#ZEROTRUST #SEOSecurity #MobilSecurity #AITsecurity #MSSP #MicrosoftPartner #SilverSpringTech

Technological emergence of the Cloud, Internet of Things (IoT), Artificial Intelligence (AI), Machine Learning, and BlockChain has made the traditional model of network security, also known as “castle with a moat model”, obsolete.  The premise of the castle with a moat security model is to protect the network with a perimeter to keep undesirables and attackers out.  The problem with this model is that it does not take account of any security measures within the network.  Once users, devices, and applications are given access to the network there is little to no accountability under the traditional security model.  Thus, resulting in authenticated users performing unauthorized operations.  For example, bad actors that have gained access can move around within the network until they obtain the target data, they are seeking through a technique called “lateral movement”.  The bad actor just needs to gain access through an endpoint into the network.  Hackers performed the lateral movement on Target by compromising the HVAC system and stealing 110 million customers’ payment and personal information.

According to Chase Cunningham from an article on, “One of the inherent problems we have in IT is we let too many things run too open with too many default connections.  We essentially trust way too much”.  Another vulnerability with “castle with moat security” is the fact that data is not in just one place.  Most security analysts would advocate for data to be centralized for a single security control point, but the emergence of the cloud, data is spread across cloud vendors making the single security control and traditional security model obsolete.

According to the XPan Law Group titled Breaching the Castle: Walls and a Moat are No Longer Enough, ways of breaching the castle could only be successful with the utilization of two different strategies, scaling the wall or penetrating the drawbridge door.  The traditional security model was adopted to defend against these attacks.  As the technology evolved so have the attacks.  Instead of being attack from only two directions, attacks could come from multiple directions.  Using the castle analogy, not only could an attack come from scaling the wall or penetrating the draw bridge, but also from above and below the castle as well.  Relating this to securing a network, having a combination of a firewall and antivirus software are not enough to properly protect a network from cyberattacks.  Firewalls are ineffective when an unauthorized user obtains an authorized user’s password through nefarious methods.  Antivirus software alone cannot defend against these attacks of today.  Hackers are constantly creating new virus signatures to avoid detection.

Below are 10 examples of why antivirus can’t detect 2nd generational malware according to Heimdal Security:

  1. Destroying the master boot record (MBR) causing the compromised computer into an endless restart loop. 
  2. Avoid being sandboxed by blending the malware with millions of sample files to confuse the AV’s (Antivirus) methodology to deflect the attempt to be spotted, blocked or removed.
  3. Utilizing the domain shadowing technique in order to hide the exploits and communication between the payload and the servers they control, and for that they need to a vast number of URLs they can use and discard.
  4. Fast Flux technique uses a huge amount of IP addresses that are associated with a single, fully qualified domain name.  The IP addresses are swap out constantly with high frequency by changing DNS records, so that automated analysis mechanisms cannot detect the real source of the infection.
  5. Encrypted payloads are used to delay detection by the AV’s in order to buy more time to deploy the malware. 
  6. Polymorphic behavior is utilized for covertness from detection by constantly changing tactics, such as changing file names and file compression.
  7. Old 19th-century literature is used to hide exploit kits from antivirus detection.
  8. Tor and the Invisible Internet Project (I2P) are used for information exchange between a payload and a malicious server for anonymity.
  9. Microsoft Macros have been around for years and Microsoft has blocked macros from running automatically.  With social engineering and time, it can bring in more effective results and worse consequences for the victim.  Changes are made constantly forcing detection programs and AVs to start over again to stay below the radar.
  10. Remaining dormant is a time-based evasion technique, meaning that the malware strain will only run or monitor the user’s actions when the system is most vulnerable.

The traditional security model is also known as the castle with a moat is an antiquated model due to evolving technology.  With evolving technology comes with developing an evolving technology security model to protect against breaches and cyberattacks. 

The record number of network security breaches and cyberattacks year after year have organizations rethinking and revisiting the traditional security model.  A recent IBM-sponsored study demonstrated that the average cost of a single data breach is over $3 million. The reaction is that the traditional security model is antiquated and cannot prevent breaches and cyberattacks of today.  Another security model has emerged to protect networks called Zero Trust. 

According to Cloudflare, Zero Trust security is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter.  John Kindervag, the Principal Analyst at Forrester Research, coined the term “Zero Trust” in 2010.  This particular security model assumes that everyone is an attacker within and outside of the network. 

Zero Trust implements and utilizes measures such as neither user, device, nor application is trusted by default until authentication is validated.  It is centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. 

The implementation of least privilege access to users on the network minimizes exposure to sensitive areas of the network that encapsulates the Zero Trust concept.  Also, micro-segmentation is utilized with the separation of security perimeters into smaller zones preventing users from having lateral access to other zones without obtaining proper authorization.

Multi-factor authentication (MFA) is also a core value of Zero Trust security. MFA simply means requiring more than one piece of evidence to authenticate a user; just entering a password is not enough to gain access. A commonly seen application of MFA is the 2-factor authorization (2FA) used on popular online platforms. In addition to entering a password, users who enable 2FA for these services; must also enter a code sent to another device, such as a mobile phone, thus providing two pieces of evidence that they are who they claim to be, according to Cloudflare. 

Google implemented a Zero Trust security framework named BeyondCorp.  BeyondCorp shifts access controls from the perimeter to individual devices and users resulting in employees to work securely from any location without the need for a traditional VPN.   

Organizations are seriously thinking about the implementation of Zero Trust in their networks due to the fact existing approaches are neither successfully nor effectively protecting networks. According to Chase Cunningham, a principal analyst at Forrester, “If I have 20 calls, 17 are about Zero Trust.  CISOs, CIOs, and CEOs are all interested, and companies of various sizes are interested”.  Statistics such as these are getting the attention of the C-Suite to search for a better security approach:

  • The 2017 Annual Cybercrime Report from Cybersecurity Ventures predicts that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.
  • Meanwhile, the 2017 Data Breach Study, conducted by Ponemon Institute and sponsored by IBM, found that the global average cost of a data breach is $3.62 million.

Fortunately, many organizations have Zero Trust pieces in places such as multifactor authentication, identity access management (IAM), permissions, and micro-segmentation within their networks.  Experts warn that these individual technologies are not the only components to a Zero Trust network environment.  The mentioned above components and other technical components working in conjunction will achieve the Zero Trust environment.  Also, achieving the Zero Trust system is not an overnight process especially implementing this into legacy systems.  One problem is interoperability between legacy systems and Zero Trust-based tools. 

Organizations are moving into the cloud where the Zero Trust framework is best designed for.

Another problem is getting staff to rethink the security approach and get on board with security changes.  These are just a few pain points of implementing Zero Trust or any technology. 

In conclusion, cyber attacks have evolved and the traditional security model of old is antiquated and obsolete to protect networks.  The statistics show that the problem is going to get worst if organizations do not rethink, strategize, and implement the Zero Trust security framework.  Zero Trust provides the approach that is needed to defend against the polymorphic behavioral cyber attacks against network environments around the world.

Please contact AAF Companies, LLC dba AIT CYBERSECURITY if you are interested in implementing Zero Trust framework to your network or searching for an information security solution that is cost-effective in a compliant way to your organization.      

Article curated by: Ken F.





Sharing is caring!