In an ultra-connected world like ours, it is difficult to imagine a fully secure network. Data, in innumerable volumes, is at the center of everything. Public administrations, education and the health sector use the Internet to facilitate access to their data and must therefore continually improve the security of their networks and data.
Internal risks: no longer be confined to the “fortified castle” approach
Current cyber attacks are no longer limited to intrusions from outside. The most sophisticated attacks are often carried out by people already infiltrated into the company.
Originally, we thought in terms of zones, perimeters and network segments, and all the resources to be protected were placed “inside” this perimeter. However, attack methods are constantly evolving and systematically exploiting weak points in the network, in order to find new possibilities for infiltrating the security perimeter. It is also important to realize that the “castle” approach to network defenses is especially effective against threats from outside. But what happens when these threats come from within? How to manage modern attacks that play on several levels to neutralize the network? How to protect your network against people who have legitimate access to all of the resources? How to fight cyber attacks which are now constantly evolving and are becoming more and more frequent? To these questions are added regulations such as the GDPR and the record fines that accompany them. It is therefore obvious that a network attack and a data breach are among the worst threats that can happen to a business. With these problems as a backdrop, we are forced to reassess and rethink the defenses of our networks, our users and our data.
Zero-Trust model: a modern approach to cybersecurity
The Zero-Trust model addresses the issues and addresses the gaps in our cybersecurity strategies. This model essentially amounts to “not trust anyone”. It posits that no one is completely reliable, that access should be as limited as possible, and that trust is a vulnerability like any other that can put your network at risk.
The main precepts of the Zero-Trust model:
- Networks need to be redesigned so that traffic and East-West access can be limited.
- Incident detection and countermeasures must be facilitated and improved by using advanced analysis and automation solutions, as well as by implementing centralized management and vision of the network, data and workloads. , users and devices used.
- Access should be as limited as possible, limiting excessive privileges regardless of the users.
- In multi-vendor networks, all solutions must be integrated and interact seamlessly, to ensure compliance and unified security. These solutions must also remain simple to use, in order to avoid any unnecessary complexity.
Danger of safety blind spots
Internet encryption has experienced phenomenal growth in recent years. Google says that more than 90% of the traffic passing through its services is encrypted. The other suppliers make the same observation. This increase is linked to many factors, including the demand for confidentiality.
However, encryption creates a “blind spot” in the defenses of our networks, because most of the security devices we use are not designed to decrypt and inspect traffic. The Zero-Trust model is not immune to this problem, as visibility is considered to be one of the key elements of a successful implementation. In the absence of full visibility of encrypted traffic, the model fails, which introduces vulnerabilities exploitable by hackers both inside and outside.
TLS / SSL decryption: one of the main pillars of the Zero-Trust model
A centralized and dedicated decryption solution must be placed at the heart of the Zero-Trust model and must be an integral part of the components of the security strategy.
Many security solution providers say they can decrypt their own traffic, regardless of a centralized decryption solution. However, this “distributed decryption” approach can introduce new problems, particularly in the form of network performance losses and bottlenecks, and correcting them would involve costly upgrades. In a multi-vendor security infrastructure covering very different devices, “distributed decryption” also forces the deployment of private keys in multiple locations, creating an unnecessarily large attack surface open to abuse.
The keys to an effective TLS / SSL decryption solution
It is important that a dedicated, centralized decryption solution provides complete visibility of the enterprise security infrastructure for TLS / SSL traffic. But that’s not all, the security approach of this solution must also cover several layers, in order to allow it to be deployed at the heart of a Zero-Trust network.
Here are some of the features to look for when implementing a TLS / SSL encryption solution:
- Full visibility of traffic – The entire security infrastructure must be able to inspect all traffic in clear text, very quickly, in order to block encrypted attacks and data breaches
- Simple integration – It must remain agnostic with respect to suppliers and integrate with the security devices already deployed on the network. This helps control costs and upgrades.
- Multi-layer security services – These are additional security services, in particular URL filtering, visibility of applications and their control, intelligence on threats and advanced investigations, in order to reinforce the effectiveness of overall security of the corporate network.
- User access control – The product must be able to apply authentication and authorization policies to limit unnecessary access, keep a record of access information and differentiate security policies based on user and group identifiers .
- Microsegmentation – The solution must facilitate microsegmentation by authorizing granular traffic control, based on user and group identifiers, and support multi-tenant mode.
- Securing access to the cloud – SaaS security is an important feature which can be ensured by applying tenant access control and user activity visibility.
In conclusion, in the absence of a centralized and dedicated TLS / SSL decryption solution, the Zero-Trust model can no longer fulfill its main function, which is to protect networks, users and data as well against threats coming from outside, only from inside.
By Yann Fralo, Country Manger France, A10 Networks