November 3, 2020 Using Zero Trust to Protect Against Insider Threats

Organizations need to adopt zero trust and multi-factor authentication to avoid insider threats.

By Bryan Skene, CTO, Tempered

While September was Insider Threat Awareness month, it did not deter employees at Shopify from taking malicious action. Shopify, the multinational e-commerce company, confirmed a data breach incident in which rogue employees stole data from approximately 100 merchants, potentially exposing consumer data for those that shopped on the e-commerce site using the company’s software. The data that was compromised is believed to have included emails, names, addresses and order details.

It’s no surprise that organizations have a tendency to overlook the “insider threat” while focusing on protecting their networks from outside adversaries, which can cost them. Just look at the recent Twitter hack caused by compromised and manipulated insiders. Over the past two years, the number of insider incidents has increased by 47 percent, and the cost related to these incidents in 2020 is $2.79 million.

Segmenting your Network

While workforces will remain in remote conditions for the foreseeable future, many organizations have rightfully chosen to adopt a zero-trust policy to counter insider threats like the ones seen at Shopify. Newly configured architectures for network security can be found on the market that provide network invisibility, not network visibility. The idea is that hackers can’t hack what they can’t see, so you need to make your network invisible to them.

In this context, “invisible” means that all devices within your network are fully cloaked—not only to those outside of your network but also to those within it. You start with zero trust at the device and network level and then use segmentation policies to decide which devices can speak to each other.

Zero trust protects against situations like these because everything (user, server, or network) is required to establish trust first in order to communicate even within the network perimeter.

Companies should be utilizing a software-defined perimeter (SDP) that extends invisibility to cloud, multi-cloud, virtual, physical and edge environments. This provides global connectivity and mobility for entire workforces using one comprehensible policy wherever they are for whatever they need to reach securely. Best of all, this can be deployed without ripping and replacing (or even modifying in most cases) existing infrastructure.

Solutions that utilize this type of SDP to isolate the network into trusted microsegments can be deployed as overlays on top of any IP network. This creates a modern, zero-trust approach to network security that minimizes the common flaws we see in legacy products and prevents insider and external threats. It also delivers a cost-effective, quick to deploy and scalable solution that dramatically reduces cyber-risk and shrinks the network attack surface.

It’s not a matter of determining which vulnerable endpoints need to be secured because no endpoints are vulnerable—or even visible—to unauthorized users and, by extension, to hackers.

Using Multi-Factor Authentication

Password-based security is no longer sufficient for guarding against insider threats. A layered security approach is one of the best ways to protect your company from threats across all systems. It tracks users’ identities, access privileges and network activity.

Layered security starts with multi factor authentication (MFA) to verify users, track network users as they change roles and can allow for the simple deprovisioning of permissions.

Since MFA requires multiple methods for identification and requires all insiders to authenticate before accessing any enterprise resources, it’s one of the most effective methods for preventing access to enterprise information that’s off limits. Should a password be compromised, the specific account cannot be accessed without providing the second authentication factor, providing peace of mind for both users and system administrators.

Conclusion

In essence, security is about more than just denying connections. As attacks become more and more complicated and devices lose flexibility from becoming more purpose-built, we need to examine how the network can augment our security posture.

Without an insider threat protection strategy in place, many companies will end up reacting to a breach instigated by a high-risk employee, instead of preventing one. Ensure the safety of critical company data with an insider threat solution that protects against high-risk employees and other threats.

Bryan Skene

Bryan Skene is the CTO and VP of Product Development at Tempered, where he is responsible for leading a world-class team of engineers. Skene has a deep and successful track record of delivering breakthrough technology, with an eye on simplifying complex challenges for businesses. His most recent position before Tempered was VP of Engineering for Simply Measured, a social media data analytics company. Prior to that, he spent over 15 years building products at F5 Networks and was instrumental in re-engineering the company’s flagship BIG-IP software, which has become the market’s leading application delivery platform. Skene also played key roles in developing and advancing F5’s powerful portfolio of intellectual property, including global load balancing technology, BIG-IP control plane and data plane clustering, and application fluency.

Subscribe to Industry Today