Sep 30 2021

To Prevent Ransomware Attacks, Understand the Zero-Trust Model

As more institutions adopt containers, cloud computing, and remote and mobile learning, traditional security architectures can no longer prevent ransomware attacks.

There’s no doubt that the higher education network security landscape has changed drastically over the past few years. Many universities and colleges were already embracing Software as a Service (SaaS), cloud infrastructure and remote learning when the pandemic threw it all into overdrive.

With the rise of remote endpoints and high-profile ransomware attacks, higher education institutions face more cybersecurity threats than ever before. Traditional network security models — which assume users and computing devices within the “trusted” network environment are free from compromise — cannot secure organizations.

Recognizing that the internal network is not more trustworthy than what lies outside the firewall, most higher education institutions provide segmentation between residential and guest networks and the institution’s core computing assets. Zero-trust security is the ultimate expression of this recognition.

Click the banner below to see CDW's roadmap for a multifaceted cybersecurity program.

What Is Zero-Trust Architecture?

Created by John Kindervag at Forrester Research and formally codified in recent guidance on the topic from the National Institute of Standards and Technology, zero-trust architecture recognizes that the point of infiltration is not necessarily the ultimate target. Once inside a network, threat actors tend to move laterally. Therefore, any implied trust that is based on network location is a vulnerability.

So how does one define a zero-trust architecture? It starts by defining a “protect surface.” This consists of the organization’s most critical data, assets, applications and services. The protect surface is typically much smaller — and more well-defined — than a traditional “attack surface.” It also recognizes that assets within a traditional attack surface could be attackers.

Click the banner below to get a free checklist on preventing and remediating zero-day exploits.

Exploring the Components of a Zero-Trust Architecture

Once the protect surface is defined, we can identify the traffic patterns representing normal usage. Defining users, applications and access methods is critical to building the network policies that create “microperimeters” around the protect surface.

To control access and prevent sensitive data exfiltration, it is also critical to use next-generation firewalls, especially when implementing granular Layer 7 policies.

Finally, adaptive monitoring is crucial for identifying new protect surfaces and refining policies over time.

MORE ON EDTECH: Establish a long-term security plan for remote staff and faculty.

Key Networking Capabilities Needed for Building a Zero-Trust Network

All in all, executing a zero-trust architecture requires some key networking capabilities. Here’s a summary of those capabilities and their functions:

  • Enhanced identity governance. You must be able to define users and their roles. According to the principle of least privilege, any entity that requests access to a network (or segment) should only have the minimum rights needed to achieve that entity’s work goals.
  • Microsegmentation. This method allows fine-grained policies to apply to each component of the protect surface.
  • Device agents or gateways. Device agents enforce policies on individual endpoints, as well as on collections of endpoints.
  • Resource portals. These can act as proxies for an individual resource or a secure enclave of related resources.
  • Device application sandboxing. Protect applications running on the host by testing potentially malicious code in virtual machines or containers that are in an isolated environment. This helps to prevent host-specific attacks.
  • Endpoint protection. This approach is a critical part of zero-trust deployment. Devices should be scanned for vulnerable or compromised software before being permitted to access protected resources.

DIVE DEEPER: Ransomware — to pay or not to pay?

Trusted Platform Modules and Ransomware Prevention

To prevent ransomware, enabling Trusted Platform Module (TPM) capabilities can further protect devices. This ensures that appropriate security features such as data execution prevention and disk encryption are in use. With TPM 2.0 and Windows 10 or later, it’s possible to use a mobile device management service to query device health — and use that information in the decision to grant or deny access to a protected resource.

Once assembled, a zero-trust architecture works to ensure that users, devices and network traffic are all verified and subjected to least-privilege rules when accessing trusted resources.

This way, compromised assets are limited in their scope and an attacker is prevented from moving laterally across the network. Zero-trust architectures, coupled with appropriate endpoint security and a rigorous backup and recovery discipline, can greatly mitigate ransomware and other risks.

Olivier Le Moal/ iStock/ Getty Images