Attivo Networks Blogs

How zero trust and endpoint isolation boosts device security

Challenges security teams face in understanding and implementing zero trust were laid bare in a survey CyberRisk Alliance Business Intelligence conducted in January and February 2022 among 300 IT and cybersecurity professionals. 

But there is much security teams can do to move past those challenges. One of the less-understood elements is endpoint isolation, designed to improve device security.

It’s an approach championed by such security experts as Jonathan Gohstand, Director of Technical Marketing and Security at HP Wolf Security, which sponsored the CRA survey along with Attivo Networks. Gohstand recently discussed the survey findings and made the case for endpoint isolation in an SC Media webcast.

Survey findings

The survey represented organizations of all sizes and industries. Objectives were to gauge how well organizations understand zero trust and obtain current deployment and usage trends.

With all the attention focused on zero trust, one could reasonably expect that organizations would be in the advanced stages of implementation. But for many, deployment has been slowed by a struggle to fully comprehend the pieces that embody a zero-trust architecture, as well as lack of budget and boardroom buy-in. Among the findings:  

  • Only 35% are very familiar with zero trust concepts. The highest percentage — 40% — are only somewhat familiar, and 25% are “a little” familiar. 
  • Only 36% have implemented zero trust, while another 47% plan to adopt it in the next 12 months.
     
  • Nearly half of those who have not implemented zero trust are constrained by management/investment. Twenty-six (26%) percent cite a lack of management support and an additional 23% cite lack of budget. 
  • Ransomware attacks and remote worker risks are driving current and planned zero trust strategies. Specifically, 55% said an increase in ransomware is a motivating factor, 53% point to the increased risks from remote workers, and 32% are driven to implement zero trust out of concern over potential supply-chain attacks. 
  • Only 35% are “highly confident” in their zero trust capabilities. Sixty percent (60%) are moderately confident, and 5% are slightly confident. 

From Gohstand’s perspective, security teams must pay special attention to what it takes to better secure devices through zero trust.

“The endpoint is the key security battleground,” Gohstand said. “It’s where people, data, and the Internet meet. Organizations invest a lot in endpoint security, since that’s still where most attacks originate. So clearly, security teams have not ‘solved’ the endpoint security problem.”

Pillars of endpoint isolation

The concept of endpoint isolation is based on three pillars:

  1. Micro-virtual machines: The heart of Endpoint Isolation, which virtualizes tasks to massively decrease the attack surface while preserving user workflows. Each “risky” task such as opening a browser tab or Word file attached to an email is isolated inside its own CPU hardware enforced “micro-virtual machine”. When the task is completed, the uVM is destroyed, taking any malware with it.
  2. Introspection of each task: Real-time inspection of task activity within the uVMs, examining processes called, comparing suspicious actions, recording forensics information and processing behaviors. Unlike sandboxing, it leverages the actual endpoint environment, including user interaction with the malware.  This makes malware execution far more accurate providing better data for analytics.
  3. Cloud analytics: The introspection data is correlated with threat intelligence historical data to surface suspicious behaviors, classify new threats, and maps events to TTP frameworks.

Using these, zero trust is achieved because all untrusted sources run within an isolated space on the endpoint.  Nothing received is assumed to be trustworthy.

A broader view of zero trust and endpoint isolation for device security can be found here. More about CRA’s zero trust study – which delves deeper into all of the elements and provides NIST-based guidance to move forward, is available here.

Read the original article by Bill Brenner on SC Media.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published.

12 − eleven =

Ready to find out what’s lurking in your network?

Scroll to Top