Application Whitelisting: Challenges and Best Practices

What is Application Whitelisting?

Whitelisting is a way of creating an inventory of secure software applications that may run on an organization’s network. Whereas blacklists block specific application sets, whitelists specify which programs are allowed—with the objective of preventing harmful files and malicious software from running on a company’s infrastructure. This approach also improves resource management by prioritizing application traffic.

All the same, whitelisting limits the scope of solutions a team may implement, often causing frustration and impeding efficiency. Newly proposed software must go through an often lengthy vetting process before deployment. Managing a whitelist is time-consuming, requiring constant monitoring and modification.

This is part of our series of articles about zero trust security.

How Does Application Whitelisting Work?

Application whitelisting specifies which applications are allowed to run in the corporate environment—a list which may change over time to accommodate the needs of users on the network. The list can contain libraries, files, and executables.

IT organizations can use the application whitelist feature built into some host operating systems, leverage a third-party application whitelist tool, or use the whitelisting feature within some endpoint protection tools.

Whatever the method used for whitelisting, the main goal is to prevent unauthorized installation and execution of applications to specific network endpoints.

To implement application whitelisting in your infrastructure, you can follow these steps:

• Benchmarking—scan storage drives of endpoints running on the network, to identify applications and processes required for your business needs, and identify unnecessary or potentially harmful applications and processes.

• Create an initial whitelist—including legitimate, safe applications and required for business operations.

• Activate application whitelist—activate the whitelisting software on the network. It will start comparing any new applications with the whitelist before allowing them to run.
• Changes and updates—upon purchasing a license for new software applications, whitelist it, and add its executable files and libraries to your whitelist before running. When updating an application, you must change the whitelist to reflect the files and executables used by the new version.

Application whitelisting is one way to block unwanted content on your network. Another approach is web filtering – blocking unwanted websites and web content.

Read our guide to web filtering

Identifying Applications for Whitelisting: Whitelisting Attributes

There are various attributes that can help determine if an application file or folder may be vetted for whitelisting. Each one has its limitations, so you should use two or more attributes to identify files and programs for whitelisting.

File Path Whitelisting

By whitelisting a file path, you allow all applications in that path to run. There are two options:

• Directory-based whitelisting—this option allows all files in a directory and its subdirectories.

• Complete file path whitelisting—this option only allows file names that match the specific file path. It may use wildcards to specify multiple files.

File Whitelisting

Using the file name as an attribute on its own potentially opens a path to malicious programs that replicate whitelisted filenames. Therefore, this attribute is usually used with other identifier.

File Size Whitelisting

This attribute is used under the assumption that a malicious version of an application has a different file size. Because this attribute is easy to manipulate, it must be used in conjunction with others.

Cryptographic Hash Whitelisting

A much stronger attribute, almost impossible to replicate, is a cryptographic hash. Attributing a unique value to an application file serves as a stronger filter than names or file system locations.

Digital Signature

Digitally signing an application file helps verify its authenticity. This unique attribute helps determine if a file has been compromised.

Process Whitelisting

Some applications require a predetermined set of processes to run. Process whitelisting can lock down a system by enabling only legitimate processes while preventing other processes from executing.

Challenges in Application Whitelisting

One of the greatest concerns regarding whitelisting is its effect on end-users. Denying applications by default is a cumbersome mechanism, which often impedes business processes and frustrates employees.

The whitelisting process itself is also difficult to implement and manage. Automating the exception management process, and the whitelist management process itself, can be a great improvement.

An alternative to traditional application whitelisting is monitor-only whitelisting. This lets the organization visualize all executables running on endpoints, and alert when unrecognized applications are discovered, without blocking applications from running. This can provide many of the security advantages without frustrating users. However, it is a passive approach that makes it possible for malicious programs to infect endpoints.

App Whitelisting Best Practices

Compile an Application Inventory

It is important to create a comprehensive list of legitimate applications used by your organization, before deploying application whitelist software. All these applications must be included in the company’s whitelist policy. Software that is not explicitly listed in company-created policies cannot be run and will be unavailable to users.

It is best to use the publisher’s digital signature or an encrypted file hash to identify applications. Most application whitelisting tools allow you to create a whitelist strategy based on these two identifiers. Using weaker identifiers, like filenames or filesystem locations, may result in false negatives and false positives.

