The COVID-19 pandemic has not impacted the adoption of zero trust technology globally, a Pulse Secure report reveals. In fact, 60% of organizations said they have accelerated zero trust implementation during the pandemic.
The report surveyed more than 250 technology professionals. The newly published report examines how enterprises are moving forward with zero trust networking initiatives, where they’re being successful in doing so and how COVID-19 has affected the forward movement of those projects.
Formalized zero trust projects putting orgs ahead of the DX curve
The research found that the main difference between those who were successful in moving their zero trust initiatives forward were those that started out with formalized zero trust projects.
Those that had dedicated budgets and formal initiatives (69%) were far more likely to continue accelerating those projects throughout the pandemic, while those that had ad hoc zero trust projects were more likely to stall progress or stop entirely.
“The global pandemic has had some profound effects on the enterprise – with remote working being rolled out on an unprecedented scale, increased leverage of cloud resources and applications, and the transition to greater workplace flexibility,” said Scott Gordon, CMO at Pulse Secure.
“The findings indicate that organizations that advance their initiatives and planning towards zero trust process and technology implementation will be ahead of the digital transformation curve and much more resilient to threats and crises.”
The research went further into enterprises’ efforts to bring about zero trust networking in their environments. 85% of respondents have defined zero trust initiatives. However, 42% have received added budget for their projects. The projects that did receive added budget were more likely to persist through the pandemic.
Enterprises were overwhelmingly positive about their success in pursuing zero trust networking, with 94% indicating degrees of success; 50% labeled their efforts as successful and 44% of respondents indicating somewhat successful.
Bringing together security and networking teams
Dedicated zero trust projects tend to be interdisciplinary, bringing together security and networking teams. In 45% of such projects, security and networking teams have a zero trust partnership in which they formally share tools and processes. In 50% of cases, enterprises created a taskforce from both teams to pursue zero trust.
The three primary ways in which they collaborated were by coordinating access security controls across different systems (48%), assessing access security control requirements (41%) and defining access requirements according to user, role, data, and application (40%).
However, the survey found that collaboration is not without its own roadblocks. 85% of respondents in zero trust taskforces and partnerships found themselves struggling with cross-team skills gaps (33%), a lack of tools and processes that might facilitate collaboration (31%), and budget conflicts (31%).
“The survey shows that organizations that move forward with formal initiatives and budget are more likely to achieve implementation success and operational gain. We appreciate Pulse Secure’s support and sponsorship of this report that organizations can use to benchmark and progress their zero trust programs.”
Additional key findings
- Prime zero trust benefits: When asked what they consider to be the prime benefit of zero trust networks, IT operations agility (40%), improved governance risk and compliance (35%), breach prevention (34%), reducing the attack surface (31%), and unauthorized access mitigation (28%) ranked among the strongest responses.
- Hybrid IT remote access: Respondents are applying hybrid IT requirements to Secure Remote Access requirements within their zero trust network strategy, while 62% wanted cloud application access, half of enterprises access to public and private cloud resources and applications.
- IoT device exposures: Respondents discussed their position towards IoT devices which cannot be provided with the user identities on which zero trust is based and how they intend to create access policies for them. 36% said that devices would receive tailored access privileges based on function and characteristics; others said that all devices would receive a generic minimum level of access privileges (28%) and that untrusted devices would have limited network access with no access to high risk or compliance zones (23%).
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks.
“Most of the vulnerabilities […] can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access or for external web services, and should be prioritized for immediate patching,” the agency noted.
The list of vulnerabilities exploited by Chinese hackers
The list is as follows:
The vulnerability list they shared is likely not complete, as Chinese-sponsored actors may use other known and unknown vulnerabilities. All network defenders – but especially those working on securing critical systems in organizations on which US national security and defense are depending on – should consider patching these as a priority.
Mitigations are also available
If patching is not possible, the risk of exploitation for most of these can be lowered by implementing mitigations provided by the vendors. CISA also advises implementing general mitigations like:
- Disabling external management capabilities and setting up an out-of-band management network
- Blocking obsolete or unused protocols at the network edge and disabling them in device configurations
- Isolating Internet-facing services in a network DMZ to reduce the exposure of the internal network
- Enabling robust logging of Internet-facing services and monitoring the logs for signs of compromise
The agency also noted that the problem of data stolen or modified before a device has been patched cannot be solved only by patching, and that password changes and reviews of accounts are a good practice.
Additional “most exploited vulnerabilities” lists
Earlier this year, CISA released a list of old and new software vulnerabilities that are routinely exploited by foreign cyber actors and cyber criminals, the NSA and the Australian Signals Directorate released a list of web application vulnerabilities that are commonly exploited to install web shell malware, and Recorded Future published a list of ten software vulnerabilities most exploited by cybercriminals in 2019.
Admins and network defenders are encouraged to peruse them and patch those flaws as well.
The ongoing global pandemic that has led to massive levels of remote work and an increased use of hybrid IT systems is leading to greater insecurity and risk exposure for enterprises.
