As cybersecurity threats get more advanced, the industry is constantly working to stay one step ahead.
Traditionally, network protection has relied on blocking known threats. Anti-virus programs and firewalls have worked using a signature database of known threats. They then match unknown applications against this to check if they are safe to run.
However, in recent years we’ve been seeing a rapid increase in ‘zero-day attacks’. Zero-day attacks are carried out using malware or malicious code that is brand new and therefore hasn’t yet been added to any threat databases.
Trying to defend against these unknown threats has led to new innovations in the cybersecurity industry and new strategies to remain protected. One of these new methods is a zero-trust model.
The principle behind a zero-trust model is simply to not trust any applications and to continuously monitor application behaviour for any deviations from what is considered normal.
There are several parts to a zero-trust model, that can be implemented either individually or all together.
- Application whitelisting – This involves registering every application that is allowed to run on your network and blocking everything else. Whitelisting is an effective way to protect against zero-day attacks. Your system doesn’t need to know what the threat is, it just needs to know what applications are allowed to run. It’s important when implementing application whitelisting to ensure you:
- Run a thorough scan on your network, and then talk to all your employees to find out what software they’re using. This will help to ensure you have a clear picture of everything that needs to be included on your whitelist.
- Schedule a regular review and update of your list. Occasionally when an application updates, it will need to be updated in your whitelist. You will also need to add any new applications you start using and remove any you stop using.
- Behaviour monitoring – By monitoring the way your trusted applications run, you can establish what is considered normal behaviour. If malicious code is injected into your application during an update, it will be immediately detected. This will remove the application from the whitelist while the issue is investigated.
- Multi-Factor Authentication – All accounts should be protected with multi-factor authentication. When users sign in they have to enter a code only they have access to. This is the most secure way of stopping cybercriminals from breaking into user accounts.
- DNS Filtering – Stop users visiting phishing websites, or other sites that may have harmful, offensive or malicious content by implementing a DNS filter.