In a previous blog post, I discussed the different applications of integrity for Zero Trust and provided four use cases highlighting integrity in action. The reality is that many organizations can’t realize any of this on their own. But they don’t need to. They can work with a company like Tripwire as a partner on their Zero Trust journey.
Let’s explore how they can do this below.
Begin with a Baseline
Security teams can begin their Zero Trust journeys by establishing a baseline of integrity. Infosec personnel need a trusted state of their employer’s systems and information to understand the security, compliance, and operational state of their employer’s assets over time. Only if they establish a “single source of truth” can they monitor for low-priority, routine changes as well as events that could signify a security incident. These include the addition of unrecognized binaries and the alteration of access privileges on critical files.
With this continuous monitoring capability, the integrity platform also becomes critical to successful prevention and detection within a Zero Trust environment. In that sense, integrity management doesn’t just serve as the foundation for Zero Trust Architecture (ZTA). It also serves as the ultimate backstop should attackers get in, as these threat actors need to make a change to perform their malicious activity sooner or later.
Ensure Zero Trust Over Time
Once they have an integrity-based Zero Trust program in place, organizations can then continuously revalidate the trustworthiness of systems and information using security tools such as those offered by Tripwire. They can turn to four solutions in particular. Those are security configuration assessment, policy compliance, vulnerability assessment, and integrity monitoring.
Security Configuration Assessment
Security teams need to trust that their employer’s information and data is configured to a secure baseline that aligns with policy. This can help to ensure that the Trust Policy Engine makes appropriate risk-based decisions for connection requests to different business assets. Towards that end, Tripwire Enterprise provides a combination of platforms and policies for organizations to determine how their assets are configured. This assessment of security policy is available for integration via APIs and apps connected to Tripwire Enterprise. Simultaneously, Tripwire Configuration Manager provides assessment of cloud infrastructure such as cloud accounts, storage, and SaaS solutions, thereby allowing for Zero Trust to extend beyond on-premises assets.
Security teams don’t just need to worry about protecting their employer’s assets against digital threats. They also need to make sure they fulfill any relevant compliance obligations that cover some or all of their systems and data. Tripwire Enterprise can provide compliance assessment results to inform trust policy decision making, as well as satisfy auditor requirements. Where it can be difficult to assign a static asset scope to a compliance requirement, Zero Trust using compliance results from Tripwire can provide assurance that all entities involved in a particular system are compliant.
An important part of Zero Trust is evaluating risk, such as software vulnerabilities. Indeed, a Zero Trust policy might specify that assets with vulnerabilities providing remote privilege access should not be able to connect to specific data sets, for instance. It might also specify vulnerability score thresholds for access to specific sets of resources.
These functions emphasize the need for infosec personnel to assess their employer’s infrastructure for known vulnerabilities. With that said, Tripwire IP360 provides both agent-less and agent-based vulnerability assessment across a variety of asset types including servers, workstations, network devices, containers, and cloud workloads. Those tests yield visibility into vulnerabilities affecting the operating systems and applications on those devices, and they provide results in a robust REST API that apply to both access requesters and ZTA resources such as Network Access Control (NAC) and Privileged Access Management (PAM) platforms.
Finally, security teams need to close any gaps left over from their security configuration assessments, policy compliance initiatives, and vulnerability assessments. Otherwise, an attacker could exploit undetected or unremediated vulnerabilities and abuse them to gain access to an organization’s network. That’s why it’s not enough for security teams to implement these solutions and other solutions once and leave them alone after that. They need to bring in integrity monitoring to spot potential deviations. In the example of security configuration, for instance, that would mean establishing a baseline configuration and then monitoring that configuration for changes. This can help security teams to identify and address risk proactively before the Trust Policy Engine needs to make a decision about access. It can also help to spot changes in the configuration of the Zero Trust policy, the Trust Policy Engine, and any of the other supporting components themselves.
No Integrity Means No Zero Trust
Ultimately, there’s no Zero Trust without integrity. Security teams need to use this realization to get Zero Trust right the first time and to continue getting it right from there.
To learn more about how Tripwire can help, download this whitepaper: https://www.tripwire.com/misc/a-tripwire-zero-trust-reference-architecture.