If you’re in tech today, you need to verify first, trust after.
Don’t just take our word for it. (That would be trusting too much, maybe?) It’s the philosophy recommended by the U.S. National Institute of Standards and Technology (NIST).
The approach is called zero trust, which assumes at the outset that any access request is hostile until proved otherwise. Any. No matter who it comes from or how authentic it might seem.
There was a time when attempts to connect from known users or from internal nodes were assumed legitimate. Times have changed, though. We can no longer consider the entire enterprise private network an implicit trust zone, and we cannot inherently trust any resource, as NIST Special Publication 800-207 warns.
Splunk has embraced the zero trust approach completely, and we at Conducive have, too—by partnering with ZScaler to enhance security with a zero trust frame of mind. Today’s dispersed environment is characterized by cloud, SaaS, work-from-anywhere, bring-your-own-device arrangements. At the same time, the prevalence of insider attacks means we can’t grant trust based on IP address alone.
In the end, our processes must separately authenticate (confirm the requester’s identity) and authorize (grant appropriate access, on a least-privilege basis) each session, each device, each user, each network flow—even if they’ve been authenticated and authorized before. That’s a big step from the traditional, network-centered approach to security.
If you know you have data, processes, and infrastructure you want to keep safe—but aren’t sure you’re doing that—here are some initial steps Splunk recommends.
- Collect Relevant Data. List and prioritize your organization’s most critical assets. What’s most important (or most damaging if compromised) goes at the top of the list. This list becomes the basis for resource allocation.
- Understand and Contextualize Your Data. Imposing a standard taxonomy across all data sources is crucial for understanding what it is and allowing it to work together. When data comes in various log formats and data structures, it can be difficult to comprehend…which introduces vulnerabilities.
- Expand On Your Data. Widen your view beyond just the data by taking a holistic view of systems, data, and users. Monitor not just security posture, but authorized, everyday function. Behavioral and infrastructure monitoring should keep tabs on how things work when they function well, so that discrepancies will trip an alert early and limit the damage of a penetration.
- Enrich and Augment Your Data. Conduct active threat intelligence to find indicators of compromise across your systems. Widen your view to include, for example, suspect SSL certificates and phishing-linked IP addresses, URLs, or file hashes. As you do, revise asset prioritization so that (for example) you limit access to critical systems for insufficiently patched users. Throughout, end-to-end visibility and security controls optimization become crucial to finding and bridging gaps in your protection.
If it sounds too complex, don’t let that immobilize you. Splunk has partnered with ZScaler to enhance security with a zero trust perspective. Your security is too valuable to be left to chance—and we’re here to help.