In 2023, ransomware payments amounted to $1.1 billion, with cybercriminals profiting heavily from open gaps in organizations’ security structures. The rising increase in ransomware attacks reveals the critical need for comprehensive security and how essential it is for organizations to build zero-trust architectures that include zero-trust segmentation (ZTS) at their core. The new zero-trust information sheet from the National Security Agency (NSA) is a pivotal step for the cybersecurity industry collective, as the guidelines provide organizations in both the public and private sectors with the necessary framework to approach zero-trust.
Ransomware attacks require flat networks, which connect devices to a single network segment without hierarchy or central control. That leaves one entry point for bad actors to exploit and gain access to all the data in your system. Segmentation eliminates that risk. The NSA’s information sheet reaffirms the value of building zero-trust to harden network security by recognizing that segmentation is an essential component of zero-trust.
I believe there has been so much focus on the identity pillar—identifying every user and entity requesting system access—that very few organizations have recognized the importance of network security controls in building zero-trust environments, both on-premises and in various clouds. Security experts should focus on implementing policy controls in their network environments, ensuring that only those needing data access have it.
The 2013 Target data breach illustrates the importance of ZTS. The NSA cites it as an example of a data breach that occurred due to a lack of network segmentation; more precisely, the retailer didn’t properly segment their cardholder data environment away from the rest of the network. So when attackers compromised the HVAC control system, there was no way to prevent them from moving laterally within the network and gaining access to credit card information.
It’s common for critics to blame the HVAC company; however, the reality is that the breach was an architectural problem. It was a violation of the PCI data security standard, which calls for effective and operational network segmentation to separate credit card data from the rest.
Visibility, containment and operational consistency are a few of the core tenets I’ve long believed are necessary for achieving a robust and lasting zero-trust architecture. As complements to segmentation, visibility tools allow teams to monitor movement and operations within a network and subsequently support the containment of any unusual activity before it extends to other parts of an organization. Having these proactive measures in place ensures an organization can operate efficiently without suffering disruptions due to a breach.
The question now is: What do these NSA guidelines mean for the State of zero-trust today, and how can we ensure an effective approach to zero-trust?
Early on in my zero-trust career, I learned that in order to build a successful zero-trust environment, you need to first understand how a system works together. This involves deciding who should have access to what application, where and when, and granting that access on a need-to-know basis.
Who, what, where, why and how is a paradigm we all understand. I call it the Kipling method in homage to Rudyard Kipling’s poem. This foundational understanding helped me create a Five-Step Model to zero-trust that includes data flow mapping. Security teams must commit the time to understand how the networks work by mapping the transaction flows to and from the protected surface, including how various DAAS components interact with other resources on the network. This is made possible by using visibility tools that provide insight into the movement and digital activity, allowing security teams to detect anything unusual occurring in their systems and provide guidance on implementing control policies.
Just as we lock the doors to our houses or workplaces to ensure only authorized people with keys can get in, segmentation and control are vital to preventing unauthorized users from accessing information.
This NSA’s zero-trust guidance provides organizations worldwide with an understanding of the value of network security controls and how to embrace the ZTS model to secure their environments and minimize the damage of cyberattacks.