Classify Essential and Non-Essential Business Applications

Consult with business teams and identify which of the applications currently running on the network are essential for day-to-day operations, or non-essential. Many applications may have been installed but never used, employees may have transitioned to another tool and left the old one installed, and so on. Whitelist essential applications, while blocking non-essential ones, to reduce security risk and reclaim the wasted resources they utilize.

Integrating Whitelisting and Patch Management

A primary challenge associated with whitelisting is to integrate whitelisting and patch management processes. Most organizations have an automated patch management process. Patching will usually prevent whitelisted software from identifying the software, and the new version will be blocked by the whitelisting tool.

If you use a tool like Windows Server Update Services (WSUS) for patch management, the tools provide an opportunity for administrators to approve patches before automatically deploying them. This presents an opportunity for administrators to add  patches to the whitelist policy, just before or after approving them for distribution.

Another solution is to create an application whitelist strategy based on the vendor’s digital signature. In this way, when a vendor releases a patch, the patch contains the same digital signature as the application it is trying to update, and the patch automatically receives permission to use it.

Allow Selective Admin Access to Admin Tools

Some employees, such as IT staff, will require access to administrative tools. You cannot whitelist these tools, but at the same time, you should not let any employees use them, because this can create operational and security risks.

You will need to identify and whitelist IT management tools, while restricting access to only those individuals who need the tools for their day-to-day jobs.

Reduce Application Whitelisting with Hysolate

Hysolate offers fully managed OS isolation, so your team is free to open and use any untrusted application within their Hysolate Workspace. Admin policies can be set so all untrusted applications can only be opened in Workspace, reducing the need for whitelisting, while also reducing user frustration.

Hysolate has a native user experience, so users can toggle back and forth between their host device and their Hysolate Workspace, and is simple for admins to manage, with granular policies via the Hysolate Management console.

Want to try Hysolate for yourself to see how it can save you time and resources on application whitelisting? Download Hysolate Free here.

Zero Trust Solutions: Which ZTNA is Right For You?

What are Zero Trust Solutions?

A zero trust security model assumes that all persons and devices trying to access a network are not to be trusted until they are verified as legitimate. Thereafter, it only grants the least privileged access to resources required for an applicant.

Gartner defines a category of solutions known as zero trust network access (ZTNA), which are responsible for administering selective access to users and devices on a protected network. There are two primary types of ZTNA solutions—agent-initiated, which are more flexible but require devices to be managed, or service-initiated, which are easier to deploy but only support web applications.

What are Zero Trust Network Access (ZTNA) Solutions?

Today’s digital business environment requires users to have access to applications from any location at any time. Users require mobile access to corporate systems, and outside partners require access as well, giving rise to virtual private networks (VPNs) and demilitarized zones (DMZs).

Originally, once allowed inside a network, a user gained implicit trust—often excessively so. So long as the user was outside the perimeter, they were not trusted. Unfortunately, many users and attackers abused this implicit trust. A zero trust approach denies access to everybody by default, and provides selective access based on the person and device requiring access, and the corporate service being accessed.

Related content: read our guide to zero trust security

How ZTNA grants selective access

Zero Trust Network Access (ZTNA) solutions can grant selective access based on criteria such as:

• Human identity
• Functional roles
• Device profiling and health checks
• Network used to connect
• Date, time and allowed duration of use
• Geographic location

ZTNA controls access to resources based on identity and context, reducing the attack surface. This creates individual security perimeters around each user, device, and application.

ZTNA creates a standardized user experience and applies security policies consistently, regardless of whether users connect from within the corporate network, from outside, using a corporate device or an unsecured personal device.

The trust broker

A central component of ZTNA solutions is a trust broker. Trust brokers can be provided as a third-party cloud service, or may be self-hosted, such as a physical appliance operating within the customer’s data center, or a virtual appliance managed by the organization in a public cloud.

A trust broker evaluates the applicant’s credentials and their device context. If the user is eligible to access the application, the broker communicates with a gateway function located logically near to the required application. Finally, the gateway creates a connection between the user and application.

In some ZTNA products, the gateway handles all communication once the user is connected. In other products, the broker remains present, to perform ongoing verification of the user and device.

Learn more in our detailed guides to:

• Zero trust network

• Zero trust model 

Types of Zero Trust Network Solutions

Gartner describes two main categories of ZTNA solutions.