According to new data released by Cybersecurity Insiders, 72% of organizations experienced an increase in endpoint and IoT security incidents in the last year, while 56% anticipate their organization will likely be compromised due to an endpoint or IoT-originated attack with the next 12 months.
The comprehensive survey of 325 IT and cybersecurity decision makers in the US, conducted in September 2020, represented a balanced cross-section of organizations from financial services, healthcare and technology to government and energy.
IoT and enpoint security challenge
Alongside headline data that the majority experienced an endpoint and IoT security incident over the last 12 months, the top 3 issues were related to malware (78%), insecure network and remote access (61%), and compromised credentials (58%).
Perhaps more concerning was that 43% of respondents expressed “moderate to unlikely means to discover, identify, and respond to unknown, unmanaged, or insecure devices accessing network and cloud resources.”
“It is clear from this new research that the challenge of securing IoT and endpoints has escalated considerably as employees have been forced to work remotely while organizations try to rapidly adapt to the situation,” said Scott Gordon, CMO at Pulse Secure.
“The threat is real and growing. Yet, on a positive note, the survey shows that organizations are investing in key initiatives and adopting zero trust elements such as remote access device posture checking and Network Access Control (NAC) to address some of these issues.“
The negative impact of an endpoint or IoT security issue
The research found that 41% will implement or advance on-premise device security enforcement, 35% will advance their remote access devices posture checking, and 22% will advance their IoT device identification and monitoring capabilities.
For those that have been victim of an endpoint or IoT security issue, the most significant negative impact was a reported loss of user (55%) and IT (45%) productivity, followed by system downtime (42%).
Holger Schulze, CEO at Cybersecurity Insiders added, “The diversity of users, devices, networks, and threats continue to grow as enterprises take advantage of greater workforce mobility, workplace flexibility, and cloud computing opportunities.
“Not only do organizations need to ensure endpoints are secure and adhering to usage policy, but they must also manage appropriate IoT device access. New zero trust security controls can fortify dynamic device discovery, verification, tracking, remediation, and access enforcement.”
Additional key findings
- Respondents rated the biggest endpoint and IoT security challenges as #1 insufficient protection against the latest threats (49%), #2 high complexity of deployment and operations (47%), and #3 inability to enforce endpoint and IoT device access/usage policy (40%).
- Respondents rated the most critical capabilities required to mitigate endpoint and IoT security as #1 monitoring endpoint or IoT devices for malicious or anomalous activity (54%), #2 blocking or isolating unknown or at-risk endpoint and IoT devices’ network access (51%), and #3 blocking at-risk devices’ access to network or cloud resources (46%).
- When asked about anticipated investments to secure remote worker access and endpoint security technology, most organizations (61%) anticipate an increase, or significant increase, while few expect a decrease (6%).
Qualys unveils Multi-Vector EDR, a new approach to endpoint detection and response
Traditional EDR solutions singularly focus on endpoints’ malicious activities to hunt and investigate cyberattacks. Qualys’ multi-vector approach provides critical context and full visibility into the entire attack chain to provide a comprehensive, more automated and faster response to protect against attacks.
McAfee MVISION Cloud now maps threats to MITRE ATT&CK
With the introduction of ATT&CK into McAfee MVISION Cloud, there is no longer the need to manually sort and map incidents to a framework like ATT&CK or to learn and operationalize a separate framework for cloud threats and vulnerabilities, which can be cumbersome and time consuming – especially as cloud-native threats become more abundant.
Amazon Fraud Detector: Use machine learning in the fight against online fraud
Amazon Fraud Detector is a fully managed service that makes it easy to quickly identify potentially fraudulent online activities like online payment and identity fraud. With just a few clicks in the Amazon Fraud Detector console, customers can select a pre-built machine learning model template, upload historical event data, and create decision logic to assign outcomes to the predictions.
Veritas is unifying data protection, from the edge to core to cloud
Veritas Technologies introduced new innovations to its Enterprise Data Services Platform to help customers reduce risk, optimize cost, strengthen ransomware resiliency, and manage multi-cloud environments at scale. With the launch of NetBackup 8.3, Veritas empowers enterprise customers by improving the resiliency of their applications and infrastructure regardless of the context.
Sonrai Dig maps relationships between identities and data inside public clouds
Sonrai Security announced the Governance Automation Engine for Sonrai Dig, re-inventing how customers ensure security in AWS, Azure, Google Cloud and Kubernetes by automatically eliminating identity risks and reducing unwanted access to data.
Pulse Zero Trust Access simplifies management and mitigates cyber risks
Pulse Zero Trust Access simplifies access management with single-pane-of-glass visibility, end-to-end analytics, granular policies, automated provisioning, and advanced threat mitigation that empowers organizations to further optimize their increasingly mobile workforce and hybrid IT resources.
CyberStrong platform updates allow customers to dynamically manage their risk posture
The updates reinforce CyberSaint’s mission to enable organizations to manage cybersecurity as a business function by enabling agility, measurement, and automation across risk, compliance, audit, vendor, and governance functions for information security organizations.
