Black Hat 2018: Zero Trust is So Fire RN
Zero trust isn't a product or an architecture, but a philosophy, as Microsoft's David Weston stated in his talk, ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?
Security hipsters love the zero-trust network (ZTN), as can be seen by many others (Duo included) in the industry, like Google.
Why the interest in zero trust? He listed a few reasons, including the perimeter is pwned, users are bringing all of their devices to work (BYOD), and workplaces are now predominantly cloud-native.
And inevitably, attackers will get into the network through either the user with no multi-factor authentication (MFA) enabled, or the worst (insecure) device on the network.
Per John Kindervag, the zero-trust security model means a few things:
- Location is nothing - every network is considered untrusted.
- All traffic flows are rejected by default; routed only if it meets security policy (or considered trusted)
- Trust is a combination of verifying user identities and device security posture
- Access policies are dynamic, based on attributes of the user and their device requesting access
The three main benefits of a zero-trust security model include:
- Attack surface reduction
- Mandatory access control
- Principle of least privilege
An example of how an attack works starts with an initial compromise via a malicious link, which launches an executable. To move laterally, attackers use Mimikatz to steal credentials and Windows Management Instrumentation (WMI) to maintain persistence. Then they exfiltrate data.
With a zero-trust model, after a compromise, you can limit the access of an infected device and remove the ability to dump credentials, plus mandate the use of two-factor authentication (2FA) keys to make lateral movement even more difficult.
For more resources on understanding the zero-trust security approach, check out:
Moving Beyond the Perimeter: Part 1
This white paper explains the theory behind Google’s BeyondCorp security model (built upon the concept of zero trust), the different components required and the overall security architecture.
Moving Beyond the Perimeter: Part 2
Part two of this series explains how to easily build a new enterprise security model within your organization, including an outline of the maturity process.
BeyondCorp at Google
Google's research papers, principles, mission, guidelines and additional resources on BeyondCorp.