Title: The Crucial Role of Behavioral Understanding in Elevating IT and OT Zero-Trust Strategies
Marcus Fowler, serving as the CEO of Darktrace Federal and SVP of Strategic Engagements and Threats, spearheads the operations at Darktrace. The concept of Zero Trust (ZT) has been around, long before NIST gave it a formal definition as "a set of evolving cybersecurity paradigms." This notion shifts security focus from fixed, network-based barriers to users, assets, and resources.
In essence, the ZT approach is about "never trust, always verify" when accessing an IT environment or any given system component. Keystones of this robust access control and authentication, network segmentation, and least privilege policies are integral to this philosophy.
Over the past five years, ZT has transformed from a best practice to a cybersecurity program core component. The Department of Defense (DoD) led this transition, highlighting the necessary organizational and process shifts that help tackling emerging threats by refining security tactics beyond perimeter monitoring.
The DoD's ZT framework encompasses seven main pillars, namely users, devices, applications and workloads, data, network and environment, automation and orchestration, and visibility and analytics. Each pillar has a list of controls, empowering the creation of successful ZT architectures.
Organizations now wrestle with monitoring an ever-growing mass of entities across multiple locations, seeking access to vital information and essential functions. Without a clearly defined perimeter, classic ZT tenets are frequently sidestepped or compromised, inviting threat actors to seep through vulnerabilities and escalate privileged access.
Increasingly, sophisticated threats like the "North Korean fake IT worker scheme" demonstrate the vulnerability of various industries to infiltration. AI-driven adversaries will exploit these insider threats with unprecedented speed and stealth, necessitating an evolution in traditional ZT techniques. Instead of solely relying on 'never trust, always verify,' organizations should incorporate continuous monitoring to provide a vital third dimension: 'never trust, always verify, while continuously monitoring.'
Zero Trust's Achilles Heel: Insider Threats and the Strongest Argument for 'Behavioral Zero Trust'
At a high level, ZT safeguards organizations by continuously verifying users and devices attempting to access crucial business systems, services, and information. While this architecture and policy enforcement methods minimize external threats, they do not fully protect against malicious insider activity.
The ZT principle of 'least access' works to some extent in mitigating incidents of insider threats or supply chain compromise. However, infamous incidents, such as those involving Edward Snowden and the more recent one featuring Jack Teixeira, have demonstrated that malicious actors can still inflict significant damage within their approved and authenticated boundaries.
To address this, organizations must expand their strategy and implement behavioral understanding as a critical component in all ZT approaches.
The DoD's ZT visibility and analytics pillar does outline the significance of user and entity behavior analytics. Utilizing log data to detect abnormal behavior on networks is crucial. However, behavior analysis must evolve beyond static baselines and historical data profiling to gain a real-time, continuous understanding and situational awareness of normal activity.
To successfully implement a behavioral ZT posture, organizations require technology capable of understanding intricate patterns, behaviors, and access areas associated with specific users or devices. This technology must consistently monitor such activities at the most granular level to detect any deviations from standard behavior.
AI: The Ultimate Behavioral Zero Trust Partner Technology
AI is the perfect behavioral ZT partner technology since it relies on no one or nothing. By building a granular understanding of the complex patterns, behaviors, and access areas connected to specific users or devices, it can identify changes in 'trusted' activity with the aid of specific AI techniques like unsupervised machine learning.
This insight enables security teams to automate precise real-time threat contingency responses, allowing them to combat anomalous activity without disrupting normal business operations. This type of AI adaptation continuously learns from its environment, keeping security teams ahead in the ever-shifting threat landscape.
Change may not occur instantaneously, and transitioning to a behavioral ZT framework is no exception. As Randy Resnick, Director of the DoD's Zero Trust Portfolio Management Office, mentioned, implementing such policies requires "supporting effort" and a "culture change" throughout an organization. Successful ZT implementation typically requires a three-month learning curve, leaving organizations with minimal room to delay their security advancements in the face of rising threats.
It has become crucial for organizations to act now and incorporate behavioral understanding and autonomous detection and response as vital elements of their cyber defense strategies, building upon foundational ZT frameworks.
Marcus Fowler, with his role as CEO of Darktrace Federal and SVP of Strategic Engagements and Threats, is instrumental in implementing Zero Trust (ZT) strategies at Darktrace. Recognizing the importance of behavioral analysis in addressing insider threats, Fowler might advocate for the integration of advanced AI technologies to enhance Darktrace's ZT framework.
In the pursuit of a robust behavioral ZT approach, Darktrace under Marcus Fowler's leadership could explore the potential of AI-driven technologies to continuously monitor user and device behavior, providing an additional layer of security beyond traditional 'never trust, always verify' principles.
