Explicitly trust, implicitly deny
We’ve all seen a movie in which a suspect has his Miranda rights read to him: “You have the right to remain silent. Anything you say can be used against you in court. You have the right to have a lawyer with you during the interrogation.” Unfortunately, the applications on your computer don’t know they should be quiet until they are unaware that they should be quiet until a lawyer advises them to speak up and act on it. your name. For this reason, organizations are moving beyond next-generation firewalls, Internet filtering, and basic security programs with advanced detection capabilities by implementing software that takes a zero-trust perspective on all apps.
“Zero trust” is security upside down. Our computers allow all types of events to occur, even in some of the most tightly managed network environments. Traditional threat detection systems are based on fingerprinting attacks that have happened before. Some security solutions use heuristics that define patterns of suspicious actions. Your computer doesn’t change every day because the software you need to perform your tasks doesn’t change often. The software can be updated with new features or security patches, but if your business is moving from Word 2016 to Word 2019, someone is consciously making that change.
The world generates more than 600,000 new malware variants per day, which means that the number of “unknown” software programs is far greater than the number of “known” software. Detection is important and must be combined with zero-trust security. Zero-Trust security policies have four components: Approve/Deny Applications, Fencing, Storage Control, and Tamper Resistance. In this article, we will discuss Approved/Denied apps where only the computers you need to use are trusted to work.
Your computer has three types of applications: applications you use, applications you never use, and applications you don’t even know exist. I use about 19-21 apps in a month. However, there are 4,037 executable (EXE) files on my computer – and that’s not including all of the dynamic link libraries, Java, PowerShell, or other scripts.
Every app on your computer can be infiltrated and weaponized against you, so it’s important to use zero-trust security policies to allow only the apps you need. For example, you may have Solitaire or WordPad installed on your PC, but you are not using them. Yet every program on your computer has access to every other program, as well as every data you have access to within your network. Although it seems logical that you could simply uninstall the unused application, the majority of programs run your computer, so they must exist.
“Zero trust” is security upside down.
Zero-Trust security defines every piece of software installed on a computer and enforces an explicit policy to deny or allow the application to run. These policies are not defined by the name of a program, but rather by the hash of the program. The hash of each application is the sum total of all the code in the executable file. The hash never changes unless the software is knowingly modified via software updates/patches or unknowingly via hacking. If the program is modified in any way, it will not work, thus protecting the company from infection or data compromise. When patches are released to the computer, Zero Trust Security Software obtains those patches from Microsoft in advance and tests them in a controlled environment. The new hashes are automatically calculated and applied to the software, allowing the update to occur.
Major software vendors use a code-signing key that is digitally signed by a third-party service in much the same way as Secure Sockets Layer certificates allow you to trust your bank’s website, for example. Zero Trust will explicitly trust these code signing certificates and allow updates to your project management or other software. Zero-Trust protection can be configured in “learning mode” so that new software can be installed and then authorized across the organization. Once zero trust is applied, only your trusted apps will be allowed to run.
For more information, visit www.omnipotech.com or call (281) 768-4308.