The Role of Security Analytics in a Zero Trust Environment

Trust but verify, the old Russian proverb advises us. And while this once could have been the maxim for IT security, organizations are increasingly embracing the zero trust approach to keeping their systems and data safe.

The term “zero trust” was coined in 2009 by Forrester as a new model of information security. This concept upends the old “castle-and-moat” mentality that focused on defending the perimeter against attackers, while assuming anything already on the inside was safe and cleared for access.

Zero Trust as a Defense Against External Cyberattacks and Insider Threats

The Zero Trust model centers on the belief that organizations should not trust anything either inside or outside the perimeter. Instead, the zero trust model stresses that everything and everyone attempting to connect to systems must be verified before granting access. As stated in the October 2018 Forrester report Five Steps To A Zero Trust Network, “a Zero Trust (ZT) architecture abolishes the idea of a trusted network inside a defined corporate perimeter.”

The focus on external threats at the expense of insider threats proved to be a flawed concept. According to the 2019 Verizon Data Breach Investigations Report, 34% of data breaches involve internal actors. Meanwhile, Cybersecurity Insiders’ 2019 Insider Threat Report revealed that 53% of organizations suffered an insider attack over the previous 12 months.

By now we’re all keenly aware of the costs that cyberattacks and malicious insiders can inflict on organizations.  Even so, the numbers can still seem staggering. One estimate pegs the cost of worldwide cybercrime at $600 billion a year.

And keep in mind, these exorbitant figures come despite companies spending more and more on cyber defense. IDC estimates that businesses will spend $101.6 billion on cybersecurity in 2020. That’s up 38% from 2016.

Zero Trust and the Borderless IT World

What this means is that the perimeter is porous. Attacks are getting through the network perimeter. Even when they’re contained, other security incidents are originating from the inside. But there are other access control factors in play in this new borderless IT environment.

Many companies no longer have corporate data centers serving a contained network of systems. Instead, the trend is toward having some applications on-premises and some in the cloud. Meanwhile, users access applications through a range of devices and from multiple locations.

To put the scale of this digital transformation into perspective: 90% of companies will move to a hybrid cloud infrastructure by 2020, according to Gartner. Except for unique circumstances, the monolithic on-premises environment is becoming a footnote in IT history –  as  are the cybersecurity models that once protected such environments.

The Gurucul Zero Trust Approach

Here at Gurucul we believe in detecting and stopping malicious behavior from wherever it occurs, whether it’s by external cyberattacks or malicious insiders. Our security analytics platform leverages big data and more than 1,800 machine learning models to predict, detect and prevent insider threats, access abuse and cyber fraud.

When it comes to zero trust, we align with the five step process outlined by Forrester, the originators of the zero trust concept. In their 2018 report Five Steps To A Zero Trust Network, Forrester lists step four as “Continuously Monitor Your Zero Trust Ecosystem With Security Analytics.” Step five is “Embrace Security Automation And Orchestration.” Here’s how Gurucul can help you achieve both steps:

Continuously Monitor Your Zero Trust Ecosystem with Security Analytics

In a zero trust environment you must be able to monitor your entire IT environment for signs of malicious activity. You likely have a SIEM solution, along with CRM, IAM, IGA, PAM and possibly a whole lot more data sources. But these disparate applications often operate in silos. They provide different types of security information that sometimes even conflict with one another. Our security analytics platform, Gurucul Risk Analytics (GRA), can aggregate data from all those sources to give you a 360-degree view of your users’ and entities’ behavior.

We generate a unified risk score for every user and entity in your organization across all applications and devices. That lets you focus on the biggest risks to sensitive data in your environment. And, it keeps you from fruitlessly chasing the false positives generated by conventional security tools.

To achieve zero trust, you also need a security analytics solution that can operate in your particular IT ecosystem. Whether you have a cloud, on premise, or hybrid infrastructure, Gurucul has a deployment option for you:

  • Appliances – pre-loaded, ready to provision on-premise
  • Virtual machine images – provisioned on existing servers or private cloud
  • Cloud-based – with connectors for popular SaaS apps
  • Bare-metal – deployed on existing hardware leveraging your data lake
  • As a managed security service – with 24/7 service and support

You can be assured that even if you migrate to a hybrid or cloud infrastructure in the future, our GRA platform can transition with you.

Embrace Security Automation and Orchestration

Many cybersecurity teams still use manual processes to intervene when security threats pop up. But manual security operations slow the response time to cyberattacks. That gives attackers more time to steal data and inflict damage. A zero trust environment embraces automated security operations.

To stay ahead of security threats as they happen, you can’t be burdened with manual operations. Your security staff could never have enough time to sift through all the alerts generated by SIEM systems and similar tools. That’s why our GRA platform provides real-time risk prioritized alerts for incident analysis. Dynamic risk scores can trigger an automated risk-response workflow. That lets you automatically neutralize legitimate threats as they occur. It simultaneously boosts the productivity of your IT security staff by allowing them to focus on strategic initiatives rather than inefficient manual response intervention.

Gurucul’s Behavior Analytics and Model Driven Security relies on algorithms and analytics to change controls on demand, rather than having human staff intervene after a security incident has already occurred.   You need to be able to move at machine speed to counter advanced cyber threats. Our model driven security provides the machine-based reaction time that’s critical for containing emerging threats.

Our machine learning-based behavior analytics extract context from big data. There’s no reliance on the rudimentary rules-based security controls favored by solutions like SIEM systems. With this capability you gain continuous monitoring of user behavior to dynamically adapt risk scores for real-time responses to anomalies.

Learn More About Zero Trust

The zero trust security model is in vogue and the term is being adopted by all manners of security vendors, whether it truly applies to them or not. At Gurucul, we’ve embraced the zero trust concept since our founding in 2010. We invite you to schedule a demo to see our security analytics platform in practice. Learn how we can protect you from new and emerging cyber threats, regardless of where they originate.

Watch our Webinar

Watch the Zero Trust Security Webinar for an expert analysis on the unique role that security analytics and security automation plays in achieving a genuine zero trust environment.

Webinar on Demand: Security Analytics Makes Zero Trust Possible