The path to Zero Trust requires Adaptive Risk and Trust Assessment. But traditional security solutions make binary block/allow decisions without context, leaving users susceptible to zero-day attacks and insider threats with compromised credentials.
ML and AI provide an essential capability that helps prevent these attacks by continuously evaluating user, network and asset behavior to deliver adaptive decisions and responses. This is the essence of CARTA.
Adaptive Assessments
The business world moves at a rapid pace and security teams must adapt or fall behind. In a world where new technologies are constantly being deployed, employees are bringing in their own devices and digital services are allowing people to work from anywhere at any time, the traditional approach to securing businesses just isn’t working.
To keep up with the pace of change, security professionals need to move beyond a block and allow mindset to one that is continuously learning from context and understanding risk at an individual level. To do this, they need an adaptive risk and trust assessment that can assess, detect, and respond to risks in real-time.
Gartner recently listed Continuous Adaptive Risk and Trust Assessment as one of their top strategic technology trends for 2019. It’s a security strategy that assumes all systems, users, devices and data are potentially hostile after authentication and only makes access decisions based on the context and behavior of a user, catching suspicious activity before it becomes malicious and responding quickly to mitigate risk.
Adaptive Responses
With more people working remotely, accessing the network through new devices and leveraging digital services that have no boundary, security risks continue to grow. As a result, traditional security solutions with black or white decisions are no longer sufficient. To avoid costly breaches that can harm the business and damage brand repute, organizations must adopt a continuous approach to risk and trust assessments.
The first CARTA imperative is to stop relying on static role-based access control (RBAC) solutions that provide yes/no access based on credentials only. These solutions don’t evaluate real-time data and fail to address employee mobility issues. They also leave the door wide open for zero-day attacks, insider threats or attack via compromised credentials.
Instead, a continuous approach to identity and access management (IAM) is needed to assess user behavior, determine what’s “normal” and identify and respond to anomalies in real time. This approach will allow for more accurate detection of malicious activities and better response to them, which is key to preventing breaches.
To support this, a continuous adaptive security framework is needed that adds context to IAM processes by combining RBAC with attribute-based access control (ABAC). This solution provides continuous, dynamic risk assessment of users and their devices by evaluating the attributes and behaviors of the device, user and network, rather than just focusing on credentials.
Adaptive Decisions
Adaptive decisions are informed by critical uncertainty, and can be modified over time as new data is gathered and analyzed. They take into account the risk tolerance of managers and can incorporate a range of options, including those that may not be successful. This enables the decision maker to evaluate cause-and-effect relationships and improve performance over time.
Unlike traditional block/allow security solutions, the CARTA approach allows for an adaptive, continuous, and dynamic assessment of trust and risk, correlating behaviors with context to understand what people are doing and only on that basis making security decisions. It does not depend on rules – which can be easily bypassed by attackers – but instead relies on machine learning to assess user, network and asset behavior and provide focused recommendations for the best path forward.
Adaptive Security
Adaptive security uses preventative processes like least privilege and zero trust network access (ZTNA) to reduce the attack surface and block all but the most severe threats. It also relies on adaptive, continuous assessment and response capabilities. This approach closes the gap between threat detection and incident resolution times, which is critical in today’s dynamic business environment.
The adaptive security model’s preventative layer helps businesses create products, services, and policies that thwart cyber attacks before they become threats. It also incorporates techniques such as continuous monitoring, threat intelligence capabilities, and predictive analysis to identify risks that would be missed by traditional prevention methods.
In contrast, legacy security solutions based on blocking and allowing only known users or devices are ineffective against modern threats that exploit multiple mechanisms. They aren’t able to evaluate real-time data or address the growing problem of employees connecting from home, work, or public WiFi networks to business assets via apps and cloud services. And if they don’t reevaluate permissions, it can take hours or even days for adversaries to gain access and start exploiting assets. Adaptive security addresses these issues by continuously vetting events, users, and systems to detect and stop attacks at the source.
