Zero trust and beyond – Navigating the era of generative AI challenges – Source: www.cybertalk.org

At Check Point, I am responsible for enabling National Channel Partners to drive sales and increase revenue by developing technical training programs for Partner sales engineers and security architects to keep them up-to-date with new technologies to prevent advanced persistent threats and zero day attacks. I work with Regional Channel Managers and Field Engineers to develop and execute strategies to implement new products across regions.

Did you know that AI and zero trust complement one another? In this interview, expert Miguel Angulo discusses why AI is critical in implementing zero trust, how to overcome corresponding challenges, and exactly what types of powerful, value-add outcomes you’ll be able to achieve with the combined technologies. Don’t miss this!

Would you like to provide a recap explaining what Zero Trust Network Access (ZTNA) is and how it differs from traditional security models?

Sure, unlike traditional security models that rely on perimeter-based defenses, Zero Trust Network Access (ZTNA) operates on the principle of “never trust, always verify.” In essence, it treats every user and device attempting to access the network as potentially hostile; regardless of their location. ZTNA shifts the security focus from protecting the network’s perimeter to securing identities, including users’ accounts and their devices, granting access on a ‘need-to-know’ and ‘need-to-access’ basis. By incorporating AI and continuous authentication, ZTNA significantly enhances security by dynamically evaluating the trustworthiness of every connection request in real-time. This contrast to conventional models ensures that even if a device is compromised, an attacker’s access is restricted and limited to a specific application or resource, preventing lateral movement, and reducing the potential impact of a breach. Essentially, ZTNA provides a more robust and flexible security approach, particularly suitable for today’s dynamic and cloud-centric computing environments. Remember, “never trust, always verify!”

How can Zero Trust Network Architecture leverage artificial intelligence and/or machine learning to improve security?

The key to a successful ZTNA implementation is Identity Management (IM). In his keynote, RSA CEO Rohit Ghai stated: “Without AI, Zero Trust has zero chance.” It is all about identity! If the industry average timeframe to identify and remediate an attack is about 277 days, with AI it is possible to manage access in greater detail, in real-time.

By using AI, ZTNA can leverage IAM to evaluate user requests in real time, assess the security context such as the device, network, and related behavioral data, and generate a risk score. Access control policies can include a dynamic risk score to allow access, deny access, or require more stringent authentication.

What are the primary challenges associated with integrating ZTNA and AI technologies?

On one side, you have a framework called Zero Trust (ZT). On the other side, you have a tool called AI. The challenge is, ‘how do you connect the dots?’ ‘How do you use the Zero Trust principles to help you build your own Zero Trust Architecture (ZTA) with AI algorithms to reduce the risk of a cyber attack?’

With ZTNA, we want to solve the fundamental problem of identity trust. In the traditional model, once users gain access to the corporate network, they are granted broad access to various resources and applications within the network. This approach assumes that anyone within the network perimeter is trusted and can move freely. Therefore, we want to move from traditional static compliance-focused security approach (Layer 3 – connect to the network, then authenticate) to a more dynamic risk-driven approach (Layer 7 – authenticate, then connect to the application).

Successful implementation of the Zero Trust approach requires organizations to adopt robust information security and resilience measures. To achieve optimal effectiveness, it is crucial to integrate Zero Trust principles with the organization’s current cyber security policies, identity and access management protocols, continuous monitoring procedures, and industry best practices. By employing a managed risk approach, a well-executed Zero Trust architecture can effectively safeguard against prevalent threats and elevate the overall security posture of the organization.

Nevertheless, when implementing a ZTNA solution that harnesses AI technology to enforce the “never trust, always verify” principle, certain challenges associated with AI must be taken into account. The use of AI algorithms introduces the risk of datasets being tainted, which could undermine the overall effectiveness of the cyber security measures. These algorithms might yield varying outcomes in distinguishing between genuine anomalies and false positives. Additionally, the presence of biases in the training data can lead to erroneous access decisions or even discriminatory behavior. Consequently, such biases can result in unfair and inaccurate determinations regarding user access, potentially causing legitimate users to be blocked or unauthorized access to be granted.

How can security staff address these challenges effectively?

In controlling access to corporate resources, security personnel must possess a profound comprehension of the Zero Trust principles and their practical application. These principles should enable security personnel to restrict access for users attempting to access these resources with the least possible privileges.