Endpoint-Initiated ZTNA

Endpoint-initiated ZTNA takes its name from the agent installed on end-user’s devices. This agent transmits security-based information to a controller. The controller then prompts the device user for authentication, and returns a list of permitted applications. Following authentication of the device and its user, the controller opens connectivity to the device using a gateway.

Even after the user is authenticated and the gateway allows access, connectivity is still provisioned by the controller, and the user may only access the service through the gateway. Services are shielded from direct Internet access, which can prevent threats like denial of service (DoS).

After the controller secures connectivity, some ZTNA remove themselves from the data path; others remain within it.

Endpoint ZTNA adheres best to the Cloud Security Alliance’s (CSA)  software-defined perimeter (SDP) standard. However, it requires either device management infrastructure, or installation of a local software agent. Alternatively, a third-party unified endpoint security (UES) product can provide the trust broker with the required device posture assessment. This can be a middle ground between deploying an agent and full-featured device management.

Service-Initiated ZTNA

Service-initiated ZTNA, on the other hand, does not require the installation of an agent on the user’s device. It is a much more attractive approach for organizations that enable unmanaged devices (Bring Your Own Device or BYOD). This type of solution follows Google’s BeyondCorp concept.

In this approach, networks in which applications are deployed have a connector that establishes outbound connections to a cloud-based ZTNA solution. To access a protected application, a user must authenticate with the ZTNA provider, who validates the user using an enterprise identity management product. Upon successful validation, traffic can pass through the provider’s cloud, while isolating applications from direct access.

An advantage of service-initiated ZTNA is that the enterprise firewalls does not need to allow inbound traffic—because all traffic passes through the provider. However, the provider’s network must be evaluated, since it becomes a critical element and a potential point of failure.

Another downside of service-initiated ZTNA is the need to base an application’s protocol on HTTP/HTTPS. This limits the system to web applications and protocols, including secure shell (SSH) or remote desktop protocol (RDP) over HTTP. However, several vendors are now offering support for added protocols.

How to Choose a Zero Trust Solution?

Key considerations for evaluating a zero trust solution include:

• Is the installation of an endpoint agent required, and what operating systems and mobile devices does it support? How does the agent interact with other agents?
• Must the customer install and manage the ZTNA broker, does the vendor offer it as a service, or—ideally— is there a hybrid architecture involving both?
• Do you need a unified endpoint management (UEM) tool for security posture assessments of devices (operating system versions, password and encryption policies, patch levels, and so on)? What options exist for managing these on unmanaged devices?
• If an anomaly appears within the ZTNA-secured environment, will it be identified using user/entity behavior analytics (UEBA)?
• What colocation facilities or edge/physical infrastructure does the vendor provide? Are the vendor’s edge locations and/or points of presence (POPs) geographically diverse?
• Does the solution similarly secure legacy applications or only covers web applications?
• Is the vendor’s private disclosure policy credible and responsible? Does the vendor constantly test for product vulnerabilities and remove them?
• Is the licensing model priced per user or bandwidth? How does the vendor charge for overage if you exceed the number of users or allowed bandwidth in your package?

Zero Trust for User Desktops with Hysolate

Hysolate creates Zero Trust for user desktops and workstations by splitting a user’s device into two fully isolated zones, each running in its own OS, leveraging the latest hypervisor and virtualization-based security technologies. One OS is the user’s untrusted Operating System, and another is an instantly-provisioned, totally isolated corporate Operating System running in a VM – this VM is spun up without any infrastructure cost/image building work, etc. The corporate VM runs a locked-down operating system and can contain an inaccessible client certificate that vouches for the integrity of the VM.

The ZTA broker would only allow that corporate VM running on Hysolate to have access to sensitive enterprise applications, making it impossible for the end-user to access these applications from any other untrusted environment/device.

IT admins can isolate this corporate VM from the user’s personal OS, including admin managed controls over clipboard, USB, network, applications, etc, all managed from the cloud.

Request a demo to learn more about Hysolate for Secure Access to Corporate Data

Zero Trust: From Vision to Reality

What is Zero Trust?

Zero trust is an IT security model that requires strict authentication of people and devices trying to access resources on a private network. It does not implicitly trust any user or device, even if they are known or already have access to some network resources.

