A Frictionless Zero Trust Approach to Stopping Insider Threats
Published on 10 Mar 2022
When organizations imagine a security breach they often only think of external threats. The truth is that many breaches can be the result of threats from inside an organization. They can result from an employee who has been hacked, is negligent, or even result from a more malicious inside actor. Most organizations have a process in place to protect against and block external attacks. However, what is your approach to internal threats? How do you identify internal threats? Are you equipped to protect against internal threats before they are able to share data outside the organization?
Spear phishing and watering hole attacks happen. The concept of ‘trusted’ networks is no longer relevant. Traditional ‘castle and moat’ perimeter approaches are insufficient. Realized with stacks and racks of perimeter firewalls, Intrusion Detection/ Prevention Systems (IDS/IPS), VLAN/ACLs, the castle and moat approach assumes that everything within the perimeter is trusted and secure. However, this is not true if the hacker is already inside.
The Cost of a Breach is Directly Proportional to the Mean Time to Detection
It’s no easy task to detect insider threats because they already have legitimate access – inadvertently or maliciously – to your organization’s data and critical resources. Getting visibility into every user account in your organization and distinguishing normal from malicious user behaviour continues to be a challenge. Will spending more time dealing with insider threats help? No. Not when the attack is already underway. The more the attacker lurks inside your network, the more damaging it is from a breach, cost, and brand reputation perspective.
Implementing Zero Trust Security Policies but with Zero Friction
Humans are the weakest link in your security landscape. Since 2016, the number of incidents due to negligent insiders has tripled. As organizations continue their digital transformation initiatives by pushing into mobile and cloud, getting visibility into user behaviour, entity and threat landscape becomes more challenging. Most security leaders and IAM teams tread a thin line between enabling greater security and not adversely affecting the user experience. In short, your Zero Trust strategy should introduce zero user friction.
Step 1: Segment – identify and classify your users, across your hybrid enterprise
It’s evident that whether it’s a negligent employee or a malicious insider, the path to a breach almost always goes through a user credential. It is strategically important to understand your users, and the kind of access they have and reduce it to the minimum - least privileges, on-premises and clouds. Get a clear and continuous understanding of human user accounts, programmatic accounts (service accounts) and privileged accounts, and how they are accessing the resources (e.g. from managed/unmanaged endpoints, unusual login location, etc.)
Download this ebook from Crowdstrike to learn about the remaining steps required to implement zero-trust policies without creating friction that can protect your organization from internal security threats. Subscribe to whipapers.online today.