Considering the comprehensive nature of Zero Trust Architecture, organizations are encouraged to seek all-encompassing solutions that facilitate the consolidation of security vendors, especially those leveraging AI technology. This consolidation not only enhances cyber resiliency, but also streamlines processes and augments human capabilities. By combining AI, automation, and analytics, managed security providers can efficiently handle data from multiple sources, enabling faster responses to real threats. Furthermore, automation plays a pivotal role in incident response, empowering organizations to address security incidents more effectively and comprehensively. This synergy between AI, automation, and analytics fortifies an organization’s ability to proactively protect against potential risks while fostering a more secure and resilient operational environment.

If at all, how can ZTNA + AI address scalability requirements of modern enterprises with distributed networks and remote workforces?

I am glad that you asked. Presently, approximately 28% of the workforce operates within a hybrid model, while 12% work entirely remotely. From 2020 to 2022, there have been over 5,000 confirmed breaches, as reported in the Verizon data breach report. As corporate applications increasingly migrate from data centers to the cloud, managing security becomes more intricate. Accessing these applications from remote locations, including home networks and branch offices, to the data center or cloud through layer-3 VPN not only lacks scalability, but also poses security risks to the organization.

This is where ZTNA comes in. At its core, ZTNA embodies the principle of “never trust, always verify.” Embracing the Zero Trust principles requires a comprehensive approach, starting with endpoint security engines powered by AI running on your laptop to shield you from threats while also gathering valuable user behavior data.

To access cloud applications from your laptop, a security plugin runs alongside your web browser, safeguarding you from identity theft and preserving the integrity of your corporate credentials. Moreover, the browser’s security plugin offers protection against deceptive websites, shielding you from malicious URLs lurking in deceitful emails or texts, even posing as communications from your financial institution or healthcare provider. This security plugin also diligently scans attachments on web-based email applications and guards against drive-by downloads that might contain harmful content. When you’re on the go, a mobile security app becomes indispensable, securing your phone from threats posed by rogue networks, malicious apps, phishing attempts, and smishing attacks.

Having safeguarded your laptop and mobile device, the next step involves securely accessing cloud applications through these devices. For this purpose, a Layer 7-vpn solution comes into play, ensuring the communication between your device and the application remains protected. Employing Zero Trust architecture, combined with Identity management and the contextual insights gathered by the endpoint solution on your laptop or mobile security app, this approach fosters robust security.

Once the user’s verification and authorization are confirmed, the Layer 7-vpn establishes a direct connection between the user and the application. Through this secure channel, outbound connectivity is established, and a security gateway enforces access policies. As a result, the application is seamlessly presented to the user within their web browser, assuring a safe and controlled user experience.

To safeguard users operating from branch offices, a seamless integration of Zero Trust Network Access (ZTNA) with a Secure Access Service Edge (SASE) solution proves advantageous. This combination not only shields branches from potential threats but also enables users to access required applications through Layer-7 protocols. Additionally, the integrated approach facilitates effective management and security of WAN connections, prioritizing critical traffic over faster connections and less crucial traffic over slower ones.

By adopting a Zero Trust architecture, scalability is inherent, empowering organizations to establish granular policies and eliminate risky default access. The architecture further permits secure, isolated user-to-resource access, ensuring that each interaction is diligently verified and authenticated. Embracing ZTNA and SASE together fosters an environment where branch office users can confidently carry out their tasks with enhanced protection, streamlined access to essential applications, and optimized network connectivity based on the specific traffic requirements.

Is there anything else that you would like to share with the CyberTalk.org audience?

My final thoughts, Zero Trust models encompass several key components, such as least-privilege access, micro-segmentation, continuous monitoring and evaluation, data protection, secure software development lifecycle, and risk assessment and management functionalities. These components form a layered approach to security, aligning with the principles of Zero Trust, and they collectively fortify an organization’s defense against potential threats.

Moreover, it is essential to tailor the model to suit the unique challenges faced by each industry. By customizing the implementation to address the specific generational AI challenges confronted within a particular sector, organizations can optimize their security posture and better safeguard their critical assets and sensitive data. Embracing a comprehensive and adaptive Zero Trust model empowers businesses to stay resilient against evolving threats while adhering to industry-specific requirements, ensuring a robust and secure environment for operations.

For more insights from Miguel Angulo, please see CyberTalk.org’s past coverage. Lastly, to receive more timely cyber security news, insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.