Service

Zero Trust Assessment and Planning

Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization’s network architecture. Rooted in the principle of “never trust, always verify” Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular user-access control.

Why will your organization need zero trust?

Today’s organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located.

Assess the Zero Trust maturity stage of your organization and receive targeted milestone guidance, plus a curated list of resources and solutions to move forward in your comprehensive security posture.

How we help

Assess the organization

Define the attack surface and identify sensitive data, assets, applications, and services (DAAS) within this framework. Identify and audit every credential active within your organization and remove stale accounts more than 30 days unused, and review all privileges for risk and impact. Assess the organization’s current security toolset and identify any gaps within the infrastructure. Ensure that the most critical assets are given the highest level of protection within the security architecture.

Establish a variety of preventative measures

Leverage a variety of preventative measures to deter hackers and thwart their access in the event of a breach, including: Multifactor authentication: MFA, 2FA, or third-factor authentication, are essential to achieving Zero Trust. These controls provide another layer of verification to every user inside and outside the enterprise, and should be triggered by risk increases or anomalous traffic. Least privilege principles: Once the organization has determined where the sensitive data lives, grant users the least amount of access necessary for their roles. Review privileged accounts regularly, and assess if those elevated privileges are required as a user moves from group to group.

Create a directory of all assets and map the transaction flows

Determine where sensitive information lives and which users need access to it. Consider how various DAAS components interact and ensure compatibility in security access controls between these resources. Know how many service accounts you have and where they need to connect. Review all authentication protocols and remove/raise connection challenges on any outdated or weaker (LDAP, NTLM) systems (often local legacy systems). Get a list of all sanctioned cloud services and enforce access to only low-risk services. Consider removing stale accounts and enforce a mandatory password rotation.

Microsegmentation

Micro-perimeters act as border control within the system, identity/credential, and preventing any unauthorized lateral movement. The organization can segment based on user group, location or logically grouped applications.

Monitor the network continuously

Figure out where the anomalous activity is occurring and monitor all the surrounding activity. Inspect, analyze and log all traffic and data without interruption. Escalate and store authentication logs for anomalous or suspicious traffic and activity. Have a clear action plan for Service account and other critical resource behavior anomalies.