Beyond the Perimeter: A New Model to Prevent Cyber Attacks
For years now, organizations have approached network security as a question of perimeter defense. The outside of the network commands the bigger focus because IT professionals believe it to be the obvious source of a cyber attack, while traffic on the inside is trusted and therefore left to its own devices.
For users of this model, however, the events of the last 12 months or so will have come as a rude awakening. Target, Home Depot, JPMorgan Chase – all of these high-profile cyber attacks are believed to have been carried out with stolen usernames and passwords. Hackers were allowed to gain a foothold inside the network perimeter, passing themselves off as trusted users as they systematically harvested credit card numbers, customer records and other sensitive personal information.
It’s obvious that we need a completely new way of thinking about network security. After all, networks themselves are very different today than they were a few years ago – workforces and IT resources are becoming more geographically distributed, and organizations have more complex supply chains that require access to the IT environment. As the network perimeter grows, so too do the challenges of defending it.
With traditional security models failing, some members of the IT industry have started to suggest alternatives. One of these is the Zero Trust model from Forrester Research that calls for a reversal of the guiding principles behind network security today.
Forrester argues that organizations should follow the mantra “trust but verify”. To better protect themselves against both internal and external threats, this needs to be flipped upside down to “verify but never trust”. This means forgoing the assumption that networks can be split into trusted and untrusted segments, ensuring that in every instance access is securely provided based on who they are and where they are – and that access is continuously assessed.
What does this mean?
- All traffic should be authorized, inspected and secured regardless of location.
- Users can never be trusted with access to, or visibility of, resources that lie outside of the scope of their responsibilities.
- Every transaction must be logged and analyzed to detect and eliminate threats at the earliest convenience.
Our latest whitepaper, Preventing Cyber Attacks with a Layered Network Security Model looks at why traditional network access control models are failing, and explores how Cryptzone’s unique Zero Trust approach can be used to combat cyber attacks involving privileged user accounts. The whitepaper will show you a new five layer methodology for securing network access that enables you to dynamically control access and more effectively mitigate risk.