Zero trust, MDR add strength to cybersecurity efforts

ROME, N.Y. — This spring, the Cybersecurity and Infrastructure Security Agency (CISA) released recommendations regarding zero trust, an approach to cybersecurity that limits access to data, networks, and infrastructure to only what is minimally required. On top of that, the legitimacy of user access must be continuously verified. The approach is a tool businesses may […]

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

ROME, N.Y. — This spring, the Cybersecurity and Infrastructure Security Agency (CISA) released recommendations regarding zero trust, an approach to cybersecurity that limits access to data, networks, and infrastructure to only what is minimally required. On top of that, the legitimacy of user access must be continuously verified.

The approach is a tool businesses may want to consider adding to their cybersecurity arsenal to further protect sensitive information, says Michael Polce, CEO of M.A. Polce in Rome.

“Zero trust has got a lot of steam right now,” he says, adding that it puts more checks and balances into a security system. Those checkpoints create more opportunity to stop “bad actors” from accessing the system, Polce notes.

While it may seem burdensome to have to authenticate user presence each time a new area is accessed, “zero trust is trying to make security easier, if it’s done correctly,” M.A. Polce’s chief architect Nick Polce says.

Under the Zero Trust Maturity Model version 2 released by CISA, zero trust (ZT) is not a new idea, but recent more advanced and persistent cyberattacks have renewed interest in implementing ZT architectures.

“Under ZT, access to an information resource (data, applications, and services) is allowed for a specified period of time with the least possible privileges,” the model reads. “Authorization decisions are made through continuous evaluation of the user privilege and the device health as well as other contextual information. Resources and infrastructure are monitored actively to assess the current state of security for continuous diagnostics and mitigation.”

“While applicable to federal civilian agencies, all organizations will find this model beneficial to review and use to implement their own architecture,” CISA Technical Director for Cybersecurity Chris Butera said in a press release announcing the model.

Another cybersecurity element, one that pairs well with zero trust, is managed detection and response (MDR), Nick Polce says.

Most computer users are familiar with endpoint detection response (EDR), mainly in the form of anti-virus programs, he says. Those systems operate at the end-user level on individual machines.

MDR differs in that it operates on a global level across the entire system — generally in the background where users don’t even notice it — and it provides around-the-clock monitoring for security breaches paired with nearly instantaneous response to those breaches, he says.

Without giving the name, Polce said there was a recent case with a local business that operates four locations and has about 300 endpoints across its network. “It’s a topnotch environment, configured well,” he notes.

But it still was the target of a cyberattack where bad actors identified an access point into the network, where they then added an administrator account. “Within that same minute, an actual analyst began to triage the event,” Polce says.

Within two minutes, the situation was escalated to a senior-level analyst and in about eight total minutes, the attack was shut down. Impact was limited to just two machines, which were isolated from the network.

“We had them complete remediated within two hours,” Polce says.

Ultimately, he says, cybersecurity must be a layered approach with both zero trust and MDR something businesses should consider adding to their layers.

Traci DeLore: