We have all read a lot about the zero trust approach in the last couple of years. Zero trust is a really interesting concept that people are rallying around as a “must have” in cyber. It has even been embraced by the federal government as a prerequisite to building a cyber program.
Here is the White House executive order from May 2021:
“The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.
(b) Within 60 days of the date of this order, the head of each agency shall:
(i) update existing agency plans to prioritize resources for the adoption and use of cloud technology as outlined in relevant OMB guidance;
(ii) develop a plan to implement Zero Trust Architecture, which shall incorporate, as appropriate, the migration steps that the National Institute of Standards and Technology (NIST) within the Department of Commerce has outlined in standards and guidance, describe any such steps that have already been completed, identify activities that will have the most immediate security impact, and include a schedule to implement them.”
So long story short, zero trust is now more than a buzzword.
It is an approach that all federal agencies need to be aware of and make part of their plans. It is being adopted on the commercial side as well.
The question is: will it improve things?
The idea of zero trust is good but is only part of the problem. Typically zero trust focuses on the end user and making sure each person is “verified” — they have a password or they have multi-factor authentication or even more to enter the network.
OK, that seems good. The problem is that many people view “zero trust” as being rock solid if you can verify everyone who enters the network. So what happens when someone cracks the credentials of one of those authorized persons and gets into your network? Do you just forget about them? Do you track their movements and activities? What if someone breaks in and sits there, lying in wait for months? Zero trust essentially ignores these issues and doesn’t address a plan for monitoring internal traffic.
We wrote a whitepaper recently on this exact problem and why authentication does not equal zero trust. You can read that here.
These are reasons why we believe MixMode is positioned to be a core and foundational element of a zero-trust initiative. As zero trust grows, current clients and companies view MixMode’s real-time anomaly detection as a necessary element of this approach.
Technology and cybersecurity policy researcher, Tonya Riley, recently wrote for the Washington Post saying:
“Companies will need to adapt as hackers evolve. Incidents in which hackers were able to steal or fake credentials could steer more companies toward using newer ways to verify employees’ identities. CrowdStrike is encouraging its clients to take a “zero trust” security approach that requires all users to be continuously authorized and authenticated even once they’re inside a network.”
The above is an interesting idea, “requires all users to be continuously authorized…” So at what points do you do that? It seems to us that you need real-time anomaly detection to surface abnormal behaviors that would trigger such additional authorization. MixMode is perfectly positioned to answer the bell on that component.
How MixMode is Embracing Zero Trust
We shared these details in a previous article on zero trust, but it applies here as well:
Zero-trust is at the heart of the MixMode solution through its use of Self-Learning, Unsupervised AI. The AI is driven by a zero-trust generative model that initially takes no historical knowledge to function and is unbiased from human alteration. MixMode should be a fixture of any zero-trust architecture and strictly adheres to the zero-trust model. MixMode’s platform inherently makes no assumptions about the data stream it analyzes out of the gate and everything must be verified as expected behavior.
SOC teams can point MixMode at any data stream they want (i.e. a corporate network or cloud environment) and it alerts on behavior deviation, supporting the zero-trust framework through observable and independent validation of the zero-trust model.
Simply put, MixMode AI sees everything and anything that is out of the ordinary is flagged. Nothing is trusted and everything must be verified.
MixMode is committed to embracing zero trust and helping companies and government clients build the best zero-trust approach possible. Contact us for a demo today.