4 best practices to implement a comprehensive Zero Trust security approach
Credit to Author: Emma Jones| Date: Thu, 17 Feb 2022 17:00:00 +0000
Today’s threat actors don’t see barriers, they see opportunities. As the old firewalls protecting the corporate network become obsolete amid the rush to adopt a hybrid workspace, implementing Zero Trust security has become an imperative across all sectors, both public and private. During this time of unprecedented change, Microsoft Security is committed to helping you be fearless in pursuing your vision for growth and success.
Because an effective Zero Trust approach needs to operate holistically across your complex digital estate, Microsoft Security solutions function as a unified whole to protect your people, data, and business. We’re uniquely positioned to simplify and strengthen security across your entire enterprise—even integrating easily with your existing third-party products. In this blog, we’ll look at four guidelines for implementing a comprehensive Zero Trust strategy that can help your organization continue to move forward confidently in these uncertain times.
Figure 1. Microsoft Zero Trust architecture.
1. Build Zero Trust with comprehensive coverage
Despite what the name implies, a Zero Trust approach empowers organizations to grant employees greater freedom across all data, apps, and infrastructure. In a recent Microsoft-commissioned study conducted by Forrester Consulting, The Total Economic Impact (TEI) of Zero Trust Solutions From Microsoft, the principal architect at a logistics firm described how Microsoft’s comprehensive Zero Trust implementation allowed them to create a bring your own device (BYOD) program for the company’s seasonal frontline workers, leading to efficiency gains. “Before, our seasonal workers would have to be paired with our full-time employees when [performing field visits]. But now, they can go out on their own.”
The interviewees said that “by implementing Zero Trust architecture, their organizations improved employee experience (EX) and increased productivity.” They also noted, “increased device performance and stability by managing all of their endpoints with Microsoft Endpoint Manager.” This had a bonus effect of reducing the number of agents installed on a user’s device, thereby increasing device stability and performance. “For some organizations, this can reduce boot times from 30 minutes to less than a minute,” the study states. Moreover, shifting to Zero Trust moved the burden of security away from users. Implementing single sign-on (SSO), multifactor authentication (MFA), leveraging passwordless authentication, and eliminating VPN clients all further reduced friction and improved user productivity.
Figure 2. Microsoft Zero Trust solutions and capabilities.
2. Strengthen Zero Trust with AI and integration
The Forrester study also found that “existing solutions failed to provide the high-fidelity signals, comprehensive visibility, and end-to-end self-healing capabilities needed to defend against today’s sophisticated attackers and volume of cyberthreats.” For the interviewed organizations, “prior solutions could not provide telemetry of a threat’s effect on data, a user’s exact activity on the network, or a timeline for effective remediation.” And because the organizations relied on security solutions from multiple vendors, “consolidating telemetry information for triage and analytical work was difficult and time-consuming.”
Microsoft Sentinel solves the problem of vulnerable security silos by providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. As a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution, Microsoft Sentinel uses AI to eliminate security infrastructure setup and maintenance by automatically scaling to meet user needs. Because Microsoft Sentinel is available out of the box with service-to-service connectors, it’s easy to gain real-time integration with Microsoft 365 Defender, Microsoft Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps.
Any truly comprehensive Zero Trust implementation requires functionality across multiple platforms. Microsoft Sentinel also contains 30 new out-of-the-box data connectors for Cisco, Salesforce Service Cloud, Google Workspace, VMware ESXi, Thycotic, and many more. These data connectors include a parser that transforms the ingested data into Microsoft Sentinel normalized format, enabling better correlation for end-to-end outcomes across security monitoring, hunting, incident investigation, and response scenarios. Microsoft Sentinel automates routine tasks—with a 90 percent reduction in alert fatigue—so, your security team can focus on the most critical threats.
For example, by adhering to the values of Zero Trust, the Microsoft security operations center (SOC) assumes that any device or user can be breached. That means we end up scrutinizing roughly 600 billion security events each month. But because we utilize Microsoft Sentinel and our other security tools that leverage machine learning, threat intelligence, and data science, we’re able to filter 600 billion monthly events down to around 10,000 alerts. We also use Microsoft Defender for Endpoint Automated Investigation and Response (AIR) capabilities to find and fix low-level malware instances and other nuisance alerts. Microsoft Defender for Endpoint AIR capabilities can also clean up a device, delete the service, erase the file, and tell us when the problem has been remediated. This reduces noise for our SOC and helps shrink those 10,000 monthly alerts down to a manageable 3,500 cases for investigation. Whittling those numbers down is what helps us—and you—zero in on real threats.