Pulse Secure announced the launch of Pulse Zero Trust Access (PZTA), a cloud-based, multi-tenant secure access service that enables organizations to provide users easy, anywhere access to multi-cloud and data center applications with Zero Trust assurance.
PZTA simplifies access management with single-pane-of-glass visibility, end-to-end analytics, granular policies, automated provisioning, and advanced threat mitigation that empowers organizations to further optimize their increasingly mobile workforce and hybrid IT resources.
As enterprises advance workforce mobility and business digitization, users require access to on-premises and cloud applications from any device, from any location, and at any time. Meanwhile, cyberattacks, data breaches and compliance obligations have grown significantly, making trust and adaptive control critical.
Pulse Zero Trust Access offers users streamlined application access while allowing organizations to govern every request by automatically verifying identity, device and security posture before granting a direct, encrypted connection between that user’s device and applications residing in public clouds, private clouds or data centers.
“IT leaders are driving business transformation in the hybrid digital era while also defending assets during the ‘age of hyper-converged access’ – for any user, from any device, anywhere to any application, at any time. Pulse Zero Trust Access is designed for the elastic digital workplace, providing a unified, cloud-based service that enables greater accessibility, efficiency and risk reduction,” said Rohini Kasturi, chief product officer at Pulse Secure.
“From inception, Pulse Secure has focused on providing secure access solutions that enhance productivity, visibility and compliance as companies migrate to the cloud and take advantage of utility computing. PZTA exemplifies our on-going commitment to innovate while maximizing deployment flexibility, scale, interoperability and investment protection for companies of all sizes.”
Pulse Zero Trust Access is based on Pulse Secure’s new cloud-native, microservices-based, multi-tenant platform deployed globally in Microsoft Azure Cloud. The PZTA service consists of the Pulse ZTA Controller, which is hosted and managed by Pulse Secure, the virtual Pulse ZTA Gateway that customers deploy on-premises or in the cloud, and the unified Pulse ZTA Client which runs natively on each user’s Microsoft Windows, Apple macOS and iOS, and Google Android device.
Architecture, performance, data privacy and adaptive control advantages
According to the Gartner Zero Trust Network Access (ZTNA) market guide: “ZTNA improves the flexibility, agility and scalability of application access, enabling digital businesses to thrive without exposing internal applications directly to the internet, reducing risk of attack.” Further, “ZTNA augments traditional VPN technologies for application access, and removes the excessive trust once required to allow employees and partners to connect and collaborate. Security and risk management leaders should pilot ZTNA projects as part of a SASE [Secure Access Service Edge] strategy or to rapidly expand remote access.”
Pulse Zero Trust Access aligns with the Software Defined Perimeter (SDP) architecture of the Cloud Security Alliance, incorporating extensive identity and device authentication, separate control and data planes, centralized granular policy management, and micro-segmentation to thwart unauthorized access and attack propagation.
While every user device access requires explicit authentication and authorization by the Pulse Zero Trust Access service, the Pulse ZTA Gateways are deployed in the customer’s on-premise and cloud environment closest to the application or resource. This proximity optimizes user experience, reduces latency, and enables hybrid IT deployment at scale. Since encrypted application traffic only flows between the ZTA Clients and ZTA Gateways, customers gain full data privacy and data sovereignty.
PZTA governs each access request and session via a centrally deployed and managed policy. Building upon Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA) framework, PZTA augments contextual and identity-centric policies with built-in User and Entity Behavior Analytics (UEBA) whereby attributes for every session are monitored and assessed, applying proprietary risk scoring algorithms to identify non-compliant, malicious and anomalous activity, and take expedited threat mitigation actions.
“Our customers trust us to identify and deliver advanced solutions that enable their digital business and protect their valuable resources. Pulse Secure has been our key partner for many years as they offer one of the most versatile, integrated and scalable secure access solutions in the market. We jumped at the opportunity to test out their new Zero Trust Access cloud-based service and our teams have been impressed with its simplicity, manageability and overall feature-set, said Herve Rousseau, the chief executive officer at Openminded. “Pulse Zero Trust Access service does indeed offer users an easier means to access network and cloud applications while providing organizations greater hybrid IT access agility, oversight and management.”
Cloud-native, secure access solution
PZTA allows enterprises of any size to gain secure access with a cloud-native service that can be implemented in a matter of hours. The solution provides deployment flexibility and cohesive policy management for enterprises migrating applications from data center to cloud, while also offering comprehensive secure access capabilities to those organizations with pure multi-cloud environments.
This allows broad support for legacy applications and popular cloud apps such as those from Amazon, Atlassian, Box, Google, Microsoft, Oracle, Salesforce, SAP and Zoom.
PZTA can co-exist with Pulse Secure’s remote, mobile and network access solution portfolio including the Pulse Access Suite. Leveraging the unified, multi-tunnel Pulse ZTA Client, users can enjoy transparent, uninterrupted, and simultaneous access to applications and resources from their device of choice regardless of access method – SDP, VPN or NAC. Organizations gain implementation and operational efficiencies, investment protection and tool consolidation to realize lower overall cost of ownership.