Zero Trust is a security concept that is based on the notion that organizations should not take trust for granted, regardless of whether access attempts originate from inside or outside its perimeters. An enterprise needs to verify any attempt for connection to its systems before granting access. At the same time, the defensive layers that define the Zero Trust model should enable access for enterprise users no matter where they are and no matter what device they’re using.

The balancing act between controlling accessibility and enabling usability introduces a challenge to security teams. They will need to ensure that business enablement isn’t impacted while making sure that the risk associated with users and network entities are properly managed and mitigated.

Zero Trust leads us to focus on all organization assets regardless of their location and the risk they represent, while threat intelligence approaches within a perimeter-driven environment focus on detecting the threat within. The driving concept behind Zero Trust is to enable access to enterprise applications while evaluating associated risks, taking everything into account–including signals from threat detection, device posture, and user behavior.

I believe threat intelligence in a Zero Trust environment should be re-shaped into a dynamic signal-based indicator of threats. These signal-based indicators should be data-driven and empowered by a variety of data sources.

In order to apply a signal based approach, proper mitigations should also be introduced, such as enabling non deterministic actions to enable mitigation of non-deterministic risks associated with users or assets.

For example, let’s take users’ accessibility patterns as a signal for risk. If a user always connects from the same location or during the same hours and suddenly we can see change in that pattern, it should represent a risk.

While such changes in accessibility behavior are considered a risk and might (Read more...)