Putting Zero Trust 2.0 into Practice in Five Steps [Part 1: Device security]

Author
Reinhold Zurfluh
Published
15. December 2023
Companies around the world are chasing a competitive edge and greater agility through accelerated innovation. Security experts agree that traditional network and security approaches need to be rethought if this is to be achieved in future-proof IT environments without compromising the security of users, workloads and devices. This is why we recommend switching to a zero-trust architecture. In a five-part blog series, we will show you specific approaches for practical implementation based on the five pillars “Identity”, “Devices”, “Networks”, “Applications & Workloads” and “Data”. Part one is dedicated to device security – a central aspect in a world where cyber threats are constantly on the rise.

In an increasingly digital world with ever-growing cyber threats, the need for robust cyber security strategies is paramount. This is where Zero Trust 2.0 – a comprehensive framework developed by the Cyber Security and Infrastructure Security Agency (CISA) – comes into play. We have already reported on this in another blog article.

Zero Trust 2.0 builds on the principles of zero-trust architecture and introduces five interconnected pillars to create a stronger defence against today’s cyber threats. Our blog series will look at each of the pillars and showcase specific measures and approaches that can be used to achieve an advanced level of security with existing technologies.

Device Security as a Supporting Pillar

One pillar of Zero Trust 2.0 focuses on the security of devices – the basis of our digital world in terms of cyber security. From laptops and smartphones through to IoT devices: while these endpoints connect us to the digital universe, they also represent significant vulnerabilities at the same time. This is where device security comes into play with Zero Trust 2.0.

In this section, we will look at the critical aspects of this pillar and examine specific measures and approaches you can take to raise your device security to an advanced level – all using existing technologies.

To achieve an advanced level of security, companies should:

  1. Implement endpoint detection & response (EDR) solutions to continuously monitor devices and respond to threats.
  2. Use mobile device management (MDM) systems to enforce security policies on mobile devices.
  3. Use network access control (NAC) to ensure that only trusted devices can access the network.

Continuous Vigilance With Endpoint Detection & Response (EDR)

At the heart of device security lies the principle of constant vigilance. While traditional security models relied on protecting the environment, Zero Trust 2.0 recognises that threats can also come from within and that they can adapt quickly. Implementing EDR solutions can minimise these risks.

EDR goes beyond traditional antivirus software by continuously monitoring endpoints for suspicious activity. If a potential threat is detected, the EDR solution reacts in real time and isolates the device or takes the necessary measures to neutralise the threat. This level of proactive protection is essential in today’s threat landscape.

Mobile Devices Require Special Attention

The ubiquity of mobile devices in everyday professional and private life makes them a prime target for cyber criminals, so it is crucial to extend the principles of Zero Trust to these devices. Mobile device management (MDM) systems play a central role here and enable companies to enforce security policies for mobile devices. They also guarantee that these devices are patched to the latest standard, that encryption is activated and that they are configured securely, all of which helps to ensure that mobile devices do not become weak points in the security chain.

Access Control With Network Access Control (NAC)

Ensuring that only authorised persons and devices can access your network is a cornerstone of Zero Trust. NAC solutions offer the opportunity to do just that. They enforce policies that grant or deny access based on device status and identity. For example, a device that does not have up-to-date anti-virus software or has known vulnerabilities can be denied access to sensitive resources until it satisfies the security standards. NAC thus increases security by ensuring that only trusted devices can connect to the network. This reduces the attack surface and optimises the zero-trust approach.

A Harmonised Approach to Device Security

An advanced level of device security requires a holistic approach. It is not enough to rely solely on (just) one technology or strategy. Companies should therefore integrate EDR, MDM and NAC into a standardised security framework. These technologies work in tandem and together form an optimal defence against threats at the endpoint – based on Zero Trust. In addition, regular security assessments and penetration tests can reveal weaknesses in your device security strategy and enable continuous improvement.

Our Specific Implementation Tip for Device Security Based on Zero Trust

The implementation of the zero-trust framework requires careful planning. A key aspect is the categorisation of endpoints for the Zero Trust Network Access (ZTNA), be it based on agents or communication behaviour – even for IoT devices.

Examples of endpoint categorisation

  • Internal compliant devices
    These are devices that belong to the domain and satisfy certain security requirements, such as a valid certificate or up-to-date anti-malware software.
  • Internal devices with access to sensitive data 
    These devices must fulfil specific requirements (such as internal compliant devices) and in addition a valid company certificate, current EDR solution and more.
  • Other categories such as external devices, IoT devices etc.

Important Decision Criteria for Security Rules

Categorising all endpoints is essential for creating security rules on a firewall or policy enforcement point (PEP). In this way, each device is identified and access is only granted to authorised end devices.

However, categorising endpoints is only one part of the puzzle. Further information must be taken into account for a full implementation of the ZTNA approach. This includes:

  • Users and group memberships
    Identification of the user and their group memberships to control access based on individual authorisations.
  • Location (geo-IP, IP range)
    Consideration of the location of the user or device in order to control access from certain geographical regions.
  • Application used
    Identification of the applications used based on data traffic in order to control access to specific applications.
  • Access target
    Consideration of the target to be accessed and possibly a time schedule for access.
  • Further data analysis
    Additional data analysis, such as the detection of malware, zero-day attacks and command-and-control traffic, to identify threats in real time.

Organisations can achieve a higher level of security and compliance by implementing these technical measures and continuously monitoring endpoints. The combination of all these factors enables precise and adaptive control of the network access by end devices, which corresponds to the zero-trust principle.

Zero Trust on the End Device – A Summary and Outlook

To summarise, device security within the concept of Zero Trust 2.0 forms the foundation of any robust cyber security strategy. Companies can strengthen their digital line of defence by implementing EDR for continuous vigilance, MDM for mobile device control and NAC for targeted access control. The advanced level of device security is not achieved through a single measure, but through a comprehensive, integrated approach that adapts to the constantly changing threat landscape.

The implementation of suitable technologies and strategies helps to ensure that your devices become reliable partners in the digital world and not vulnerable weak points. This is crucial to protect yourself in an increasingly complex and threatening digital world

Zero Trust – What Comes Next...

The second part of the blog series will look at another important aspect of Zero Trust 2.0: identities. In the dynamic threat landscape, controlling access to your digital realm is of immense importance – and identities are the gatekeepers.

Would you like to deepen your insight?

Our blog series "Zero Trust 2.0 - Implemented in 5 steps" gives you a complete 360° perspective:

Part 1: Device security
Part 2: Identity management
Part 3: Network security
Part 4: Data security
Part 5: Analytics and automation

We wish you an inspiring read.

 

Share article