Morphisec Cybersecurity Blog

Why Lean Security Teams Should Deploy A Zero Trust Defensive Endpoint Strategy

Written by Nuni Snowden | June 25, 2021 at 7:42 PM

Zero trust security has become a major topic of conversation in the cybersecurity community. With good reason too: zero trust as a cyber security methodology helps minimize the attack surface, traditionally when it comes to identity and the network, to ensure that malicious actors have a harder time creating a foothold in critical infrastructure. 

Every organization should implement a zero trust strategy because, ultimately, reducing the amount of inherent trust in our systems and processes is one of the most efficient ways of avoiding a breach. However, there is a piece of a zero trust architecture that most organizations miss with the classic emphasis on the identity layer and the network. That missing final piece is zero trust at the endpoint. 

Deploying a zero trust endpoint strategy minimizes the attack surface in a way that is achievable for organizations of all sizes. For lean security teams, deploying a zero trust defensive endpoint strategy is critical. It ensures that they are secure from the damaging attacks that would have otherwise bypassed traditional security controls. It also enables them to harden their systems against zero-day attacks, preventing them without the need for prior knowledge.

When Zero Trust Prevents Breaches In Cybersecurity

It is well documented that zero-trust strategies help to mitigate supply chain attacks. Supply chain attacks, also called value-chain or third-party attacks, can occur when someone infiltrates a system through a third party with access to your systems and data. In other words, the adversary uses trusted applications or trusted vendors to circumvent your defenses and drop their payload. The SolarWinds attack is a perfect example of this.  

That attack involved the adversary compromising the SolarWinds Orion application and then using that access to produce and distribute trojanized updates to the software's users. Had SolarWinds’ customers used a zero trust endpoint strategy, this breach would not have occurred. In simple terms, a zero trust endpoint solution secures process memory by ensuring that even trusted applications are monitored and verified before they are allowed to run. It is necessary that zero trust strategies do not fall short of the endpoint, as that is when evasive threats, like supply chain attacks, must reveal their nefarious nature.

According to PurpleSec, 70% of small businesses are unprepared to deal with a cyberattack. This might be because 3 out of 4 small business owners say they lack the IT personnel necessary to sufficiently address cybersecurity. Big ransoms like the $5 million demand that befell the Colonial Pipeline might make the news more often, but 58% of malware attacks are against small businesses. These attacks cost small businesses an average of $34,604 per attack. Small businesses simply don’t have the budget or staff to combat the constant onslaught of these attacks through traditional means. 

Consequently, small businesses are under the ever-present threat of attacks they cannot afford simply because they cannot afford to hire sufficient personnel to help them mitigate these risks. Therefore, a zero trust, defensive endpoint strategy serves two purposes. It protects enterprises from a breach while giving security teams a fighting chance to defend their livelihood. 

How Zero Trust Prevents Breaches

A zero trust defensive strategy is a security model. More specifically, it is a set of system design principles and a coordinated cybersecurity and system management strategy based on acknowledging that threats exist both inside and outside traditional network boundaries. Historically, zero trust has emphasized the network perimeter and identity in terms of user authentication at every step. Zero trust on the endpoint “closes the loop” in terms of organizations’ zero trust solution. Though this strategy is gaining popularity, zero trust at the endpoint, more specifically at runtime, is often overlooked.

As has been said before, a zero trust security model assumes that an attack is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity. This type of strategy for the endpoint is often overlooked because the focus has been on limiting access through zero trust identity and securing the network. However, zero trust defensive endpoint strategies are necessary because of threats such as SolarWinds. 

The zero trust security model eliminates implicit trust in any one element, node, service, or user.  Again, because anyone who wants access must gain permission, a zero trust defensive endpoint strategy closes the loop on defense. 

While some teams may already have a zero trust strategy in place--the key is to extend this zero trust strategy to include your endpoints as well. Insecure endpoints have become a prime target for threat actors during the sudden shift to remote work.

How Would A Zero-Trust Strategy Help My Business/Team

Zero trust shrinks the attack surface to prevent an impressive number of threats – making it ideal for security teams who need to use their resources wisely. Preventing an attack is more cost-effective compared to the toll of detecting one and/or attempting to repair your brand name after an incident has taken place. 

Forward-thinking organizations realize that a comprehensive zero trust defensive strategy integrates the most important layers of defense: identity, network, and endpoint at run-time. By requiring traffic at all of these points to prove their credentials, zero-trust mitigates attacks earlier in the attack chain and prevents breaches. 

The appeal of this approach, in addition to its effectiveness, is how little it requires from the security team. Careful access controls keep the adversary out at the identity level, zero trust at the network level secures traffic into the perimeter, and zero trust at runtime closes down the “last mile” of open space on the endpoint. Ultimately, this defensive strategy ensures the final remaining piece of infrastructure where malicious code could piggyback on trusted code is secure. 

Conclusion 

Not applying zero trust on the endpoint creates the risk of an attack progressing once it’s able to sneak past zero trust network security and identity and access management solutions. Lean security teams will need to address these endpoint risks, especially as remote work has become part of the new normal. 

For these teams, extending zero trust to the endpoint can be critical to their organizational survival. With further minimizing the attack surface, these lean, resource-strapped security teams gain the ability to protect their enterprises from the damaging effects of a successful breach. Zero trust cuts off the chance for threat actors to hamstring their critical infrastructure.