Moving to a Zero Trust Security Model

Recent cyberattacks like those on Colonial Pipeline and Kaseya, along with trends like the shift towards remote work have made many organizations realize the need to modernize their security model.

Historically, organizations utilized a perimeter-based security model as it helped them defend against cyber threats outside their corporate network. Layered network defenses have been the traditional approach to security for decades. Network-centric methods relied heavily on physical sensors—like firewalls, Intrusion Prevention System (IPS), and Intrusion Detection System (IDS)—to control and secure north-south traffic. Once inside the corporate network, trust was implicit and given to everyone.

This security model introduced significant blindspots as organizations started to utilize cloud solutions, and employees, contractors, and partners were required to connect to corporate resources outside the corporate network. Today, almost all enterprises use cloud services. In the U.S. alone, organizations expect that 60% of their workforce will be mobile workers, and 87% of businesses depend on the employee’s ability to access business information on their mobile devices.

In the past, most resources and services that store corporate data were protected behind the corporate network. This has changed with the adoption of cloud applications like Office 365, Slack, or Dropbox and the mobile workforce working virtually from anywhere. Today, many resources and services that were unthinkable to be accessible outside the corporate network are hosted in the cloud and outside the security boundary that a perimeter-based security model can protect.

As organizations move from a legacy perimeter-based security to a Zero Trust security model, they are looking for strategic partners to help them in their journey.

According to Neil Binnie, Head of Information Security and Compliance at Morgan Sindall Group PLC:

“Even before the COVID-19 pandemic, we had hundreds of mobile staff working from almost three hundred work locations as well as home offices and coffee shops. So we have always had to adopt a defense in depth approach with multiple virtual perimeters. Moving to the Zero Trust security model is a natural progression of that approach.”

Binnie says that organizations are looking to take advantage of AI-powered autonomous Extended Detection Response (XDR) platforms that help them make decisions based on an asset’s behavior.

“We review the trust relationship on a dynamic basis based on behaviors of the user identity and endpoint. The trust level can increase if the user passes a Multi-Factor Authentication (MFA) challenge, or the trust can decrease If the endpoint is infected with malware.” and “With Singularity Conditional Policy, we can increase the security controls for compromised assets automatically.”

As organizations are mapping out their transaction flow and protect surface, they are looking for ways to make easy sense of their telemetry data. “With Singularity Ranger, we were able to identify endpoints on our corporate network that may be part of the legitimate transaction but were previously not as well managed or monitored”, Binnie noted. “We leveraged SentinelOne Deep Visibility to help identify our transaction flows and protect surface.”

According to Binnie, moving to Zero Trust is a multi-year journey for many organizations, and it’s essential to identify a strategic partner that helps the organization. “We started our journey to move to a Zero Trust security model, and for that, SentinelOne is our strategic partner.”

Zero Trust Security Model Explained

With a Zero Trust security model, trust is no longer granted by default to anyone regardless of whether they are inside or outside the corporate network. Instead, Zero Trust follows the principle of “never trust, always verify”. The user identity and endpoint need to prove they are not compromised, and only then will they receive access to corporate resources and services.

Whereas legacy perimeter-based security models are focused on defending against threats coming from outside the network, Zero Trust acknowledges that threats may well exist both inside and outside the network. By successfully adopting Zero Trust, organizations can perform risk-based access control and leverage the concept of least privileged access for every access decision. That is why many organizations are looking to move from their legacy perimeter into a Zero Trust security model.

In a recent study, 42% of organizations confirmed that they plan to adopt a Zero Trust strategy. Additionally, 60% of North American organizations (and 40% globally) are currently working on  Zero Trust projects. The recent Executive Order (EO) on Improving the Nation’s Cybersecurity Zero Trust has become even further focused as the U.S. government looks to accelerate its Zero Trust adoption.

With Zero Trust, organizations become able to continuously monitor and manage the hygiene, risk, and hardening of their entire estate across endpoints, cloud workloads, user identity, and networks. To achieve that, organizations are looking for a security and data analytics platform like an Extended Detection Response (XDR) platform that can perform data ingest at scale, data analytics, and centralized incident response and access management.

Building a Zero Trust Security Model

While the end-state of a Zero Trust security model sounds very promising, the challenge that many organizations face is defining a blueprint on how they can begin their Zero Trust journey and successfully migrate from their legacy perimeter-based model to a Zero Trust security model.

It’s important to acknowledge that moving to a Zero Trust security model will take time and won’t happen overnight. Therefore, it is essential to understand where you are starting from and what the long-term objectives are.

To do so, you can utilize the Zero Trust maturity level matrix:

As organizations start their Zero Trust journey, this simple 5-step methodology can be helpful:

  1. Define your protect surface: This could be user information, personal identifiers, financial records, business information, assets, or anything else.
  2. Map transaction flows: This is tracking the way people are trafficked through a network.
  3. Architect the Environment: ZTN designs are unique per organization because your protected surface determines them.
  4. Outline the Zero Trust policies: Determine the Zero Trust policies by answering who, what, when, where, why, and how to access corporate resources and services.
  5. Monitor and Maintain the Environment: Gather telemetry, leverage autonomous solutions to perform analytics, detect anomalies and automatically respond based on the defined Zero Trust policies.

Next Steps

Everything is assumed to be breached in a Zero Trust environment, and endpoints and user identities must prove otherwise. An effective Zero Trust framework integrates best-of-breed solutions and existing infrastructure to fill security gaps without a forklift upgrade of the security stack. SentinelOne’s approach to Zero Trust provides the means for security teams to continuously monitor and manage the hygiene, risk, and hardening of their entire estate as part of a Zero Trust strategy.

If you would like to learn more about how SentinelOne can secure your business, contact us or request a free demo.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *