ExtraHop and CrowdStrike on Zero Trust Security

Many organizations are interested in the zero trust security model, but few have actually implemented it, according to a new survey.

Only 24 percent of the more than 200 security and IT leaders surveyed by CyberRisk Alliance Business Intelligence said their organizations had partially or fully implemented a zero trust security solution.

Nearly two-thirds of those planning to implement zero trust expect moderate difficulties, and another 30 percent expect high difficulty. Meanwhile, nearly 25 percent of respondents who have at least partially implemented zero trust said they struggle to get full buy-in from other parts of the organization due to IT configuration issues.

In an interview with Rick Howard from the CyberWire podcast, Tom Clavel, Director of Product Marketing for ExtraHop, and Kapil Raina, Vice President of Zero Trust for CrowdStrike, observed similar challenges.

“Because zero trust requires organizations to inspect network traffic and verify the legitimacy of users and endpoints connecting to systems, some organizations struggle with how they can get complete visibility into their network traffic,” according to Clavel.

“Inspecting all the packets, inspecting all the traffic, is very often perceived as a complex process,” he told Howard from CyberWire. “And really, it’s not.”

“The ExtraHop Reveal(x) network detection and response platform provides organizations with the packet-level visibility to understand what users and devices are connecting to the network, one crucial element of zero trust security,” he noted.

In addition, ExtraHop network metadata can be integrated into CrowdStrike Falcon LogScale, a centralized log management technology that allows organizations to make data-driven decisions about the performance, security, and resiliency of their IT environments.

Using Reveal(x), security operations teams can feed network data into the Falcon LogScale platform to more quickly qualify or disqualify threats. This combination gives security analysts the ability to focus on triaging their most pressing alerts.

“While some organizations have hesitated to adopt zero trust, several factors are pushing them to consider it,” Clavel said. “Remote workforces, expanded data sharing between organizations, and an increasing reliance on contractors and partners are all encouraging companies to move toward a more comprehensive security posture.”

John Kindervag, the former Forrester Research analyst whose landmark 2010 paper, “No More Chewy Centers: The Zero Trust Model of Information Security,” created an industry-wide movement around zero trust, was also featured on the podcast.

CyberWire host Howard called Edward Snowden and Chelsea Manning the poster children for the need for zero trust: both were trusted insiders at government agencies, and they “proved that [confirming a trusted] identity is not sufficient to prevent data leaks.”

Kindervag agreed, adding, “They were trusted users on trusted devices. [Agencies] had the right patch level, the right antivirus, but nobody looked at their packets post-authentication.”

“The Snowden and Manning examples show that knowing the identity of users on a network is not a zero trust posture,” Kindervag added.

“The identity of those packets—what user they were tied to—was not in question on those networks,” he said. “No one looked at them; no one cared.”

Zero trust goes back to the concept of “who, what, where, when, why and how,” Kindervag said. “The zero trust model creates a policy that asks who should have access to a digital asset, what assets are being protected, where the protected assets are located, when a person should have access, why she should have access, and how she should have access to it.”

“It’s particularly important for organizations to understand what they need to protect,” Kindervag said. “Those who truly realize what assets are most important to protect are ‘way ahead’ of their peers.”

“Zero trust focuses on what you need to protect, and most people don’t know the answer to that,” he said. “Zero trust is designed to stop data breaches, because it focuses on what needs to be protected, not on all the things that are trying to get into your system.

“Zero trust is about protecting things that matter.”