The concept of zero trust and Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA) are currently two of the most important topics being discussed in the cybersecurity world. If you were at Black Hat last week you were probably hard-pressed to find a speaking event or find a booth without zero trust plastered all over it.
First, what is zero trust?
“Trust Is the Bidirectional Belief Established Between Two Entities That the Other Entity Is What It Claims to Be and That It Will Behave in Expected Ways During the Duration of the Interaction. Trust Leads to Access to Capabilities Between the Entities That Otherwise Should Not Be Possible” -- Neil MacDonald (Gartner)
CARTA and the newest Gartner technology approach, zero trust network access (ZTNA), are quickly gaining traction within enterprise IT teams - especially those that subscribe to Gartner’s security architecture. It is the next iteration of the Gartner Adaptive Security Architecture from 2014. Here, zero trust is the starting point and one of the key pillars of CARTA, as explained below:
- Security should always begin with zero trust
- Access should be based on context, for example, the identity of the user, the device being used, etc.
- Monitoring should be on an ongoing basis to assess risk; access is adaptive and varies based on context
Email security’s role in defense in depth
Cybersecurity is not just at the point of initiation. It is a dynamic entity that must be flexible enough to extend to a perimeter that can evolve over time.
From an email security perspective, today’s social engineering attacks bypass traditional anti-phishing solutions because such attacks can successfully hide any indicators of compromise, making it all too easy for recipients to accept and open them. That’s why cybercriminals leverage social engineering techniques to deceive virtually anyone, but most often prey on the weakest links – busy and vulnerable employees who are not focused on security in their jobs.
“Email is not designed to truly authenticate sender identity. Efforts like DMARC to authenticate domains are not granular enough to authenticate users and do not address all attack types.” - Gartner, Fighting Phishing - 20202 Foresight
Applying zero trust, CARTA to email security:
- There is no such thing as 100% prevention and authentication, always assume the phish
- Phishing risk and trust are dynamic and not static, and needs continuous assessment (who is sending me what?)
- Move detection from the gateway to the mailbox with an adaptive, contextual inside out approach
- Continuously detect, investigate and prioritize risk and trust in real time — reactively and proactively.
- Use analytics, AI, automation, and orchestration to detect, triage and respond faster
An email security best practice is to always assume one control will fail and as such, have another prepared to cover for it. IRONSCALES has built the world’s first fully automated and multi-layered anti-phishing platform to detect, prevent and respond to phishing attacks at any stage (pre and post-delivery) in the form of rapid incident response. The IRONSCALES platform combines human centric detection, mailbox-level anomaly detection, decentralized real-time threat detection and AI-powered incident response inside of an automated, adaptive and repeatable workflow.
See what other security professionals had to say about zero trust at this year’s Black Hat Las Vegas 2019. Watch David Spark interview Black Hat attendees for his CISO Security Vendor Relationship Series.