Learn Core Concepts About Continuous Risk And Trust Assessment

The path to Zero Trust requires Continuous Risk and Trust Assessment. But traditional security solutions make binary block/allow decisions without context, leaving users susceptible to zero-day attacks and insider threats with compromised credentials. ML and AI provide an essential capability that helps prevent these attacks by continuously evaluating user, network and asset behavior to deliver adaptive decisions and responses. This is the essence of CARTA.

Adaptive Assessments

The business world moves at a rapid pace and security teams must adapt or fall behind. In a world where new technologies are constantly being deployed, employees are bringing in their own devices and digital services are allowing people to work from anywhere at any time, the traditional approach to securing businesses just isn’t working.

To keep up with the pace of change, security professionals need to move beyond a block and allow mindset to one that is continuously learning from context and understanding risk at an individual level. To do this, they need an Continuous Risk and Trust Assessment that can assess, detect, and respond to risks in real-time.

Gartner recently listed Continuous Adaptive Risk and Trust Assessment as one of their top strategic technology trends for 2019. It’s a security strategy that assumes all systems, users, devices and data are potentially hostile after authentication and only makes access decisions based on the context and behavior of a user, catching suspicious activity before it becomes malicious and responding quickly to mitigate risk. As an adapted form of zero trust, CARTA offers a comprehensive and efficient way to manage risk for an organization while also aligning security with the business. It does this by combining the NIST Cybersecurity Framework (RMF) with an adaptive, Continuous Risk and Trust Assessment to enable organizations to proactively identify, evaluate, and mitigate risks.

Adaptive Responses

With more people working remotely, accessing the network through new devices and leveraging digital services that have no boundary, security risks continue to grow. As a result, traditional security solutions with black or white decisions are no longer sufficient. To avoid costly breaches that can harm the business and damage brand repute, organizations must adopt a Continuous Risk and Trust Assessment.

The first CARTA imperative is to stop relying on static role-based access control (RBAC) solutions that provide yes/no access based on credentials only. These solutions don’t evaluate real-time data and fail to address employee mobility issues. They also leave the door wide open for zero-day attacks, insider threats or attack via compromised credentials.

Instead, a continuous approach to identity and access management (IAM) is needed to assess user behavior, determine what’s “normal” and identify and respond to anomalies in real time. This approach will allow for more accurate detection of malicious activities and better response to them, which is key to preventing breaches.

To support this, a continuous adaptive security framework is needed that adds context to IAM processes by combining RBAC with attribute-based access control (ABAC). This solution provides continuous, dynamic risk assessment of users and their devices by evaluating the attributes and behaviors of the device, user and network, rather than just focusing on credentials.

Adaptive Decisions

Adaptive decisions are informed by critical uncertainty, and can be modified over time as new data is gathered and analyzed. They take into account the risk tolerance of managers and can incorporate a range of options, including those that may not be successful. This enables the decision maker to evaluate cause-and-effect relationships and improve performance over time.

Unlike traditional block/allow security solutions, the CARTA approach allows for an adaptive, continuous, and dynamic assessment of trust and risk, correlating behaviors with context to understand what people are doing and only on that basis making security decisions. It does not depend on rules – which can be easily bypassed by attackers – but instead relies on machine learning to assess user, network and asset behavior and provide focused recommendations for the best path forward.

The DT school of adaptive management is often associated with managing large, natural systems like the Everglades, Great Barrier Reef or Columbia River Basin and is applied to a range of environmental issues such as climate change, endangered species and water quality. But the principles of the ADMP are applicable to any organization seeking to make better use of data and information in the context of risk and trust. In fact, it is an important complement to the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). The RMF focuses on governance, compliance and controls, while CARTA addresses risk-based decision making and risk identification and mitigation.

Adaptive Security

Adaptive security uses preventative processes like least privilege and zero trust network access (ZTNA) to reduce the attack surface and block all but the most severe threats. It also relies on adaptive, Continuous Risk and Trust Assessment and response capabilities. This approach closes the gap between threat detection and incident resolution times, which is critical in today’s dynamic business environment.

As a result, adaptive security can effectively mitigate high-impact, sophisticated cyberattacks that target a wide variety of industries. Moreover, it can help reduce the time from initial intrusion to data breach to minutes or even seconds.

In contrast, legacy security solutions based on blocking and allowing only known users or devices are ineffective against modern threats that exploit multiple mechanisms. They aren’t able to evaluate real-time data or address the growing problem of employees connecting from home, work, or public WiFi networks to business assets via apps and cloud services. And if they don’t reevaluate permissions, it can take hours or even days for adversaries to gain access and start exploiting assets. Adaptive security addresses these issues by continuously vetting events, users, and systems to detect and stop attacks at the source.

0 Kudos


Displaying 0 of 0 comments ( View all | Add Comment )