Gain visibility and map transaction flow. Identify the data, assets, applications, and services in the company’s hybrid network, prioritize the criticality of each, and map the transaction flows between them. John Kindervag, who created Zero Trust, has coined the term “protect surface” as the smallest reduction of the company’s attack surface based on one or more of the data, applications, assets, and services (DAAS). By defining protection surfaces and prioritizing the criticality of each, security teams can move controls as close as possible to the DAAS through use of microperimeters and microsegmentation. This also helps limit the potential East-West movement of attackers and contain the blast zone should a breach take place.
Establish micro-perimeters and segment the network. Isolate applications and devices closer to the workload, including setting up micro-perimeters. Depending on the criticality of the data, application, assets, or services within those perimeters, add further protections by also using microsegmentation.
Develop dynamic security policies. Exercise the principle of least privilege access by creating a dynamic security policy and extending multi–factor authentication for user, machine, and mutual authentication.
Monitor, enforce, and maintain. Evolve to continuous monitoring of risk and trust for each entity (users, devices, and applications) by developing a risk/trust engine – an area that’s often the most difficult to execute.
It is common for security teams to forget that chats and email accounts that live on breached networks will no longer be secure, a variety of breach responders, negotiators, and preparation consultants told SC Media.
Germany-based Ruhr-Universität Bochum (RUB) and Niederrhein University of Applied Sciences tested how well 56 combinations of browsers and operating systems are protected against 34 different XS-Leaks.