Today, we're going to talk about Zero-trust and how it applies to cybersecurity and why should it matter to you and your business! When it applies to cybersecurity, many people want to know what Zero-Trust is, why is it important, why do we even need to do it or why should we consider it? Zero-trust has been around for a while, but it's been, quite frankly, not the easiest thing to implement, especially from an administrator standpoint. Some bad news is that these cyber criminals are getting better at what they do, but some good news is that so are cyber defenders and cyber experts have a lot of good technology out there today that helps companies achieve Zero-trust at a lot of different levels and this will educate people on why this is truly important to have.
To use the analogy of cars and safety, when people could jump back and forth from the front seat to the back seat, most people back then didn’t care. Well today, if you saw some kid flying around in the seat of the car, most people's reaction would be, "Why isn't that kid wearing a seatbelt?" Also, most people, when they get in a car or an Uber today, they strap on their seatbelt. 40, 50 years ago, that probably wasn't the case. This is exactly what is going on with cybersecurity and technology nowadays. People are learning how to use technology. In retrospect people need to learn how to be safer, better protect themselves when they go online, use our seatbelts, make sure the airbags are installed and activated. That's really the analogy that most cyber experts use around cybersecurity.
Zero-trust is, simply put, assume and trust nothing. Nothing runs or gets on the network without us saying that this is okay. Also, what “us” means in this text could be you as an individual, it could be your IT department, it could be the company in general. Zero-trust really is right now the only way you're really going to make a cyber criminal's day not good or just annoying because they can't do what they want to do, they can't do what they do on most networks. Zero-trust hamstrings cyber criminals more than anything that's out there right now and it's the way to go and it's what you should be doing for the cybersecurity in your business.
Now, cyber experts look at this in two perspectives when it comes to Zero-trust. Cybersecurity firms need to Zero-trust things on company networks and then they have to Zero-trust things on every computer, so there's two different technologies to use for that. Now, back in the day, experts used to be able to configure firewalls and routers for Zero-trust. Many cyber experts said, "Okay, this firewall doesn't have this MAC... or this firewall allows these MAC addresses," and it could be thousands if you're in a large environment, "allows these MAC addresses to communicate on its network. If it doesn't have these MAC addresses...." and if you don't know what a MAC address is, really quickly, it's kind of like a house address for your house. It's a similar thing for a computer. Every computer network device has a unique home address that translates to an IP address. The MAC address and the IP address kind of marry up. A MAC address is not an IP address though.
It's a way that cyber experts can identify devices on a network, so to speak, similar to how 911 or the trash company would identify your house. These MAC addresses are ways that we can prevent or permit people from getting onto networks. That was the old way of doing it. Good news is, is there's a lot of new technology out there that doesn't require somebody capturing a MAC address and putting in a rule to allow that traffic or that device to communicate on that network. There's a lot of different ways this can be done today. Even so, you can control networks and you can do Zero-trust from the cloud where you have computers all over the world, people at home working, servers in Amazon, servers in Microsoft, servers somewhere else, servers in your office, computers in your office. These can all be joined together in a cloud-based Zero-trust network. If you want to learn more about that, you can reach out to Xact IT Solutions. This is something Xact IT does all the time.
The other Zero-trust that you're going to want to consider right now is Zero-trust on your endpoints or on every computer that runs and the way that this works is pretty simple. Every application that runs on your computer runs what's called a process or multiple processes. These processes, think of them like mini programs that run behind the scenes that make your programs work. Google Chrome, for example, runs as a process called Chrome.exe. Now, if you open your Google Chrome and you have tons of extensions installed, maybe you have four or five, six, 10 tabs open when you fire up your Chrome or whatever, typically you're going to see multiple instances of Chrome.exe running in your task manager. If you're familiar with Windows Task Manager, all those little things that pop up when you run that are your processes or processes or applications that are running on your system.
The really cool thing about Zero-trust is the ability to permit processes that run, that cyber experts know of, that are good and deny everything else. So, what you're doing in Zero-trust is you're saying if a new process runs that we don't know about or that we haven't verified previously, block it. Block it, don't let it run and let cyber experts review that and decide if that's something that should be running on the system or not. This is a really good layer of Zero-trust to add along with kind of the cloud based or local network based Zero-trust. What this will do a lot of times is it will prevent things like third-party breaches from causing a problem. Like your software that you bought from a legitimate vendor that has a problem and somebody built a backdoor into it and then they try to access your system using the back door and deploy things and run things, more than likely a Zero-trust application is going to block that, is going to say, "No, you can't run because I don't know who you are or what process this is running."
Even though it's embedded and running through a legitimate application that you've permitted, because this will spark up a new process on your computer, in your system, that's going to cause this program to not run if you have this security in place. Zero-trust security on the endpoint is very, very important! It'll also stop ransomware! It'll stop anything from running, even things that you download from the internet and try to run unless you disable it or put it in what experts call learning mode so it can learn what's new on the system and what it needs to learn to permit. Outside of that, nothing's going to run on your system at all that's new, that's a process. This is different than antivirus because antivirus actually scans the file once it's on there and says, "Hey, this is doing something bad. I'm going to block it. I'm going to stop it. I'm not going to let this thing do what it's trying to do." It is actually preventing an action.
Zero-trust doesn't prevent any actions, other than the fact that it says, "Are you good or are you bad? You are not in my good list, so you must be bad," and that's basically how it works. It's not there to decide if something's good or bad, it's there to say, "Are you on the allowed list? Are you on the block list? And if you're not on the allowed list, then you're by default on the block list," so it's trust nothing and assume that whatever's trying to run is a breach and that's how you handle it until you determine that whatever's trying to run is not a breach. Also, if you do these things at the network level and at the computer level, you're going to be much, much more secure! You're going to make cyber criminal's jobs very difficult; you're going to make them have a really bad day and, quite frankly, you're just going to make them move onto another target. So, implement Zero-trust security!
If you need help with this stuff, reach out to my company, XITX.com. But more importantly, remember, Xact IT, CEO- Bryan Hornung is giving away his new book Checkmate. It's free. You can sign up for it by going to our YouTube channel.
