Expert advice: The solutions you need to make zero trust work
SHI and SentinelOne join forces to help you plan your zero trust security stack in part two of Brad Bowers’ interview with Milad Aslaner.
Zero trust is a cybersecurity methodology that protects organizations through a simple, yet comprehensive principal: “never trust, always verify.” This means users and devices never gain access to data, applications, and networks by default, requiring them to always verify their identity and prove they aren’t compromised.
In part one of our exclusive interview series with cybersecurity leader SentinelOne, SHI’s Global Field CISO, Brad Bowers, and SentinelOne’s Head of Technology Advisory Group, Milad Aslaner, revealed how zero trust:
- Permeates through almost the entirety of an organization’s security stack
- Resolves business challenges in the cloud
- Improves user experiences
- Protects against ransomware
In part two of this exclusive three-part interview series, Brad and Milad draw from decades of cybersecurity experience to help you identify the crucial steps you must take to achieve your own zero trust transformation.
Piecing together the zero trust methodology
In our previous interview, we explored common components of zero trust such as zero trust network access (ZTNA), microsegmentation, and identity and access management. How do all these solutions play into an organization’s broader zero trust methodology?
Milad Aslaner: There are so many different vendors in the cybersecurity space; many of them will claim that by having their particular technology, you achieve zero trust. It’s not that simple, and that’s where the confusion within the industry starts.
CISA’s zero trust maturity model is an extremely helpful, vendor-neutral outline for mapping out your zero trust strategy. It includes recommended building blocks for organizations to create a mature zero trust methodology across people, processes, and technology, including solutions like ZTNA, conditional access, and endpoint detection and response (EDR).
All these different technologies play a vital role, but your organization needs to step back from all the marketing and identify where you are in your own zero trust journey. Once you’ve established your needs, goals, and pain points, you can set out to research and test the solutions you need for your zero trust strategy.
Brad Bowers: In fact, when SHI talks to clients, one of the first things we do is help them understand where they are not only in their zero trust journey, but across their entire IT and cybersecurity landscape. Most organizations already have many of the components that make up a good zero trust model; it’s about how they’re put together, how they integrate with each other, and how their workflow and processes can build an effective experience.
As Milad alluded to, there isn’t a silver bullet for achieving zero trust. Every organization has its own unique needs and requirements. That’s what makes guides like CISA’s zero trust maturity model such great tools for helping organizations on their zero trust journey.
Bolster endpoint defense with visibility monitoring
For organizations dealing with complex, ever-growing environments, it can be difficult to maintain visibility over their security landscape and attack surface. When organizations are dealing with thousands of devices and users accessing their network and data center, how do visibility monitoring and security hygiene contribute to an organization’s zero trust strategy?
MA: Today, endpoints are still organizations’ largest attack surfaces. Most modern attacks are targeting the endpoint – regardless of whether it’s ransomware, a social supply chain attack, social engineering attack, etc. Therefore, the endpoint plays a fundamental role in an environment’s security architecture.
In our first interview, we explored the zero trust concept of “assume a breach.” You need the ability to not only understand when and how you were breached, but to also quickly respond, which is why EDR is a crucial zero trust component.
You also need a strong security platform underneath that provides enhanced visibility and analytics capabilities. This enables you to judge your security hygiene and identify the various security controls on all endpoints across your landscape. A best practice for this would be to have a single interactive interface with which you can quickly understand the security posture of your environment and all devices and assets therein.
BB: I completely agree. In fact, the endpoint often is not only the primary target, but also an organization’s first line of defense. Endpoints can provide essential visibility into where a potentially compromised user is going and what access and applications they’re using.
This synergy of solutions, services, and data is an essential part of the zero trust methodology. The ability to integrate all the above into actionable intelligence is indicative not only of zero trust’s strengths, but also where the industry should be heading overall.
How does EDR factor into zero trust?
It sounds like much of this ties back into EDR. With the endpoint being such an important flashpoint in modern cyberattacks, can you elaborate on how EDR plays into an organization’s overall zero trust methodology?
MA: For your organization to embrace the “assume a breach” concept, you need to truly understand the how, why, and when of a security event. EDR and extended detection and response (XDR) are both post-breach layers that help you gain visibility and make informed decisions when you’ve been breached.
