Building blocks of a successful Zero Trust – An African perspective
A Zero Trust approach should be the standard approach used to mitigate and safeguard against cyber-attacks. Cyber-attacks are inevitable and can happen from outside or from within the organisation. All users and devices should be treated as potential threats until identified and verified.
During the “Building blocks of a successful Zero Trust: An African Perspective” webinar all speakers agreed that security should never be an afterthought and that security is a business enabler and not a blocker. Filipe Galvao, Enterprise Sales Manager at Beyond Trust reiterated that no one should be trusted: “trust no one and authenticate everybody.” He said Zero Trust covers a vast ray of components that could form a complete security solution.
He also added that when it comes to Zero Trust there is no such thing as one glove fits all. The speakers also agreed that Privilege Access Management (PAM) is essential for any organisation that wants to achieve a successful Zero Trust.
Not only does PAM minimise the potential of a breach and it also helps limit the extent of the breach should it happen.
Brian Chappell, Chief Security Strategist at Beyond Trust stated that Zero Trust is a journey and not something you can achieve at once, he cautioned organisations not to get overwhelmed by the scope of thousands of applications but to get their basics right.
Chappell further emphasised that cyberattacks have been around and they seem to be here to stay, therefore companies should get to the bottom of vulnerabilities and have more control. “When attackers get access to the network, the first thing they look at is privileged accounts.
The more control we have in that space the more an attack can be stopped. Attacks have been growing since 1981 when I first picked up my first computer. We all know that it's not if it's when an attack happens and that is absolutely true - if you think you have never been hacked yet, you probably got lucky and they could not find anything useful,” he said.
Many companies have seen the benefit of bringing an ethical hacker into the security aspect to prevent the exploitation and vulnerabilities of their system’s data. Ethical hackers follow the adversary emulation process to test a network's resilience against advanced attackers or advanced persistent threats (APTs). Working together with the company's defence team to strengthen security, they look at misconfiguration security flaws and document all their findings.
This was an insightful and interesting webinar packed with powerful knowledge from an experienced ethical hacker, Sikhululwe Khashane.
Those who were part of the webinar were privileged to get first-hand information. “Applications should be tested, we need to also check if we can compromise the user's password and that data is protected and encrypted. We need to check for any weakness when it comes to identity,” he said. He also highlighted the importance of password hygiene and password management as being key in terms of identity. “The first thing that an attacker will do is to get initial access into the environment, this is done through credential harvesting tactics and techniques of stealing passwords,” added Sikhululwe. In conclusion, Galvao added that when it comes to Zero Trust as a continent - a lot still needs to be done, and we need to do a lot more educating and raising awareness.
Sikhululwe further explained that even though IAM and PAM give you access to the environment we need to look at other controls when implementing zero trust end-to-end.
Let BeyondTrust help you achieve Zero Trust - where are you in your Zero Trust journey and what are some of the challenges you have experienced?
We would love to hear from you, visit our website here: https://www.beyondtrust.com/
#BeyondTrust #IAM #ZeroTrust #PAM