In a world where everything and everyone is connected to the internet, in one way or another, it’s hard to imagine a network that is truly secure. Data, large amounts of it, are at the centre of it all. With industries from healthcare to the education sector to the government using the internet to provide easy access to data, it is no wonder that cybersecurity teams are always working around the clock to try and come up with better ways of defending these networks and the data they store.
Insider Threats – Need for Security to Evolve from “Castle and Moat” Approach
Modern cyberattacks are not limited to just network intrusion from the outside. Internal threat actors can often be found at the centre of sophisticated attacks.
Initially, we had the concept of zones, perimeters and network segments – placing all the protected assets “inside” the secured network perimeter. However, attackers are always evolving the methods they use; always on the lookout for weak points in your network defences; and coming up with newer ways of infiltrating the perimeter. Keeping up with them is a challenging and ongoing struggle. We also need to realise that the “castle and moat” approach to our network defences was mostly effective against threats that resided outside the network. But what about the threats on the inside? What about modern attacks that work on multiple levels to try to bring your networks down? How do we protect our networks from people who have legitimate access to all its resources? How do we battle the ever-growing and ever-evolving modern cyberattacks? Add to these questions, regulations like GDPR, and the rising fines, and you will see that having your networks attacked and data breached is one of the worst things that can happen to your company. With these issues as the backdrop, we are forced to re-assess and re-think the way we defend our networks, users and data.
Zero Trust Model – a Modern Cybersecurity Approach
Zero Trust attempts to fix the problems, and patch the holes, in our cybersecurity strategies. At the core of it, the Zero Trust model is based on the principal of “trust nobody.” The Zero Trust model dictates that no one in your network should be trusted completely, that access should be restricted as much as possible, and that trust should be seen as yet another vulnerability that can put your network at risk.
Some of the precepts of the Zero Trust model are:
- Networks need to be redesigned in a way that east-west traffic and access can be restricted.
- Incident detection and response should be facilitated and improved using comprehensive analytics and automation solutions, as well as centralised management and visibility into the network, data, workloads, users and devices used.
- Access should be restricted as much as possible, limiting excessive privileges for all users.
- In multi-vendor networks, all solutions should integrate and work together seamlessly, enabling compliance and unified security. The solutions should also be easy to use so that additional complexity can be removed.
Danger of Security Blind Spots
In recent times, we have witnessed a phenomenal rise in the use of encryption across the internet. Google reports that over 90 percent of the traffic passing through its services is encrypted. The same is true for all the other vendors. This rise has been driven by many factors, including privacy concerns.
However, with encryption comes the creation of a “blind spot” in our network defences as most of the security devices we use are not designed to decrypt and inspect traffic. The Zero Trust model is not immune to this problem as visibility is considered as one of the key elements to its successful implementation. Without complete encrypted traffic visibility, the model will fail, introducing vulnerabilities that can be exploited by both insiders and hackers.
TLS/SSL Decryption – One of the Main Pillars of Zero Trust
A centralised and dedicated decryption solution must be placed at the centre of the Zero Trust model and should be included as one of the essential components your security strategy.
Many security vendors will make claims of the ability to decrypt their own traffic, working independently of a centralised decryption solution. However, this “distributed decryption” approach can introduce problems of its own, including inferior performance and network bottlenecks, and fixing these would require costly upgrades. In a multi-vendor, multidevice security infrastructure, the distributed decryption also forces you to deploy your private keys in multiple locations, creating an unnecessarily large threat surface in your network, which could be subject to exploitation.
Key features of a good TLS/ SSL Decryption Solution
It is important that a dedicated, centralised decryption solution provides full visibility to the enterprise security infrastructure for TLS/SSL traffic. Not only that, but the solution also needs to provide a multi-layered security approach, which then makes it the perfect candidate to be deployed at the centre of a Zero Trust network.
Below are some of the features to look out for when looking to implement a TLS/ SSL Decryption Solution:
- Full Traffic Visibility – It needs to enable the entire security infrastructure to inspect all traffic in clear-text, at fast speeds, ensuring that no encrypted attacks or data breaches can slip through
- Ease of Integration – It should be vendor agnostic and easily integrate with security devices already deployed within the network. This drives down additional costs and upgrades.
- Multi-Layered Security Services – These are additional security services, including URL filtering, application visibility and control, threat intelligence and threat investigation, that help strengthen the security efficacy of the entire enterprise network
- User Access Control – The product should be able to enforce authentication and authorisation policies to restrict unneeded access, log access information and provide the ability to apply different security policies based on user and group IDs.
- Micro Segmentation – It should facilitate micro-segmentation through its ability to provide granular traffic control, user and group ID-based traffic control, and support for multi-tenancy
- Securing Cloud Access – SaaS security is an important feature which can be provided by enforcing tenant access control and visibility into user activities.
In conclusion, without a centralised and dedicated TLS/SSL decryption solution, the Zero Trust model is unable to do what it was designed to do – protect our networks, users and data from threats residing inside and outside the network.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.