EDR and XDR also enable automated responses, so you can isolate specific endpoints with just one click. From there, security teams can kill specific processes, remediate any threats, and roll back data to a safe state prior to the breach.
ZTNA empowers remote work
Most organizations struggle to maximize productivity for remote workers without introducing them to additional risk. How does ZTNA help organizations better support and protect remote workers?
MA: ZTNA empowers organizations to securely grant remote workers access to corporate resources and services. It relates to privilege, identity management, and just-in-time access because, ultimately, these solutions are about building a trust relationship between the user identity and the applications. That’s what enables you to make informed, real-time decisions about the access you’re granting to a specific identity.
BB: Building off that, ZTNA enables organizations to layer all their security components, including identity, privileged network access, and application permissions. With ZTNA, organizations can do all this without disrupting their remote workers.
Unite your security pieces into a holistic zero trust strategy
Some of the building blocks that make up zero trust –access management, EDR, ZTNA, and more – are already in place in many organizations. How can these organizations take the next step to bring their disparate pieces together into a holistic zero trust strategy?
MA: To piece together your zero trust strategy, start by defining your journey and understanding the solution(s) you have in place today. Identify the missing pieces and roadmap a deployment that’s right-sized for your organization. Visualize your protection surface. Look into your various assets and understand where your crown jewels sit – the data, API keys, etc.
Once you understand what you’re trying to protect, the next step toward bringing your solutions together is to assess how users currently gain access to your protection surface. Map the transaction flow from both inside and outside your organization – what’s happening, which layers they interact with, which resources they connect to, etc. Then, you can identify the security control measurements you need to put in place to embrace a zero trust methodology.
Most organizations start with a small-scale security control rollout. Here’s my recommendation: test your new security policies within a specific department until you’re completely confident with the results. Then, slowly roll them out across your organization.
But to effectively test your policies and collect and analyze the data, you need two things:
- An in-house or external subject matter expert (SME) to help guide you through best practices
- A strong security platform to help aggregate and act on your data
When in a zero trust state, you’ll continuously need to validate access requests. With the help of your trusted SME and the capabilities of your security platform, you should aim to automate as many response processes as possible. It’s simply not feasible to have, for example, a user in a 5,000-employee organization wait in a virtual queue for access to the tools, apps, and data they need.
As your organization grows, automation will save you from having to rely on a tiny subset of people shoveling coals in the proverbial engine room. Instead, automation will free up your skilled workers so they can focus on their priority tasks.
BB: It’s common for organizations to wonder how they can bring their existing systems together to achieve zero trust. I completely agree with the process Milad laid out – in fact, it’s similar to how SHI helps organizations today.
At SHI, we start by looking at your organization’s current landscape:
- What solutions do you have in place?
- How do those solutions support your business?
- What are your goals for the next five years?
We not only help plan the foundations of your future solution stack, but we also help security teams bring the conversation to their leadership so that key stakeholders know exactly what they’re investing in and why.
It’s also a best practice of SHI to start small, as Milad stated, and help organizations determine where they can maximize the value of existing resources and solutions. Sometimes, we discover an organization’s biggest obstacle isn’t even their technology.
Zero trust is a three-legged stool of people, processes, and technology. The technology helps pave the way, automate historically manual tasks, and build the common taxonomy for managing events and providing user access. But organizations need to also visualize how their policy workflows will wrap around those technologies to make them effective – and in doing so, how they will affect user experience.
Building your zero trust strategy is easier with a trusted partner
Zero trust is a holistic cybersecurity methodology that involves a web of solutions, many of which you may already leverage within your organization. These include:
- Zero trust access networks (ZTNA)
- Visibility monitoring
- Endpoint detection and response (EDR)
- Extended detection and response (XDR)
- And many more
To achieve zero trust without hindering your users, you need to take a step back and look at the bigger picture. Trusted cybersecurity partners like SHI and SentinelOne can help you avoid falling into the trap of focusing on a single solution stack or technology, and instead look at zero trust through a holistic lens of achieving value while closing security gaps.
Ready to start your zero trust journey with SHI and Sentinel One? Contact our certified cybersecurity experts today.