Zero Trust: 3 Tests for Your Enterprise Network
Praveen Jain, Founder/CEO at WiteSand
Zero trust from a network security standpoint means there is no implicit trust given to any user or device. Each user or device – local or remote, wired or wireless – needs to be authenticated and authorized before granting access.
As a part of a defense-in-depth strategy, a series of security tools are deployed at various layers. In this article, we focus on some network-based security tools – the frontline in threat prevention.
As we have learned from COVID-19, isolation is a great form of preventing contagion. This is especially true for a zero-day attack, for which there is yet no detection nor patch.
As a preventive measure, what if we block all unwanted communications among users and devices in the enterprise network so that, in the case of a zero-day attack, its lateral movement is limited?
Test 1: Can you ping one of your peers’ laptop from your laptop in the office?
There is a good chance that you can. It’s worth asking why this communication is allowed. Do you ever need to log into other employees’ laptops? Why are laptops not isolated from other laptops?
The problem of this open communication is that if one of the employee laptops is infected by a zero-day exploit, it may laterally propagate into other laptops.
Test 2: Are your IoT and other devices properly segmented?
If your IoT camera is supposed to talk to on-prem DVR to store the recordings, are these fully segmented to only allow that communication? If not, any attack on an IoT camera or DVR, may spread laterally to other parts of the network.
Test 3: Are any of your offices still using a pre-shared password to connect to corporate Wi-Fi?
You may think “No way!”, but you will be surprised with the reality unless you have deployed a network access control solution or equivalent that can authenticate employees to a trusted company identity source such as Active Directory. If you haven’t, you should know that an ex-employee can hop onto the corporate WiFi network from the company parking lot.
These tests highlight just a few considerations which are often overlooked. If any of these resonate with you, please join us at our June 28 Launch Event to see how WiteSand’s cloud-based solution can help accelerate and implement your zero trust vision. There’s no software to install on-prem and no lift-and-shift of hardware.
If you can’t wait until launch, feel free to connect with us today.