknown source. You authenticate and encrypt everything. Every read, every app, every account, every device gets full verification.
- Least privileged access – Access to critical systems and data allows just the minimum required, bound by time and risk-adaptive rulesets.
- Verify explicitly – All data points come into the authentication play, from login location to time of day to analytical profile info.
With the mantra to never trust and always verify, access in Zero Trust can only be granted once each request is encrypted, authenticated, and authorized. Impact and lateral movement within a network are constrained by limiting access to just the job that is needed and micro-segmentation, down to the bits wherever they may exist. Finally, analytic capabilities and security intelligence stand watch, ready to uncover issues and anomalies.
Refocusing Security
Adding Zero Trust to your security program is a philosophy shift. In response to zero-day threats, organizations must pick up:
● Refactor Code to Be Secure By Design using SecDevOps, and Zero Trust principles
● Install comprehensive proactive security defense systems as well as multi-layered security Keep software and systems up to date with patches
● Teaching better security behavior to your employees and software developers
● Refresh your disaster recovery strategy
● Rehearse scenarios
The best part about Zero Trust is that you don’t have to tear out any security or infrastructure that you already have. These principles can be adopted through robust, flexible technologies and through partnerships for continuous monitoring, and proactive always-on mitigation. The rising threat of zero-day threats, combined with the mission to implement Zero Trust, is a catalyst for a modern security philosophy well matched to the imminent threats surrounding us.
This article was originally published in Forbes, please follow me on LinkedIn.