Zero Trust is a critical strategy for defending our ever-growing digital attack surfaces. But Zero Trust Architecture is incomplete without device firmware and hardware verification. While adding context-aware checks on user activities does help, it cannot account for the many functions that occur inside a device, below the operating system.
Three simple checks on device integrity can pave the way in this regard. Here are some examples:
- Add device vulnerability and firmware patch level risk to network access control. Access from an at-risk device has a long tail of impact. Once data is processed by the device, firmware attacks that happen later may bypass controls like encryption or security software that might have otherwise protected critical resources. Before enabling a device to affect mission-critical assets, check for vulnerabilities and updates.
- Extend context-aware access control to include device behaviors. Just like access patterns can reveal risky user activity, devices have common behavior profiles, and anomalies can reveal low-level tampering or installation of malicious firmware.
- Inventory components inside a device in order to enable revocation based on component properties if needed. The ability to revoke access to online sessions or offline data should extend to the device itself. If future events reveal backdoors or serious supply chain concerns, a component level inventory will help quantify exposure and enable quick and decisive action if it becomes necessary.
A simple Eclypsium scan collects the information needed for these actions and more. Connect with us to discuss what might be appropriate for your environment.
*** This is a Security Bloggers Network syndicated blog from Eclypsium authored by Eclypsium. Read the original post at: https://eclypsium.com/2021/08/17/three-steps-to-complete-your-zero-trust-architecture/