3. Simplify for easier compliance and identity and access management (IAM)
The five organizations in the Forrester study struggled to comply with regulatory requirements because “the complexity of their IT environments made it difficult to audit their environments or effectively implement governance policies.” Sound familiar? Fortunately, Zero Trust requirements can sometimes exceed some compliance requirements; meaning, organizations sometimes find that they’re better off than they had been previously.
As a feature in the Microsoft 365 compliance center, Microsoft Compliance Manager solves this common problem with intuitive management and continuous assessments—from taking inventory of data risks to implementing controls, staying current with regulations and certifications, and reporting to auditors. Compliance Manager’s machine learning and analytics even help sort through relevant data to respond to your legal, regulatory, and internal obligations based on requirements from the International Organization of Standardization (ISO), National Institute of Standards and Technology NIST), Cybersecurity and Infrastructure Security Agency (CISA), and General Data Protection Regulation (GDPR). It automatically measures your progress toward completing necessary actions—providing a compliance score around data protection and regulatory standards—along with workflow capabilities and built-in control mapping to help carry out improvements.
To make compliance even easier, the new Microsoft Sentinel: Zero Trust (TIC 3.0) Workbook features a redesigned user interface, new control card layouts, dozens of new visualizations, and better-together integrations with Microsoft Defender for Cloud to monitor compliance posture deviations across each TIC 3.0 control family. The new workbook also provides a mechanism for viewing log queries, Azure Resource Graph, metrics, and policies aligned to TIC 3.0 controls—enabling governance and compliance teams to design, build, monitor, and respond to Zero Trust requirements across 25 plus Microsoft products.
Microsoft also offers more than 300 pre-built risk assessment templates to help you comply with evolving regulations, as well as integrated workflows to help ensure the right people across security, HR, legal, and compliance can investigate as soon as a risk is identified. The director at a manufacturing firm explained that “Microsoft Secure Score reduced the time it took us to be compliant with the California Consumer Privacy Act (CCPA) and GDPR. And Azure AD and Microsoft 365 E5 really enhance our security capabilities.” Secure Score simplifies your security posture by providing centralized visibility across all your Microsoft 365 workloads. This helps identify potential improvements, as well as benchmark your organization’s status over time. Embedded guidance enables you to evaluate each recommendation and determine which vectors of attack are a priority, and how they can be mitigated.
Organizations in the Forrester study also stated that “Legacy infrastructures made it difficult for IAM teams to meet organizational security requirements and the needs of their users.” Azure Active Directory integration enabled these businesses to streamline sign-in and easily deploy applications companywide, as well as enable SSO and automate user provisioning. These efficiency gains allowed their IAM teams to focus on improving security by implementing additional Zero Trust policies. By adopting Azure AD, the IAM teams also reduced time spent managing IAM infrastructure, provisioning and de-provisioning users, managing vendors, and dealing with application downtime and remediation.
4. Look for best-in-breed protection
When looking for a Zero Trust solution you can rely on, there’s a confidence that comes from knowing your security provider has seen more than 40 percent year-over-year growth and more than USD10 billion in revenue. As Thomas Mueller-Lynch, Service Owner Lead for Digital Identity at Siemens put it, “There aren’t too many vendors on the planet that can create a solution capable of providing consolidated insights into large, complex environments like ours. That’s why we chose Microsoft.”
Microsoft Security is a leader in five Gartner Magic Quadrants and eight Forrester Wave categories and ranked the highest in the MITRE Engenuity® ATT&CK Evaluation. Microsoft was also named a Leader in IDC MarketScape for Modern Endpoint Security. By unifying security, compliance, and identity, we can help you improve productivity and protect your entire environment—from Windows and macOS to Linux, iOS, Android, and Amazon Web Services (AWS). For built-in intelligence, easy integration, and simplified management that addresses all three Zero Trust pillars, Microsoft Security provides the comprehensive solution you need to move forward—fearless.
Learn more
- Be fearless—evaluate your security posture today.
- Explore our Zero Trust approach to comprehensive security.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post 4 best practices to implement a comprehensive Zero Trust security approach appeared first on Microsoft Security Blog.