Zero trust is a response to the breakdown of the traditional network perimeter model. In the past, organizations focused their security efforts on securing the network perimeter and preventing a breach into the core network. Within the network perimeter, users and devices were considered safe.

Today, with the prevalence of remote cloud services, remote work, distributed teams, and the use of personal mobile and computing devices, the network perimeter no longer exists. Zero trust makes it possible to secure organizational assets no matter where they are located, when accessed by any device from any location.

There is no specific technique or technology used to implement a zero trust architecture. However, new security solutions are emerging that can assist in implementing zero trust principles, including identity and access management (IAM), zero trust network access (ZTNA), and network microsegmentation.

While the vision of zero trust is inspiring, implementing it in your organization is a long road. This article will take you from the theoretical principles of zero trust, through the technologies and real life challenges involved in implementing it, to a brief practical guide for implementing zero trust in your organization.

Why is Zero Trust Important?

In recent years, it has become clear that data breaches are not only, or even primarily, caused by breaches of the network perimeter. Increasingly, breaches are caused by malicious or careless insiders, accounts compromised by social engineering or other techniques, or focus on weaker links of the IT environment, such as unsecured personal endpoints or cloud systems.

Before the advent of zero trust, companies used solutions like firewalls and VPNs to control access to networks and applications. The inherent flaw of these solutions is that once the user is successfully authenticated, they are “trusted” and granted unconditional access to corporate resources. Users were exposed to unnecessary data and systems, including mission-critical resources.

To resolve this situation, organizations implemented complex, expensive layers of security to stop attackers, such as intrusion detection, behavioral analytics and endpoint protection, with no real guarantee that any of these layers will prevent a breach.

Zero trust is a more holistic solution that assumes attackers have already breached the network, but prevents them from escalating privileges and moving laterally within the network. It reduces the need for complex security measures to detect and mitigate threats, because it creates an inherently secure network environment.

Another benefit of zero trust is that it centralizes and standardizes the problem of access control. Instead of requiring every application on the network to be inherently secure and implement strong authentication measures, the network manages access and authentication centrally. Applications do not handle authentication on their own, relying on a zero trust “access broker” to check if users are eligible for access, and verify their identity.

What are the Core Principles of the Zero Trust Model?

Zero Trust is based on multiple pillars working together to reduce the potential for misuse of sensitive company data.

Least-Privilege Access

The least privileged access principle ensures users can access only the resources and business applications they need to do their work. Also, if two or more access rules conflict, the more restrictive rule always applies. This minimizes each user’s access to sensitive parts of the network and limits the risks associated with excessive privileges.

Microsegmentation

Zero trust networks divide the security perimeter into smaller areas, managed by separate access rules. Users access a specific area and never gain access to the entire network. Micro-segmentation makes security easier to manage, reduces the attack surface, and improves data security by applying appropriate, separate access policies to datasets in each network segment.

Isolation

In some cases, it may be impractical to segment a network or an application, because of its size or other technical requirements. Another approach is to isolate it from other elements in the network, and separately manage its privileges and access controls.

Continuous Monitoring and Validation

The zero trust model continuously and carefully monitors, controls, audits, and manages user activity in real time. This provides organizations with a complete picture of who accesses what, and why. When suspicious activity occurs, security teams receive immediate warnings, making it easy to identify and respond to potentially malicious activity.

Learn more in our detailed guide to the zero trust model

How Zero Trust Security Works

Zero trust security works by protecting several components of the environment—data, networks, workloads, and devices.

Zero Trust Data

Data is an asset, and usually the main target when malicious actors try to hack a system. Zero trust strategies need to prioritize data first. To do this, you first need to gain a better understanding of your data, including its location and sensitivity levels, and define user access appropriately. Once you have this information, you need to constantly monitor user activity, and set controls in place for detecting and responding to potential threats.

Zero Trust Networks

A zero trust strategy limits the scope of a breach. You can create this for your network by segmenting, restricting, and isolating the network. If attackers attempt to breach the network by manipulating insider threats or exploiting a misconfiguration vulnerability—they will be restricted by the controls set in place. If the network is entirely configured for zero trust, attackers will have a difficult time moving around the network.

