How to protect businesses from Cyber Security Attacks?

Cyber Security Attacks are becoming increasingly common across industries.

In this article I want to share my knowledge of how we can use Zero Trust Security Architecture to make sure such attacks do not take place or can at least be minimized and contained.

As per 1H Global Threat Landscape Report from FortiGuard Labs, the ransomware attacks have increased ten times in last 2 years and it is really important that we follow Zero Trust Security Architecture to protect ourselves from any possible cyber security attack.

Zero Trust Security Architecture works on three principles

Verify explicitly — We don’t know what we don’t know. Every user must go through strong authentication and authorization irrespective of his location, network, device and role in the organization.

Use least privileged access — For every digital asset, we need to make sure we provide a limited ad very fine-grained access and not a generalized or composite blanket level permissions. We don’t want to give standing access to any-one. We should Limit access with just-in-time and just-enough-access policies.

Give only that access that is needed. Open the ports for your infrastructure which are needed only for specific IP addresses only for certain duration. No extra ports and no extra incoming IP’s and no standing access.

Assume breach — Assume that the security breach is bound to happen and will happen.

Use network micro-segmentation while designing the network. In case one part of network gets security attack, it cannot propagate to another part of the Network.

Use end-to-end encryption. Data in motion and data at rest should be encrypted. This will ensure that even if data is stolen it cannot be decrypted and used.

Keep monitoring for security incidents all the time in a unified manner and take a non-siloed approach while detecting security incidents. Use automated threat detection and response.

EDR, XDR and SIEM solutions can be of great help here.

A Zero Trust approach should extend throughout the entire digital ecosystem and should serve as an integrated security philosophy and end to end strategy that must be followed.

Below digital estates must be considered while applying Zero Trust Security Architecture.

1) Identities — These are users, can be internal or external, human or non- human like Bots.

2) Endpoints — These are workstations and mobile device tabs etc.

3) Applications — These are Web Apps, Desktop Apps. Mobile Apps and API’s.

4) Data — This is Structured or unstructured data

5) Infrastructure — this is my data center, my servers, storage and network resources.

6) Networks — This is Network setup.

As a centralized & unified policy enforcement, the Zero Trust Policy engine
1) intercepts the request, and
2) accepts and processes signals from all 6 foundational elements and provides least privileged access.
3) Signals include the role of the user, location, device compliance, data sensitivity, application sensitivity and much more.

It continuously monitors for security incidents and provides protection from any security incident that may arise.

Below is a simple check list that can help us make sure we are using the recommended security solutions for different parts of the IT landscape.

EDR, XDR solutions have capabilities for Anti-Virus, Anti Ransomware, Vulnerability Assessment, OS Patch management, Application patch management, Configuration validation and Advanced Threat Protection.

Firewall help us in traffic filtering, Intrusion detection and Intrusion protection and also from common applications level attacks like SQL injection and Cross site scripting.

SIEM solutions helps us empower us in custom threat intelligence and non- siloed, centralized approach for security incident detection and prevention.

Last but not least, we must take regular and frequent backups of Application and Database tier. In the unforeseen event when data can-not be recovered because of a security attack, we can use backed up data to restore our servers at the application and database tier. The backups should be sent to different data centers in different region(s) and should be encrypted with a third-party key that can be stored in a HSM.

P.S. Please note that the views and suggestions shared above are my personal and do not represent views or formal suggestions of my employer.