Extending Zero Trust Architecture to Mitigate Insider Threats
NIST SP800-207 on Zero Trust Architecture (ZTA) states “No enterprise can eliminate cybersecurity risk…” At the end of the day, you still have to trust people to perform authorized activity, even when strictly adhering to zero trust principles like multi-factor authentication, network segmentation, and least privilege. The challenge is malicious insiders or an attacker with stolen credentials is an ever present threat, even within a functional ZTA. Without a doubt, the security breaches in 2020 highlighted these threats. How can you augment your zero trust initiatives to monitor, detect, and respond to these threats?
Micro Focus adaptive behavior intelligence continuously calculates entity risk associated with activity on the network, enabling Identity, Credential, and Access Management (ICAM) systems to automatically respond to changes in the level of risk by enforcing adaptive risk policies such as step-up authentication, user access/permissions review, or outright terminating their access.
· More quickly detect and respond to insider threats
· Leverage data sources already being collected (i.e. existing log files and data streams)
· Implement built-in Mitre ATT&CK data models and unsupervised machine learning without requiring a data scientist to
· Move to a least-privilege model through governance
· Apply DevSecOps to onboard new applications with Zero Trust built-in from the start