Blog
56
Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

In connection with large-scale hacks, IS experts suggested resorting to The Zero Trust Model

Now Reading
In connection with large-scale hacks, IS experts suggested resorting to The Zero Trust Model

Contents
The zero trust model

A series of large-scale cyberattacks that pointed to dangerous vulnerabilities in US cybersecurity prompted government officials and cybersecurity professionals to use The Zero Trust Model as a way to stop attackers’ malicious campaigns.

Researcher John Kindervag, in his 2010 article, recommended that administrators of sensitive computer networks not trust anyone, regardless of the employee’s position.

“Once an attacker gets past the shell, he has access to all the resources in our network. We’ve built strong perimeters, but well-organized cybercriminals have recruited insiders and developed new attack methods that easily pierce our current security protections. To confront these new threats, information security professionals must eliminate the soft chewy center by making security ubiquitous throughout the network, not just at the perimeter”
, — John Kindervag wrote.

Then the words of a specialist were not taken seriously, but now this concept can become a solution to modern problems. For example, in February of this year, the US National Security Agency issued guidance urging network owners associated with national security and critical infrastructure to adopt the zero-trust model.

Calls for a zero-trust model have intensified in recent months after foreign-government-funded hackers hacked US software maker SolarWinds’ computer networks and Chinese hackers began exploiting vulnerabilities in Microsoft Exchange software to compromise tens of thousands of organizations.

Experts understand that zero trust would not have prevented breaches, but it would probably limit the damage.

“At the very least, this security measure would give the US a better chance of detecting the movements of intruders, preventing them from freely roaming government and private networks”, – experts suggest.

In many existing computer networks, after logging into the system, the user can freely move and access information without additional verification. Some cybersecurity experts call this approach “castle and moat”, as provides perimeter protection through investments in firewalls, proxy servers and other tools to prevent hacking, and assumes that activities within the company are mostly secure.

Zero Trust uses a different approach in which any authorized user is suspicious and cannot freely roam the system without authenticating their credentials for each additional connection.

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
Posted In
Blog
Tags
John Kindervag, Microsoft Exchange, SolarWinds attack, The Zero Trust, The Zero Trust Model, US National Security Agency, Zero Trust
, , , , , ,
About The Author
Vladimir Krasnogolovy
Comments
Leave a response

Leave a Response