The digitization of all aspects of business is gathering pace. Everything from customer management to inventory management is going digital. IDC estimates that by end of 2018, spending on Digital Transformation will hit 1.2 Trillion USD. With that sort of investment, the pace of transformation will be very rapid, and that in turn will put stress on the digital infrastructure, including the processes and systems which secure the digital infrastructure. With a larger and more exposed infrastructure, the attack surface will grow exponentially too. Securing this infrastructure will tax the ingenuity of security professionals and calls for a completely different approach to security – enter Zero-Trust!
Diminishing Perimeter Security
As mentioned earlier, the perimeter is of limited efficacy when nearly half of the workload (and increasing) is residing outside it. Not only do critical assets like data and devices now reside outside the fortified perimeter, but workers are increasingly accessing these resources from outside the perimeter. A study by IWG revealed that 70% of the workforce globally access company resources from outside the perimeter at least once a week.
While this does not mean that the perimeter is dead, perimeter-based defences certainly are inadequate in the scary new world. Securing the network infrastructure via ports and protocols and imposing a level of trust on the network no longer works. Security should move up to the application layer. As digital transformation gathers pace, companies are increasing their digital interactions with their partners, vendors, suppliers, and subsidiaries, further loosening the tight perimeter control that existed before. This further increases the attack surface.
Increasing Sophistication of Attacks
Coupled with the weakening of the perimeter and a huge increase in the attack surface, there is another serious threat that is a business driver for Zero Trust: an increasingly sophisticated malware ecosystem. Malware is now being delivered via the network in addition to the traditional vehicles of drive-by, email-borne, and media-borne malware. Wannacry and NotPetya, for instance, were self-propagating and all they needed was an unpatched computer. The scale and sophistication of these attacks mean that they can persist for several years.
The worming ability of these self-propagating malware along with their long persistence cycle in organization computers needs a granular level of segmentation to contain them.
Malware have evolved to evade sandboxes, exhibiting benign behaviour is sandboxes by a variety of evasion techniques. For example, there is ‘split’ malware, with each individual executable behaving normally when tested individually, but turning into malware when combined. Another example is the ‘document_close’ triggered macros, which evade sandboxes because sandboxes seldom test what happens when a document is closed, and this variety of malware use the document_close event to trigger themselves.
Malware are increasingly using encrypted and legitimate channels like Drobox as their command and control channels (C&C), and it is greatly hampering security professionals’ ability to detect and neutralize C&C systems of malware.
The use of cryptography in C&C calls for a high level of visibility, analytics, artificial intelligence and machine learning to detect malware communications. Micro-segmentation down to machine levels and even process levels may be required to assure a level of safety. This calls for a wholistic security solution encompassing user access control, device control, highly granular segmentation, deep vsibility and analytics, and in critical cases, even process lockdown if true zero trust security has to be achieved.