Insider Threats and the Zero Trust Model

Employee wrapped in caution tape representing an internal threat. Demonstrating the need for the Zero Trust model to protect against internal threats.

In a world where the threat of attack from trusted insiders and penetrating outsiders within your network has increasing impact, you need to secure not only the borders of your organization’s network to defend against outside threats but the inside of your network as well. With the Zero Trust model, organizations gain consistent protection from both outside intruders and insiders, thereby greatly improving the protection from insider threats.

Insider Threats

Insider attacks result from an employee or contractor knowingly or unknowingly causing security breaches within your organization. These employees and contractors are known as insider threats.

The Ponemon Institute’s 2018 Cost of Insider Threats reports that the greatest costs from insider threats result from employee and contractor negligence. However, credential theft occurs the most often. This shows that while some employees, like those who steal credentials, have malicious intent, the costliest threats can come from employees who don’t even realize they’ve made your network vulnerable.

Some other common insider threats can involve both insider threats and external actors. One example of this is a phishing attack. Phishing attacks begin when an external actor sends someone within an organization a message. But these attacks typically can’t be completed without someone in an organization interacting with their message. This is also an example of employee negligence. Because of this insider involvement, once an outsider gains access to the inside by phishing or another technique, they are now an inside threat. Read more about Phishing attacks and how to stop them in Impulse’s article “Prevent Phishing Attacks, Keep Your Organization Safe.”

Zero Trust Model

The Zero Trust model lets organizations account for both internal and external threats to their network’s security. This greatly improves protection from internal threats. The model’s effectiveness derives from viewing everything, whether it’s connecting from inside or outside your network, as a source of potential threats. One example of techniques used to narrow trust is network segmentation. It enables the modification of networks’ structures to defend against internal attacks. This allows for the creation of subnetworks with different levels of permission. Under these levels of permission, each device and user are given access to only required resources.  

Network segmentation minimizes the chance of compromised devices infecting other devices on a network while the different levels of permission limit access to sensitive information. Under this strategy, specific subnets would need to be compromised before reaching sensitive information. Perhaps the most apparent application of a subnet technique is when organizations have separate guest and secure networks for their organizations. And while segmentation is an important technique, zero trust implementations like a Software Defined Perimeter can go so far as “a perimeter of one”—a secure, isolated connection for that one device and user to the application server.

How to Apply Zero Trust

One advantage of many Zero Trust techniques is that they overlay your existing network and thereby don’t require significant network changes. For example, the approach outlined by the Cloud Security Alliance (CSA) implements a Software Defined Perimeter that requires few if any changes to VLANs or firewall settings.

Tools that follow the CSA’s lead integrate with existing portions of your enterprise infrastructure, such as your Identity Access Management system through SAML or other protocols to permit you to easily leverage user identity and role information to apply it to granularly trust devices and users. In most cases, such an SDP can easily replace an existing VPN client while also providing a consistent approach to accessing application services when a user is within the network or working remotely. As such, SDP can be seen as both a Zero Trust solution and a next generation VPN technology.

SafeConnect Software Defined Perimeter

Impulse’s SafeConnect Software Defined Perimeter (SDP) is a more secure alternative to traditional VPNs. SafeConnect SDP delivers Zero Trust using a software-as-a-service model that allows users to access their corporate networks from anywhere while protecting your valuable data from internal attacks.

To learn more about SafeConnect SDP and request a 30-day trial subscription, visit Impulse’s SDP page.

Comments are closed.