Getting safer: why zero trust and network detection and response technology should be part of your security planning

Cybercrime is on the rise and it’s time for Australian organisations to rethink their security architecture to combat the threat posed by phishing, ransomware and supply chain attacks.

It’s fair to say that the task of protecting an enterprise from cyberattacks and data compromise got a whole lot more challenging in 2020. With the onset of the COVID pandemic, thousands of businesses were forced to cobble together infrastructure and solutions to enable their teams to work remotely during lockdowns. In many instances, security took a back seat to expediency, as business leaders and IT departments embraced a ‘whatever it takes’ mentality, in order to achieve their overarching goal of maintaining business continuity.

Meanwhile, hackers and cyber-criminals took one of British wartime Prime Minister Winston Churchill’s most famous adages for their mantra, as the epidemic morphed into a pandemic. Determined not to let a good crisis go to waste, they doubled down on their efforts to disrupt organisations and steal money and personal information, using COVID related gambits as a hook.

The uptick in malicious activity has politicians worried, at home and abroad. In May 2021, US President Joe Biden signed an Executive Order to improve that nation’s cybersecurity and protect federal networks. Here in Australia, the Morrison administration has taken similar steps. The Federal Government is investing $1.35 billion over the next decade to enhance the nation’s cybersecurity capabilities.

Trust no one

Meanwhile, one of the most effective ways organisations can fortify their own ICT environments is via the adoption of what’s known as zero trust architecture. As the name implies, this refers to a security framework which never grants automatic access to an organisation’s systems and data.

Instead, users, both inside and outside the network, must have their credentials authenticated and authorised continually, in order to gain and retain access.

With mobile devices and endpoints proliferating rapidly, and workers becoming more geographically dispersed, it’s a model that makes more sense than one which automatically ‘trusts’ users and endpoints..

Intelligence and insights to make the enterprise safer

Knowing exactly what’s on your network is integral to the achievement of a robust zero trust model.

That’s where network detection and response (NDR) technology has an invaluable role to play. It uses machine learning to ascertain a normal baseline for network activity and behaviour. Once that’s been established, detectors will alert security personnel when they clock behaviour that deviates significantly from that norm, even if the behaviour doesn’t resemble a previously documented pattern of attack.

In contrast to endpoint detection and response technology, which aims to stop infiltrators gaining access, NDR technology makes it possible for organisations to identify and disarm attackers after they’ve made their way onto the network and are beginning to make mischief.

The software is designed to work across distributed environments and in the cloud, to establish a single source of truth that can inform security decision making in real time.

Perhaps most importantly, unlike some other cybersecurity tools, an NDR solution can’t be seen – or disabled – by network interlopers. It’s ever-present; observing their behaviours even if they’ve logged on with bona fide credentials.

Thinking differently about cybersecurity

In a worsening threat climate, persisting with traditional security strategies and models has become a risky approach for Australian businesses to take. Migrating to a zero trust model, one that’s informed and enhanced by NDR technology, may see them better placed to head off expensive and disruptive attacks in the future.

Glen Maloney has more than 15 years’ experience in the IT industry and is responsible for all sales and channel market development for ExtraHop in Australia and New Zealand. He previously worked at Sophos and Checkpoint Software in several sales and business development roles.