Zero Trust is the latest term being thrown around by security vendors, consultants, and policymakers, who see it as a ‘silver-bullet’ solution to all cybersecurity woes.
Most organisations around the world claim to have plans to adopt Zero Trust in the new future, and at a time when ransomware continues to plague organisations in every sector, many are touting Zero Trust as the answer to ransomware headaches.
Covered in this article
The ransomware scourge
Double extortion
What is Zero Trust?
Stopping lateral incursions
Enforcing Zero Trust
A wider range of features
Building a foundation for success
The ransomware scourge
Many are dubbing ransomware as the greatest threat to digital business. Although this threat is not new, and has been around for decades, it has exploded in terms of frequency and sophistication over the last few years.
Where once these attacks were perpetrated by individuals, they are now carried out by highly organised cyber-criminal gangs, who buy and sell each other’s specialised skills and tools.
Similarly, where attacks once adopted a ‘mud against the wall’ approach and were one-dimensional, today, they employ targeted, multi-layered tactics that are far trickier to defend against. They are also demanding increasingly higher ransoms.
Double extortion
This is for several reasons. But most alarmingly, is a rise in double-extortion attacks, in which threat actors steal data, and over and above encrypting it, threaten to publish it as well.
After all, ransomware attacks can be infinitely more damaging than simply preventing access to data and systems. While this can be a major inconvenience and a disruption to business operations, this isn’t the end of the world.
However, if an energy or utility grid is compromised, this can lead to blackouts, gridlocks, and should safety mechanisms be breached, it can result in loss of lives, through the release of toxic chemicals, fires, or explosions.
What is Zero Trust?
There is one underlying strategy that maximises a company’s chances of mitigating the damage a ransomware attack can cause, and that is Zero Trust.
In essence, Zero Trust is an approach to security that’s based on the idea that a breach has already happened. Architectures, access control policies, and monitoring and authentication tactics are put in place to mitigate the severity of the damage a cyber-attack can cause.
In this way, Zero Trust is neither a tool nor a solution. It’s a broader concept that can be applied not only to access but more broadly across the entire cybersecurity space.
In fact, the term Zero Trust is linked to a range of concepts. Sometimes it is viewed as a particular solution architecture, sometimes as a way of applying specific technologies, and others believe it is a feature of a product or solution.
At its core, it is really a mindset from which techniques and tactics harness specific technologies, which are then applied to manage a wide range of security threats.
Stopping lateral incursions
One major benefit of adopting a Zero Trust strategy is that it prevents a critical attack technique, which uses lateral movement to perform reconnaissance throughout an entity’s range of interconnected devices, networks, applications, credentials, and databases.
Ransomware can be reliably and consistently stopped in its tracks, simply by blocking this stealthy movement across the company’s networks, systems, and architecture. In this instance, even should the perimeter be breached by a bad actor's initial entry through a number of weak points, no damage can be done.
With Zero Trust, this process happens automatically, without having to depend exclusively on human intervention, manual monitoring, and post-breach reaction. After all, the longer an attacker can remain on a company’s network, the more damage they can do. And considering that it takes around 200 days to even find out there’s a proverbial RAT in the kitchen, this is of key importance.
Only through the real-time enforcement of Zero Trust processes, practices, and tools at both device and user identity levels, can businesses adequately properly detect, defend against, and limit the impact of ransomware and other malicious tools, before it is too late, and systems are locked down, and data inaccessible.
Enforcing Zero Trust
The good news for customers around the world is that Microsoft has made sure that its newest OS, Windows 11, is compatible with and even helps to enforce a Zero Trust environment. In this instance, the environment trusts nothing and no-one. It insists on authentication for every task and interaction, ensures that least privilege is enforced, and that devices grant access for the least amount of information needed.
In fact, with Windows 11, instead of simply offering new security features, Microsoft insists that they be used and has stepped up the hardware security requirements for PCs running the new OS.
There are several ways Windows 11 helps enforce zero trust:
It uses access controls for identity-based protection: In the cloud, administrators can control and manage identities and access from a single location. For instance, with Microsoft Azure Active Directory, they have the ability to centrally manage the identities of employees as well as configure and deploy policies for the access of apps, sites, and groups. Admins can also embed compliance requirements and any new rules can be incorporated as and when needed.
Cloud-based controls enhance security and boost compliance. Microsoft’s research has revealed that multi-factor authentication is capable of blocking more than 99.9% of account compromise attacks. Conditional access enables admins to create rules based on a choice of activity or location, which reduces the opportunity for attackers to exploit vulnerabilities even more. For instance, login attempts that come from outside the country or ones that arrive at odd hours can be rejected outright. Moreover, admins can allow single sign-on, which gives users secure access to applications anytime, and from anywhere, and makes password management far easier for IT teams too.
General availability of multi-cloud security support. Now organisations are able to onboard multi-cloud resources to Azure Security Center, such as Google Cloud Platform (GCP) and Amazon Web Services (AWS), as well as protect servers by using Azure Defender for Servers based on Azure Arc.
A wider range of features
In addition, there is a range of tools that Microsoft has introduced in Windows 11 to further protect organisations from ransomware, and enforce Zero Trust.
- Protecting remote devices: With Windows 11, the Microsoft cloud makes it simpler to manage devices and apps. For instance, with Microsoft Intune, device deployment can be managed securely and remotely, and apps can simply be scaled to respond to ebbs and flows in Microsoft Windows Autopilot makes use of security settings and other controls to assist with device protection before a member of staff connects to any resources.
- Securing applications: Users can get additional protection from untrusted sources by opening files and websites in an isolated container by using Windows Defender Application Guard. Cloud-first design allows for easy extensibility with Microsoft 365, Microsoft Defender for Cloud, and Microsoft Defender for Endpoints.
- Streamline security management: Furthermore, security management can be streamlined across a wide range of locations and security can even be extended to the This protects devices, data, apps, and identities anywhere.
- Automate security maintenance: With Windows 11, cloud-based technologies enable IT admins to automatically apply updates, patches, and backups across all systems and devices. This drastically lowers the number of configuration errors and limits downtime while concurrently guarding systems against new threats. Mundane tasks can be automated, enabling admins to focus on more important activities that need human knowledge and experience.
Building a foundation for success
At Tarsus Distribution, we understand that transforming your business’s security posture needs to be a top priority, and equipping your employees with secure devices is the foundation for success.
Windows 11 Pro devices, combined with Microsoft 365, is built for secure hybrid work. They allow companies to:
- Guard their staff members against malware, viruses, phishing attempts, malicious links, and help keep confidential business data secure.
- Build layers of powerful security across devices, data, identities, applications, and the cloud.
- Streamline IT with unified, cloud-based endpoint management tools
- Set and enforce policies remotely, manage applications and identities, and easily deploy business-ready devices.
- Overcome remote collaboration challenges with one solution that includes video conferencing, productivity apps, file sharing, and more.
- Ensure that workers have secure access to critical work apps and information with a unified collaboration solution.
At Tarsus Distribution, we recommend dramatically reducing risk from attacks by replacing outdated computers and software with new, modern machines optimised for security and hybrid work. Windows 11 Pro and Microsoft 365 unites hardware and software for powerful, out-of-the-box protection to guard all devices, data, applications, identities, and services.