< BACK TO BLOG

February 5, 2024
by Arctic Wolf

How to Better Implement a Zero Trust Strategy

Access is everything within a network or system. As organizations race to adopt the cloud, relax rules around permitting workers to use their own devices, and continue to embrace hybrid work models, employees gain unprecedented access to data, allowing them to work from anywhere at any time. But this also creates a vast attack surface that hackers are all too willing to exploit. And helps explain why identity-based attacks are on the rise. In 2022, 20% of identity observations made by Arctic Wolf led to ticketed incidents.

With credential theft on the rise, social engineering attacks evolving, and employees more at risk of falling for phishing as their attention is split across multiple devices, controlling user access is critical for organizations of all sizes and industries. Arctic Wolf Labs has determined that most of the business email compromise (BEC) attacks we responded to in 2023 — and 39% of all other attacks — involved an attacker using identity credentials to log into an exposed application. Organizations need a strategy that ensures users retain the revolutionary level of access provided by the cloud and hybrid work models, but not at the expense of the organization’s security.

Enter zero trust.

What Is Zero Trust?

Zero trust focuses on the user, not the perimeter, and limits all access unless it can be verified. This strategy — which includes strong identity and access management (IAM) controls — reduces the attack surface and limits an attacker’s ability to move laterally through an organization’s network.

By eliminating implicit user trust, zero trust holds every user to the same level of scrutiny when trying to access a system, program, or asset. In place of an external-only security architecture (where the perimeter of a network, not internal access points, is defended) zero trust employs controls at various access points within a system. This approach removes what is often referred to as “privileged access,” a kind of access where certain users have elevated permissions.

The “removal of privileged access” part is important because during a cyber attack, threat actors will often attempt to move laterally through an environment to gain privileged access to take over networks or systems. By eliminating that access, an organization can stop a threat actor in their tracks.

Why Access Controls Matter

Access controls have a major role to play in enabling the ways organizations operate in the modern business world, as well as protecting the sprawling attack surfaces that same world creates.

As more organizations embrace hybrid and multi-cloud environments, they need better protection for the data, applications, and user information that resides both in the cloud, on endpoints, and in on-premises servers.

Additionally, access controls play a vital role in helping organizations comply with state, national and industry-specific regulations. Here’s just a few of the regulatory or compliance standards that are made easier to obtain and maintain with robust access controls:

PCI DSS
HIPAA
SOC 2
ISO 27001

What’s the Difference Between Zero Trust and Zero Trust Network Access?

How can an organization actually implement zero trust? That answer can be found in the difference between two terms that are often conflated: zero trust and zero trust network access (ZTNA).

Simply put, zero trust is an idea, and ZTNA is an action. In other words, ZTNA is the actual implementation of a zero trust strategy. ZTNA is a clearly defined framework and set of technologies and policies. This includes providing users with remote access to applications without having to place the applications on a network or the internet. By only permitting outbound connections, ZTNA essentially hides an organization’s network from view for any unauthorized users. Additionally, ZTNA provides application segmentation on a one-to-one basis, ensuring a user is only given access to the specific application they need, and only for the specific amount of time that they need it.

Learn more about ZTNA with Arctic Wolf’s partner, ZScaler.

What Zero Trust Is Not

Zero trust is often viewed as just a cybersecurity buzzword. When that happens, some cybersecurity providers benefit from the blurring of lines, seeing increases in brand awareness and market share on the back of the term’s rising popularity. It’s just as crucial then, to know what zero trust isn’t as it is to understand what it is. Here are two things which are components of a zero trust strategy yet are too often conflated with being zero trust on their own.

1. Principle of Least Privilege

It often makes sense for an organization to limit access to specific systems and data only to those users who have a demonstrable need. In cybersecurity terms, this is known as the principle of least privilege (POLP). POLP practices insure that verified users only have any access to sensitive systems, applications and information at the level required to effectively do their jobs, POLP is a preventative measure that not only restricts access to sensitive networks and data, but also gives organization’s greater control and deeper insights into who is accessing what, when, and why within their organization.

POLP is focused on reducing a user’s access, while zero trust is focused on verifying a user’s access. Both work in tandem to better protect the overall attack surface and prevent identity-based attacks.

2. Multi-Factor Authentication

Multi-factor authentication (MFA) is a form of access control that acts as an additional security measure to a user login. It’s defined as two or more forms of verification factors that are needed to gain access to an application or network by a user. Usually, it involves something you are, something you know, and something you have.

MFA is one of the key tools in zero trust toolbox, but it is not the entire toolbox. It adds an additional layer of protection to access, which is one of the main parts of access security.

Benefits of Building a Zero Trust Framework

Imagine a threat actor has found a vulnerability exploit and accessed your organization’s network. While they may have found an initial point of access, there’s still a series of metaphorical locked doors, motion sensors, and Mission Impossible-style lasers between them and your most sensitive data.

The threat actor tries a locked door and sees they need to enter credentials. Maybe they’ve purchased valid credentials on the dark web. Maybe they’ve gained them through social engineering. Whatever the case, they have them. But wait, MFA is in place. They try an MFA-fatigue attack and get lucky. But once the door is opened, they see that the user didn’t have privileged access to any assets, and any access they did have needs further verification. The attack surface has now dissolved, and the threat actor can’t make any moves. That’s zero trust in action.

The benefits of designing your organization’s access through a zero- trust lens include:

A reduced attack surface
Improved cloud security
Better access control across the environment
Prevention of credential-based attacks
Improved compliance

How To Implement Zero Trust

Like any part of cybersecurity, you can’t flip a switch and suddenly be a zero- trust organization. It’s a journey with many steps, but here are a few starting points.

The minimum requirements fall into three categories:

Identity. All users must be met with the same access controls
Data. All data and data access must be evaluated and protected according to risk
Devices. All devices must be secured (with endpoint management) as well as monitored

Broadly, here are some steps any organization can take to put themselves on the path toward zero trust. It’s important to note that solutions — like Okta for MFA, or a managed detection and response (MDR) solution that pulls in telemetry from identity sources — are a major aid in both achieving and managing a zero trust framework.

Identify and assess important access points that would require extra controls. Those can be as broad as the entire network or as granular as individual files. It’s important in this step to apply controls to every asset that is deemed critical, removing all privileged access.
Identify the users that would utilize those access points and assets. These are the users that threat actors will target with credential-based attacks to gain more access during a breach.
Determine what technologies or solutions to use to create access control, such as MFA or other access solutions.
Establish set polices for set users and access points. These policies need to extend across the organization, with every user having to go through the same controls.
Monitor controls and adjust or expand as needed. Remember, security is a journey, not a destination.

How Arctic Wolf Can Help

Our industry-leading security operations solutions provide you with 24×7 monitoring, detection, and response customized to your environment, including identity sources, with the expertise required to stop advanced threats and improve security maturity. Moreover, our vendor-neutral approach allows us to partner with identity solutions providers like Okta and ZScaler to provide organizations with zero trust connectivity designed to help businesses get back to focusing on what matters.

Learn more about zero trust with our podcast, Challenge Accepted.
Discover more about the importance of identity and access management.
Explore how Arctic Wolf makes zero trust possible with our Zscaler partnership.

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.

Continue Reading

Series of curved lines with a web browser icon in the middle.

A Brief History of Cybercrime

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

Learn how our Concierge Security® and Triage Security Teams help end cyber risk.

SECURITY BULLETINS

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

CVE-2024-3400: Critical Vulnerability in GlobalProtect Feature of PAN-OS being Actively Exploited

COMPANY