by Brian Hanrahan, on Sep 23, 2022
Zero Trust is a phrase that evokes a myriad of reactions and definitions. In the vendor marketplace, it’s an often repeated slogan. For organizations, IT departments, and cybersecurity teams, it’s a challenging mountain to climb. To many of our customers, it’s a journey in which they are progressing.
At its core, Zero Trust (ZT) is generally easy to understand - every access to managed assets by people or applications is authorized dynamically every time. It no longer relies on network or “identity” as a perimeter. Instead, it validates, in real-time, that the identity and device initiating a connection to a managed device or service is authorized and not anomalous.
The benefits of adopting a ZT approach materialize in concrete results. For example, a dynamically authorized, one-user-to-one resource access control model would mitigate or prevent many common attack patterns described in MITRE. Furthermore, NIST SP 800-207 recognizes that Zero Trust architecture addresses the prevention of data breaches and internal lateral movement.
Adopting a Zero Trust approach will be a long journey for most.
Retrofitting a technology environment to follow ZT introduces some very real budget, people, process, and technology challenges. You’ll need highly qualified staff across a range of technology disciplines, as well as tight project management coordination. And that’s just the internal organizational challenges.
In the vendor market, there are hundreds of products that could be used in countless combinations. The exercise of choosing which solutions to use is a major undertaking in and of itself, not to mention the planning and implementation of a comprehensive zero trust strategy. Most organizations will need to carefully prioritize the aspects of ZT they choose to implement and the scope of implementation to maximize their ROI while minimizing disruption.
There is some guidance out there. However, while multiple ZT strategies have been suggested by organizations, such as NIST, practical guidance on achieving zero trust is lacking.
So, where do you start?
Look for high-impact, quick ROI measures which address fundamental issues that undermine your security posture - whether or not you’re on a path to ZT. There is a myriad of attack techniques employed by cyber adversaries which ZT can help address, but there is one that is consistently available and used: lateral movement using standing/static privileged access. If your adversary compromises a privileged user credential, there’s a 100% chance they’ll use it to harvest other user credentials and move to every other accessible system until they achieve their objectives.
This standing access can be largely eliminated within days using the Remediant PAM+™ approach.
Rather than focusing on authentication (passwords), Remediant PAM+™ is a novel concept in cybersecurity focused on authorization. Remediant’s SecureONE removes the standing privileged access in your environment very quickly using a unique combination of Zero Standing Privilege and Just-In-Time-Access (ZSP & JITA). SecureONE doesn’t rely on agents, complex infrastructure, or significant changes to user workflows.
The chart above shows the first phase of removing standing privileged access in a customer environment. You’ll note a rapid change over a few days where the organization removed standing access, and began using just-in-time access which expires and is removed automatically.
Our partner, Tidal Cyber, has built an action-oriented platform that shows you how removing standing privilege mitigates a host of documented MITRE ATT&CK techniques.
How does Remediant PAM+™ help achieve Zero Trust?
To be clear, the PAM+ approach is not the same as ZT. However, PAM+ is aligned to ZT principles and is an essential part of moving from legacy practices to ZT.
Zero Trust insulates resources from one another on a network level and uses ephemeral credentials so that the impact of a single compromised device or user is greatly contained. A fully realized Zero Trust Architecture requires invasive changes to your network, user accounts, user authorizations, IT workflows as well as the definition of granular policies. This is a giant undertaking. After all that work, if your architecture trusts the device, user, and behavior pattern, it will allow access, even to skilled adversaries who will continue to compromise legitimate endpoints and piggyback on authenticated, authorized user sessions to reach their target device, application, or data.
Remediant PAM+ helps you achieve a consistent Zero Trust architecture by:
- Eliminating standing privileged access which would undermine your ZTA if not removed
- Isolating resources from one another by removing the access that would otherwise allow an adversary to move among them
- Implementing PAM+, which can be completed in days, not months.
A full Zero Trust Architecture may not be in the cards for every organization, but every organization thinking about going on a ZT journey needs to address the Standing Privileged Access problem. When pursuing a ZT implementation, it is very important to maintain control of the privileged access that attackers use to circumvent security controls - including ZT!
Interested in learning how Remediant PAM+ can help you on your ZT journey? Reach out and request a demo using the link in the header.