We've all seen a movie where a suspect is read his or her Miranda rights: "You have the right to remain silent. Anything you say can be used against you in a court of law. You have the right to have a lawyer with you during questioning."
Unfortunately, the apps on your computer are not aware they should remain silent until an not aware they should remain silent until an attorney advises them to speak and act on your behalf. For this reason, organizations are going beyond next-generation firewalls, internet filtering and core security programs with advanced detection capabilities by implementing software that takes a zero-trust perspective on all applications.
"Zero trust" is security in reverse. Our computers allow all types of events to occur, even in some of the most stringently managed network environments. Traditional threat detection systems are based on the fingerprints of attacks that have occurred before. Some security solutions use heuristics that define patterns of suspicious actions. Your computer doesn't change every day because the software needed for you to perform your duties doesn't change that often. The software may be updated with new features or security patches, but if your firm is switching from Word 2016 to Word 2019, then somebody is consciously making that change.
The world is generating over 600,000 new variants of malware per day, which means the number of "unknown" software programs is far greater than "known" software. Detection is important, and it should be paired with zero-trust security. Zero-trust security policies have four components: approved/denied applications, ring-fencing, storage control and tamper resistance. In this article, we will address approved/denied applications whereby only the computers you need to use are trusted to operate.
Your computer has three types of applications: apps you use, apps you never use and apps you are not even aware exist. I use about 19-21 applications over the course of a month. However, my computer has 4,037 executable (EXE) files - and that doesn't include all the dynamic link libraries, Java, PowerShell or other scripts.
Every application on your computer can be infiltrated and weaponized against you, so it is important to use zero-trust security policies to allow only the applications you need. For instance, you may have Solitaire or WordPad installed on your PC, but you don't use them. Yet every program on your computer has access to every other program, plus all the data you have access to within your network. While it seems logical that you could simply uninstall the unused application, the majority of the programs make your computer function so they must exist.
"Zero trust" is security in reverse.
Zero-trust security defines every piece of software installed on a computer and applies an explicit policy to either deny or allow the application to operate. These policies are not defined by a program's name, but instead by the program's hash. Each application's hash is the sum total of all the code in the executable file. The hash never changes unless the software is modified either knowingly via software updates/patches or unknowingly by way of a hack. If the program is changed in any way, it won't operate, thereby protecting the company from an infection or data compromise. When patches to the computer are released, the zero-trust security software obtains those patches in advance from Microsoft and tests them in a controlled environment. The new hashes are calculated and applied to the software automatically, allowing the update to occur.
Major software companies use a code signing key that is digitally signed by a third-party service in the same manner that Secure Sockets Layer certificates allow you to trust the website for your bank, for instance. Zero trust will explicitly trust these code signing certificates and allow updates to your project management or any other software. The zero-trust protection can be set to "learning mode" so new software can be installed and then authorized across the organization. Once zero trust is applied, only your approved applications will be allowed to operate.
For more information, visit www.omnipotech.com or call (281) 768-4308.
