Zero Trust: the cybersecurity approach recommended by the NSA

The US National Security Agency (NSA) announced the publication of a guide for members of the cybersecurity community to learn the best techniques for protecting business networks and sensitive data with the implementation of a model dubbed as Zero Trust. This complex guide details the benefits that adopting this set of tactics might pose to system administrators today.

The adoption of the Zero Trust model is based on the premise that a security incident has occurred or that its occurrence is inevitable, so it proceeds to eliminate trust in systems, nodes and services, as well as implement continuous verification through information collected in real time. The NSA mentions that Zero Trust will allow system administrators to limit access and control how devices and users interact with information, mitigating the risk of credential abuse, remote exploitation, or internal threats.

In its message, the Agency adds that “systems operating with Zero Trust will have better methods to address detected threats, although the transition process to this new approach must be carried out with great care and planning.”

This approach requires proactive system monitoring and management, advanced defensive capabilities, and assuming that critical resource requests can be malicious and accept as real all risks associated with critical resources for prompt incident response: “With Zero Trust, every user, application, device, and data flow is considered ‘untrusted’, so access is denied by default, resources are protected and operated on the assumption that they could have been compromised,” says the NSA.

The NSA concludes by mentioning that zero trust adoption involves defining mission outcomes, protecting data, assets, applications, and services, and securing paths, determining who needs access to these resources, creating control policies, and constantly searching for suspicious activity through complete system-wide visibility. The NSA also explains that implementing Zero Trust takes time and effort, and that additional capabilities are required to transition to a full Zero Trust architecture.

The adoption of Zero Trust would allow system administrators to stop malicious activities as soon as they are registered, blocking the malware’s ability to spread across the compromised network and mitigate the risks associated with the attack. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.