The Role of Zero Trust to Hinder Third-Party Vendor Cyber Threats

By Michael Jenkins, CTO at ThreatLocker.

  • 1 year ago Posted in

For decades, cybersecurity has operated on a simple premise: Detect threats and remove them. But with cybercrime evolving at a frenetic pace, successfully tracking and blocking every type of cyberattack has become impossible. It is not enough to simply rely on antivirus software to pick out suspicious-looking files - because nowadays even the safest-looking applications can potentially pose the biggest threat.

Using an antivirus tool alone is no longer an effective method of safeguarding a workstation because this type of software only targets applications engaging in unusual behavior. 

But the development of sophisticated attacks means that in reality, it is the most unsuspecting applications that are the most dangerous. The weaponisation of third-party applications has been trending upwards since the SolarWinds Orion Attack and the recent 3CX compromise.

That’s where the philosophy of Zero Trust comes in. Rather than trying to separate the good from the bad, the notion of Zero Trust assumes that every application is a threat, therefore applications that are not on the allowed list will not be able to run. However, in the case of a supply chain attack, it is important to take a step further and implement policies to limit how applications interact, thus preventing malicious activity from these trusted applications.

Here’s how you can safeguard your IT environment from threat actors...

The principles of Zero Trust and its role in modern security

The truth is that every type of firm is vulnerable to cyber attacks - with high-profile members of the education and healthcare sectors both being targeted, which we saw with the Munster Technology University attack earlier this year. One of the most alarming examples was the case of Capita, a provider of business process services, which suffered a breach that locked staff out of the system and left businesses such as the NHS, who work with Capita to enhance customer experience and aid in providing primary care support, in a very vulnerable position.

There are many reasons organizations fall victim to cyber-attacks, and when a firm is working with third-party vendors that require access to systems and private data, the risk factor intensifies.

A Zero Trust solution can play a big part in bringing down an organisation’s risk level. Following the default denial principle, permission will only be granted to users and applications explicitly allowed by the IT administrator. By controlling what permitted users and applications can do and access, in the event of a successful attack, the threat will be stopped in its tracks as the IT admin has created policies to give each user and application just enough access to function and nothing more.

The elements of Zero Trust and how it works

A Zero Trust approach should be the first line of defense when dealing with sophisticated attacks. Only with the necessary ‘least privilege’ controls in place can you prepare for unknown threats.

Another Zero Trust technique used in the fight against threat actors is application containment by way of Ringfencing and Network Control. Ringfencing controls what applications can do when they’re running, reducing the likelihood of an exploit being successful, or an attacker weaponizing legitimate tools such as PowerShell. Network Control allows users to have control over the devices accessing their network from any location.

A Zero Trust solution offers a range of options to allow organizations to adapt their measures to suit their business and protect their data and limit the access of third-party vendors

The Future of Zero Trust

With governments across the UK and Europe enlisting Zero Trust as a core part of their Cyber Security Credentials for organizations and the Digital Operations Resilience Act (D.O.R.A), Zero Trust solutions are starting to headline in protective measures against cyber attacks.

A Zero Trust approach is becoming the frontrunner in cybersecurity solutions, helping to tackle the unique challenges we face in the modern world, including those that come from increased remote working environments.

Today’s operational methods have created new opportunities for cybercriminals to find their way into networks, exploiting the fact that more and more functions of a business have become stretched and outsourced into employees’ homes. 

This is why it’s more important than ever for businesses to understand the weaknesses within their systems and work to build a security strategy that mitigates those risks.

This all starts with Zero Trust.

By Richard Connolly, Regional Director for UKI at Infinidat.
By Auke Huistra, Industrial & OT Cyber Security Director, DNV Cyber.
By Richard Montbeyre, Chief Privacy Officer, BMC Software.
By Danny Kadyshevitch, Senior Product Lead, Detection and Response, Transmit Security.
By Andy Mills, VP of EMEA for Cequence Security.
By Muhammad Yahaya Patel, Security Engineer at Check Point Software.
By David Higgins, Senior Director, Field Technology Office at CyberArk.
By Scott Walker, CSIRT Manager, Orange Cyberdefense.