Workload and Application Security Blog

Four Tenets of Zero Trust Workload Protection

Written by Virsec | Apr 2, 2021 2:45:55 PM

To better protect our enterprise systems, the Zero Trust model must be re-defined and expanded to cover applications and cloud workloads during runtime. This is the only way to ensure that the right code and processes can execute and nothing else, regardless of the threat environment.

1. ‘We’ve Never Seen This Before’ is Not an Excuse

At recent Senate hearings around the SolarWinds attack, a common refrain was “this is unprecedented” or “we’ve never seen this before,” implying a reasonable excuse for why extensive security measures failed. This response should send up red flags. 

This mentality will allow evasive attacks not only to succeed but multiply. We must admit that most of our current security technology has holes. Big ones. We must utilize new security tools that can stop sophisticated attacks that currently execute undetected at runtime.

 

2. Never Trust – Always Verify

Zero Trust seems like a bit of an oxymoron. Business requires establishing trust, and if you can’t trust anything, you should probably close the doors. In fact, an underlying purpose of security is to enable trust by reducing risks.

Maybe a more apt term is the typical approach that parents take with teenagers – “trust but verify.” In fact, NIST uses a very similar definition: “Zero Trust security is based on the premise that trust is never granted implicitly but must be continually evaluated.” [i]

Since we deployed Virsec, we have detected and stopped every nation-state attack including SolarWinds.” Chief Technology Officer, Fortune 100 Tech Company

 

3. The Attackers are Already Inside

While a bit alarming, Zero Trust tells us we can’t assume that our networks are safe, or that we can reliably keep the bad guys out. According to NIST: “Zero Trust security models assume than an attacker is present in the environment.” 

This mindset assumes that perimeters are disappearing, and porous, and perimeter-based security will inevitably fail and not keep you safe. In fact, Google states this bluntly: “You should reject the perimeter model and embrace a philosophy of zero trust.” [ii]

4. Don’t Just Chase ‘Bad’ – Ensure ‘Good’

The vast majority of security tools focus on identifying and stopping the ‘bad stuff.’ This has led to a never-ending saga of threat chasing, creating signatures of known malware, and trying to react when the next variant strikes. As SolarWinds demonstrated, we’re not catching up, and security that requires prior knowledge will always be too little, too late. In the SolarWinds case, ‘too late’ meant more than 15 months of attacker dwell time, before the attack was discovered.

Shifting to a positive security model inherently makes sense. Rather than trying to stop everything ‘bad,’ this model focuses on making sure that code and applications only do the right thing.

Gartner recognizes the merits of this positive security model: “The use of application control (also referred to as allow-listing) to control what executables are run on a server provides an extremely powerful security protection strategy.”[iii]

 

This is the crux of Zero Trust – if you know that you’re only running the right code, and know exactly how it should execute in depth, then anything out of the ordinary can be detected and stopped.

 

Virsec Zero Trust Workload Protection

Virsec recognizes that effective security must be application-aware. Virsec is defining a new mindset that incorporates a positive security model. Instead of chasing everything that might be bad, if we can understand and define what is allowed and enforce only that, then we’ve gotten a handle on this enormous problem and reduced it to manageable size.

 

Guardrail Critical Workloads During Runtime

The Virsec Security Platform is the first solution to extend Zero Trust deep into the workload, guard-railing critical workloads during runtime. Virsec implements a Zero Trust model to effectively stop complex supply chain attacks at multiple stages.

Automated, continuous, and easy to manage, Virsec secures workloads on-premises, in the cloud or containers, and in hybrid and disaggregated environments. Virsec enables protection inside workloads where it’s urgently needed to guard enterprises’ most valuable data against today’s most sophisticated attacks.

 

[i] Zero Trust Architecture, NIST Special Publication 800-207, August 2020

[ii] CISO’s Guide to Cloud Security Transformation, Google, February 2021

[iii] Market Guide for Cloud Workload Protection, Gartner, April 2020

 

Additional Learning

White Paper: Zero Trust Workload Protection: Essential Security to Stop Advanced Cyberattacks.

White Paper: The Need for Application-Aware Workload Protection

Webinar: Defending Against Nation-State Attacks: Breaking the Kill Chain

Webinar: Zero Trust Cloud Workload Protection