By Danny Harris, Ph.D., PMP                                                             Co-Author, Dimitri Dizna 

Former CIO, U.S. Department of Education                                                      CEO, BINARC                                

Senior Strategic Advisor, BINARC                                                                    Senior Solutions Architect

Cybersecurity in the Age of “Zero Trust”

While cybersecurity has long presented serious and evolving threats, several relatively recent developments have ushered in a whole new set of challenges and dramatically altered the overall cybersecurity landscape. Perhaps most notable is the COVID-19 pandemic and the shift to large-scale remote work virtually overnight. The transition clearly presents security vulnerabilities, as thousands of organizations are suddenly forced to accommodate fully remote work without proper security protocols and procedures.

While estimates vary, there is little doubt that attackers go to great effort to exploit known and unknown vulnerabilities. In its recently released 2020 Internet Crime Report, the Federal Bureau of Investigation indicated that it received a record 791,000+ complaints in 2020 (up 69 percent from 2019), with reported losses exceeding $4.1 billion. This and several other factors—such as increased integration of cloud services and the Internet of Things (IoT)—have given rise to a widespread “zero trust” security model that likely will remain the norm for some time to come.

What is Zero Trust?

Zero Trust is a strategic initiative intended to help prevent data breaches by altogether eliminating the concept of “trust” from an organization's network architecture. John Kindervag coined the term "Zero Trust" while serving as vice president and principal analyst at Forrester Research. This new "never trust, always verify" model is based on the premise that traditional security models operate on an outdated assumption that everything inside an organization's network is trustworthy. The goal is to safeguard modern digital environments by leveraging network segmentation and limiting lateral movement.

Compared to the prior “broken trust” model whereby it was assumed that all users could be trusted, the Zero Trust model views trust as a vulnerability. All network users, including threat actors able to access the network as a user, can move laterally across the network and access network data and other assets. According to a recent Markets and Markets report, the global Zero Trust security market is estimated to increase by more than 17 percent over the next few years, from $19.6 billion in 2020 to more than $51 billion by 2026.

Microsoft Responds with Azure Sentinel

Microsoft’s Azure Sentinel is a cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) service designed to help address the various challenges associated with this new Zero Trust paradigm.

The Zero Trust model includes four (4) primary components, all of which need to be addressed in concert to successfully mitigate cybersecurity risks:

• Identity
• Security
• Compliance
• Skilling

1. Identity

A company's security perimeter is no longer physical in nature; rather, it is comprised of several dispersed access points. Identities now represent the new security perimeter and should serve as the basis for all access decisions. The identity of any resource, user, device or service is vital to the context needed for developing appropriate access policies.

Azure Sentinel’s Identity Protection tool enables organizations to:

• Automate the discovery and remediation of identity-based risks;
• Examine risks using data such as network logs and events to understand user behavior; and
• Export risk detection data to third-party services for further investigation.

Microsoft recently enhanced Azure Active Directory (Azure AD) with new capabilities such as:

• Password-less authentication, which is now generally available for all cloud and hybrid environments and which addresses one of the weakest links in the current security landscape. Users can sign in to a cloud network via biometrics, an icon on Windows Hello for Business, the Microsoft Authenticator app or a FIDO2 security key;
• Azure AD Conditional Access, which is at the core of the Zero Trust solution and now applies authentication context to allow for even more granular access policies; and 
• Verifiable credentials to confirm information such as educational or professional certifications without collecting and storing personal data.

2. Security

Central to the Zero Trust model is the assumption of breach. Micro-segmentation (a/k/a “zoning”) provides the opportunity to divide a security perimeter into smaller segments. It also allows for separate access policies for different parts of the network.

Azure Sentinel offers several new and integrated capabilities: 

• Microsoft Defender for Endpoint and Defender for Office 365, which allows businesses to prevent, detect, investigate and respond to threats directly from the Microsoft 365 Defender portal; 
• Standardization of incidents, schema and user experiences between Microsoft 365 Defender and Azure Sentinel; and
• Threat Analytics, a set of reports that enable organizations to understand, prevent and mitigate various types of attacks directly within Microsoft 365 Defender.

3. Compliance

Azure Sentinel is designed to protect against insider threats to the same degree as outside attacks. As this principle is applicable not only to Microsoft's cloud but to all clouds and platforms its customers utilize, Microsoft's new platform has stretched its inside-out protection capabilities to third parties through several new compliance offerings:

• Co-authoring documents through the Microsoft Information Protection feature, which allows multiple users to work concurrently on documents; 
• Microsoft 365 Insider Risk Management Analytics to help identify possible internal risk activity and notify policy configurations to stop it;
• Data loss prevention (DLP) for Chrome browsers and on-premises server environments; and
• Azure Purview, a unified data governance service integrated with Microsoft Information Protection. This tool enables organizations to implement the same security labels as those defined in the Microsoft 365 Compliance Center to data residing in third-party clouds and on-premises environments.

4. Skilling

Skilling rounds out Microsoft's Zero Trust solution. This refers to the skills gap shortfall of IT security professionals that is estimated to involve some 3.5 million such professionals by the end of 2021. As a result, Microsoft is providing user learning resources to help bridge the skills gap and offers four (4) new related certifications:

• Security, Compliance, and Identity Fundamentals
• Information Protection Administrator Associate
• Security Operations Analyst Associate
• Identity and Access Administrator Associate

Although still in its infancy, Zero Trust is already transforming the security industry. The Zero Trust model and Microsoft Azure Sentinel represent the best defense against a dynamic cybersecurity landscape in which global attacks will only continue to increase both in frequency and level of sophistication. 

About Us

BINARC is a Microsoft Managed Services Provider that has utilized best-in-class people and tools to solve complex IT challenges for more than 20 years. We deliver customized IT solutions to drive digital transformation and improve efficiency, security, and remote work capabilities for clients large and small in both the public and private sectors. We can design and implement a “future-proof” Azure Sentinel solution tailored to your business goals and budget. To learn more about our Microsoft Security Solutions, visit Microsoft Security Solutions | Azure Sentinel | BINARC. 

For more, contact us by phone at 202-681-7787 or online. You may also schedule a free 30-minute IT architecture strategy session via our online booking tool.