Nation-state cyberattacks have never been more complex than they are right now. The fallout of the SolarWinds breach continues to reverberate across the industry, and the conversation is shifting to how to mitigate and defend against the next attack on this scale.
There is no silver bullet for the insidious nature of supply chain attacks. What the latest attack demonstrates is that a sufficiently dedicated and resourced attacker, such as a nation-state attacker, will always find a way to get in. Assuming that someone is already in an organization’s network is a mindset that is key to successfully modeling for network and infrastructure security. Questions IT managers should be consistently asking themselves are, ‘How do you reduce the impact of such powerful attacks?’, ‘What is the best way to detect them and ultimately kick them out?’
Zero Trust network design is a principle that helps with the first point – reducing the impact of an attack – by containing the attacker and limiting their lateral movement. As an example, in a fully permissive and open network, an attacker that obtains a foothold on a regular employee’s machine has open access to attempt exploits on privileged machines on the network. This can be accomplished virtually undetected, leaving the attacker to gradually embed themselves deeper into an organization.
On the other hand, a Zero Trust network will make an adversary work harder, significantly tripping more alarms and increasing the opportunity for detection by forcing the attacker to cross more “gates” via impersonation or other techniques.