Tại sao các CISO cần sử dụng zero trust như một gương trợ thu phí ransomware

This year is on pace to be the second-costliest for ransomware attacks ever, with threat actors relying on new deceptive approaches to social engineering combined with weaponized AI. The recent MGM breach began with attackers studying the social media profiles of help desk employees, then calling the help desk and impersonating them to get privileged access credentials and logins.

Zero trust security needs to be a mindset that pervades everything from consolidating tech stacks to managing identities at scale. CISOs and their teams must start with the assumption that a breach has already happened, and an organization’s network needs to be designed to limit an intrusion’s blast radius and depth.

“Zero trust requires protection everywhere — and that means ensuring some of the biggest vulnerabilities like endpoints and cloud environments are automatically and always protected,” said Kapil Raina, VP of zero trust marketing and evangelist for identity, cloud and observability) at CrowdStrike. “Since most threats will enter into an enterprise environment either via the endpoint or a workload, protection must start there and then mature to protect the rest of the IT stack.”

Gartner introduces a new Hype Cycle for Zero Trust Networking

Gartner’s inaugural Hype Cycle for Zero Trust Networking comes at a time when CISOs and the organizations they serve are under siege from near-record ransomware attacks. All hype cycles and market frameworks have limitations, yet they do help to filter out vendor noise and those overstating their zero trust capabilities. The Hype Cycle examines 19 key technologies — including microsegmentation, Kubernetes networking, secure access service edge (SASE) and security service edge (SSE) — and maps their maturity level and hype cycle position. 

VentureBeat believes that ten core technologies in the Hype Cycle have the potential to deliver the most value to CISOs. They include container security, enterprise browsers, Kubernetes networking, managed SASE, microsegmentation, OpenID Connect, remote browser isolation (RBI), security service edge (SSE), unified endpoint security and zero trust strategy.

What is zero trust networking?

Gartner defines zero trust networking (ZTN) as how zero trust concepts are applied and integrated into network infrastructure. Consistent with the NIST zero trust security standard, ZTN only grants users and devices access to a network based on real-time identity and context validation. An enterprise-class ZTN infrastructure grants access to authenticated and authorized identities and adheres to least-privileged access to any network resource.

CISOs tell VentureBeat that the more progress their organizations make in implementing Zero Trust Network Access (ZTNA), the more efficient ZTN becomes to implement. The goal is to secure virtual teams and scale up new digital transformation projects so they aren’t hacked right after launch. New apps are an attack magnet, and ZTNA is helping reduce threat surfaces and protect against privileged access credential theft while strengthening risk-based dynamic access control policies.

Ten zero trust technologies worth watching  

Defining a zero trust security strategy that delivers quick wins is essential to control budgets and gain greater investment. One CISO told VentureBeat that they schedule quick, measurable wins early in their zero trust roadmaps expressly for that purpose. Today’s CISOs are looking to protect and grow budgets to invest in new technologies. 

VentureBeat identifies the ten core technologies below as delivering the greatest value to CISOs pursuing zero trust strategies.

Container security

Developer container security tools detect vulnerabilities and misconfigurations early. These production tools protect against exposed containers and compromised images at runtime. Network segmentation and runtime behavior monitoring secure dynamic container environments. Leading vendors include Aqua Security, Orca Security, Red Hat, Sysdig, Trend Micro and Palo Alto Networks.

Enterprise browsers

Managed, secure browsers consolidate access to reduce the risk of malicious sites or downloads. Secure web browsing is becoming more popular among dispersed workforces. Granular policy control over web content, downloads and extensions is essential. Check Point Software, Ermes Cyber Security, Google, Island, Microsoft, Perception Point, Seraphic Security, SlashNext, SURF and Talon Cyber Security are among the leading vendors.

Kubernetes networking

Kubernetes networking addresses Kubernetes’ requirements for scale, security and visibility. Load balancing, service discovery, multi-cluster connectivity and microsegmentation are all key features. Among the top vendors are Amazon Web Services, Avesha, Azure, Cisco, F5, HashiCorp, Isovalent, Juniper Networks, Tetrate and VMware.

