Cyber Security — coping with Covid-19s effect on organizations digital transformation

Zero Trust (ZT), Endpoint protection (EPP), and Cloud Access Security Broker (CASB) are topics this article will touch upon related to hardening an organization’s security in its modern IT-ecosystem.

Zero Trust (ZT)

Zero Trust is a modern IT-Security strategy model that approaching “never trust, always verify”, Defense in Depth (DiD)layered security control.

Example of layers to control

The following five principles set the scope of a zero-trust model:

  1. Know the protect surface (users, devices, data, services, and network, -layered approach).
  2. Understand the cybersecurity controls already in place (Zero Trust friendly or not?).
  3. Incorporate new tools and modern architecture (Micro-segmentation, Multifactor Authentication (MFA), Privileged Identity Management (PIM), next-generation endpoint security technology, etc.).
  4. Apply detailed policy.
  5. Deploy monitoring and alerting tools (AI and automation driven).

Traditional approach

Traditional IT-security strategy models have followed the “trust but verify” / “castle-and-moat” approach — also known as “Perimeter Security/Network.” This approach makes it hard to obtain access from outside a network, but everyone inside the network is trusted by default.

https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/

Endpoint protection (EPP)

The protection of Endpoint is the practice of protecting endpoints on a network such as laptops, desktops, smartphones, tablet computers, wearables IoT-devices, sensors, and other end-user devices. Where endpoints serve as a point of access to an enterprise network and represent points of entry that can be exploited by malicious actors.

Illustration of possible endpoints to protect in a network

Next-Generation Endpoint protection

As the number, type, and sophistication of threats evolve, organizations require more intelligence and insight than traditional endpoint security provides. More threat actors are shifting their aim to weaknesses created by user behavior, poor cybersecurity hygiene, and shadow IT. The dramatic increase in the types of endpoint devices — including smartphones, tablets, wearable devices, and more — has overpowered first-generation endpoint security. The increasing number of potentially vulnerable endpoints can also exhaust security team resources that are relying on traditional cybersecurity defenses.

  • Blocking suspicious actions before execution
  • Processing data through ML and AI to identify malicious files or processes
  • Stopping unauthorized data movement
  • Analyzing suspicious app data in isolated “sandboxes”
  • Rolling back endpoints and data to a previous state in the event of a ransomware attack
  • Isolating suspect endpoints and processes
  • Delivering endpoint detection and response that can continuously monitor systems and networks to mitigate advanced threats.

Gartner's Magic Quadrant over leading Endpoint protection suppliers.

Gartners Magic Quadrant for EPP 2019 →

Some key differences:

  • Endpoint Security vs. Network Security:
    Antivirus programs are designed to safeguard a single endpoint, offering visibility into only that endpoint, in many cases only from that endpoint. Endpoint security software, however, looks at the enterprise network as a whole and can offer visibility of all connected endpoints from a single location.
  • Administration:
    Legacy antivirus solutions relied on the user to manually update the databases or to allow updates at pre-set time. EPPs offer interconnected security that moves administration responsibilities to enterprise IT or cybersecurity team.
  • Protection:
    Traditional antivirus solutions used signature-based detection to find viruses. This meant that if your business was Patient Zero, or if your users hadn’t updated their antivirus program recently, you could still be at risk. By harnessing the cloud, today’s EPP solutions are kept up to date automatically. And with the use of technologies such as behavioral analysis, previously unidentified threats can be uncovered based on suspicious behavior.

Cloud Access Security Broker (CASB)

CASB is a cloud and/or on-premises software that serves as a policy enforcement center, consolidating multiple types of security policy enforcement and applying them to everything your business or employees utilizes in the cloud — regardless of what sort of device is attempting to access it, including unmanaged smartphones, IoT devices, or personal laptops.

CASB illustration

Definition of Shadow IT

Shadow IT is the use of information technology systems, devices, software, applications, and services without explicit IT department approval. It has grown exponentially in recent years with the adoption of cloud-based applications and services. While shadow IT can improve employee productivity and drive innovation, it can also introduce serious security risks to your organization through data leaks, potential compliance violations, and more.

Gartner’s Magic Quadrant over leading Cloud Access Security Broker suppliers.

Gartners Magic Quadrant for Cloud Access Security Brokers 2020 →

Thank you

The rapid digital transformation many organizations today are forced into due to regulations and restrictions as a result of the on-going pandemic can be challenging. But the focus on the security side of the transformation is as important as the transformation itself. We see almost every week that a company gets hacked and that the damage could have been minimized and even prevented had the right mechanism been in place. This article is just slightly touching the surface on some of the mechanisms, hope this can come in handy for someone at the starting point or someone in need of an update. Look down below for references and recommended readings:

Passion for technology, from back-end code to leadership