If there’s an area where Zero Trust methodology can be a great help, it’s in the potential use of endpoint folders. As cybercriminals get more sophisticated about modifying malicious files to make sure they aren’t detected, it’s important to note the ways to truly impact this type of malware through Zero Trust.
First, a little explanation on the three types of files most people use that are affected by malware: executables, scripts and DLL, or dynamic link libraries. You don’t want executables to launch in the first place, or for scripts and DLL to load.
A solution to this would add a deterministic control for files that try to get past detection systems, and these commonly use digital signatures. This way, it’s a zero-trust application where only the files that can show they’re trustworthy get loaded or launched.
Bringing simplicity and focus to security
While application control tools can restrict launches and loads, many cannot control what happens after they are launched. That means that app controls then restrict all launches for an endpoint, instead of just the ones for high-risk folders. There’s more risk of disruption and a greater strain on resources with app controls as well, since the policy lists for allowing apps are anywhere from 100 to 1000 times as large as other systems.
To that end, AppGuard provides a great solution with a more simple and focused framework that places launch controls only on high-risk folders. Digital signatures from your system’s trusted publishers are the key to making allowance policies work more efficiently.
Let’s say an app in an endpoint folder does get taken by a cybercriminal. If that happens, AppGuard applies a containment control, either per application, publisher or folder. If a system for inter-office communication gets hijacked, for instance, AppGuard will not allow it to alter or add files into its system. This means there can be fewer controls in place right from installation.
Layered protection is needed for the greatest security, in endpoint folders and beyond. AppGuard provides this so that when an app, folder or object is actually malware, it is submitted to isolation rules that protect the contents of selected folders from the rest of the system.
Implementing Zero Trust at your business
Putting Zero Trust in place does take a solid plan to ensure that breachers are prevented in the most effective way possible. Security Magazine notes that there are three stages to Zero Trust implementation.
First stage: Make sure you have a unified identify and access management system, or IAM. It reduces potential attack points by making sure all users are in a central directory.
Second stage: Track the behavior of your users through contextual access policies and through automated provisioning as users potentially move around the company.
Third stage: Continue to monitor users’ context for usage and behavioral patterns through adaptive measures that are built into the Zero Trust methodology.
If you want to learn more about AppGuard and how it can help, we have several webinars on tap to demonstrate it and provide more details on implementation and use for any type of business. Go to our Calendly site to see dates and times.
Tags:
July 5, 2022
Comments