Managed SASE

Managed SASE accelerates deployments with integrated networking and security as a service using providers’ resources and expertise. Key benefits include reduced staffing risks, quicker enablement of SASE capabilities and integrated management. VentureBeat continues to see SASE benefiting from the faster consolidation of networking and security. AT&T, Cato Networks, Comcast, Expereo, KDDI, MetTel, Orange Business Services, Palo Alto Networks, Verizon, VMware and Windstream Enterprise are leading SASE vendors.

Microsegmentation

Microsegmentation is core to the NIST SP800-207 zero trust standard and provides many benefits, including enforcing identity-based access policies between workloads to limit lateral movement after breaches. It also provides granular controls over east-west traffic based on workload identity, not just network zoning. Leading vendors include Airgap Networks, Akamai Technologies, Cisco, ColorTokens, Fortinet, Illumio, Palo Alto Networks, VMware, Zero Networks and Zscaler.

OpenID Connect

OpenID Connect is an authentication protocol that improves user experience, security and privacy. It is gaining adoption to enable single sign-on across devices, apps and APIs. Leading vendors include Auth0, Cloudentity, Curity, ForgeRock, Gluu, Google, IBM, Microsoft, Okta, Ping Identity and Red Hat.

Remote Browser Isolation (RBI)

RBI isolates browsers to reduce the attack surface by remotely executing web code, thwarting threats such as drive-by downloads, phishing and data exfiltration. Leading vendors are focusing their innovation on improving isolation techniques and integrating with Secure Web Gateway (SWG) and ZTNA to address more use cases.

Granular upload/download controls and integrations with Cloud Access Security Brokcers (CASB), data loss prevention (DLP) and sandboxes have been added to analyze threats detected during isolated browsing sessions. Leading vendors include Authentic8, Broadcom, Cloudflare, Cradlepoint (Ericom), Forcepoint, Garrison, Menlo Security, Netskope, Proofpoint, Skyhigh Security and Zscaler.

Security Service Edge (SSE)

SSE consolidates SWG, CASB and ZTNA into a cloud platform to secure web, SaaS and private apps while ensuring that system-wide management stays consistent and at scale. Tight integration enables standardized policies, automated workflows and data sharing across integrated tools. SSE also improves remote user experiences through unified architecture. SSE boosts efficiency and consistency by streamlining administration and coordination between security technologies. Leading vendors include Broadcom, Cisco, Cloudflare, Forcepoint, Fortinet, iboss, Lookout, Netskope, Palo Alto Networks, Skyhigh Security and Zscaler.

Unified Endpoint Security (UES)

UES combines endpoint protection and management to enable risk-aware security policies and automated remediation. It enables risk-based patching prioritization and continuous vetting of endpoint configurations for more effective security posture management by integrating real-time telemetry threat data into operations workflows. Leading vendors include Absolute, BlackBerry, CrowdStrike, IBM, Ivanti, Microsoft, Sophos, Syxsense, Tanium and VMware.

Zero trust strategy

A zero trust strategy establishes the fundamentals and activities of a zero trust program. It enforces least privileged access for every resource and identity request. It reduces the blast radius of intrusions and breaches. Strategies must align with enterprise objectives and risk tolerance. For zero trust strategies to be effective, they must be customized for each organization.

The following table summarizes the ten zero trust technologies worth watching based on VentureBeat interviews with CISOs.  

Predicting the future of zero trust

The massive MGM ransomware attack that began with a simple phone call illustrates how critical it is to have identity-based security and microsegmentation, hardened with real-time validation of credentials, to limit the blast radius. Zero trust assumes a breach has already happened and serves as a framework to contain it.

Zero trust is no panacea against attackers using generative AI to sharpen their tradecraft and launch social engineering-based attacks that devastate victims. As one CISO recently told VentureBeat: “Zero trust needs to deliver resilience. That’s its business case, and the more resilient and capable it is of limiting an attack, the more zero trust proves its value as a business decision.”