Learn more in our detailed guide to zero trust networks

Zero Trust Workloads

The term “workload” generally refers to the entire applications stack and backend software that customers use to interact with the business. This includes the operating system (OS) and storage, as well as frontend components. To protect your workloads against attacks targeting customer-facing applications, you need to apply zero trust measures that reduce the attack surface and increase your visibility and control.

Zero Trust Devices

Endpoints are no longer restricted to company-owned devices, like desktops located at the office facility. Today, employees and third-parties constantly use personally owned devices to connect to the corporate network. These endpoints can be laptops and smartphones, as well as Internet of Things (IoT) devices like smart TVs and coffee machines.

To ensure the safety of the digital assets of the company, organizations need to secure, isolate, and control devices connected to the network. This can be accomplished with zero trust controls and policies, as well as EDR technology.

Learn more in our detailed guide to zero trust security

Technologies Behind Zero Trust Architecture

Here are the main technologies used to implement a zero trust architecture:

• Strong user verification—achieved through measures like role-based access control (RBAC).
• Identity and access management (IAM)—help you define and manage user permissions. The IAM system decides whether to grant or deny access requests.
• Multi-factor authentication (MFA)—helps protect the network against weak or reused passwords.
• Endpoint protection—attackers use compromised endpoints to exploit authorized user sessions and gain unauthorized access to company resources. Endpoint security can help protect against compromised accounts.
• Zero-trust network access (ZTNA)—remote connections often use telework. To ensure secure remote access, ZTNA technologies provide continuous monitoring for remote connections.
• Microsegmentation—enables you to enforce zero trust policies inside the network.

Learn more in our detailed guide to zero trust solutions (coming soon)

Challenges of the Zero Trust Strategy

Zero trust is a paradigm shift for most organizations, and implementing it in large scale networks can be challenging. Here are some of the key challenges faced by organizations as they adopt zero trust.

Legacy Applications and Protocols

Mainframes, old HR systems, shell scripting languages like Powershell, and legacy protocols like POP, SMTP, and IMAP are typically incompatible with the zero trust approach. There are two approaches for dealing with this:

• Excluding legacy systems from the zero trust implementation, which can defeat the point of zero trust, because those legacy systems become a weak link for attackers to target.
• Shutting down or restricting access to legacy systems, which can seriously impair employee productivity, because these systems are part of critical business processes in many organizations.

To succeed in your zero trust implementation, you must have a well-thought-out strategy for dealing with legacy components.

Compliance Standards

Zero trust is new, and many regulations and industry standards have not caught up. For example, to comply with the PCI DSS standard (required for organizations processing credit card data), you need to implement a firewall. However, in many zero trust topologies, a firewall is not needed because networks are segmented to begin with.

This requires a close evaluation of:

• Your existing compliance obligations
• Impact of zero trust implementation on compliance requirements
• Zero trust measures that can be performed under current compliance standards, and those that cannot.

Visibility and Control

In a traditional, unified network, organizations had a high level of visibility over all network resources. As an organization transitions to a zero trust model, it breaks up its network into “islands” with separate networking and access policies. Traditional monitoring and network management tools cannot operate consistently over a micro-segmented network. This breakdown in visibility can have serious security implications, including unpatched devices, shadow IT, and unmonitored systems.

Implementing Zero Trust Security

3Ws – Workforce, Workplace and Workloads

Here are the three important components you need to protect when implementing a zero-trust security architecture:

1. Workforce—it is critical to protect users and their devices against various threats, including credential theft and phishing attacks. You protect the workforce by using identity verification and authentication tools like MFA.
2. Workplace—in addition to protecting your workforce, you need to protect the workplace. You can do that by ensuring the corporate network is properly protected. You can, for example, use software-defined access to secure connectivity requests from various sources, including IoT devices and local users.
3. Workloads—another important element that requires protection is the constant flow of information moving across the network. This includes on-premise data centers, public and private cloud environments, and endpoints. For example, you can set up measures that proactively identify workload behavior anomalies.

Incorporate New Tools and Modern Architecture

Traditional cybersecurity tools are not designed to provide zero trust capabilities. To fill in the gaps, you need to introduce new tools into your existing stack and, if needed, design and implement a modern architecture that incorporates by design the additional layers of security.

When choosing tools for zero day strategies, you can consider network micro segmentation tools, MFA and single sign-on for secure access control. You can also leverage tools that provide advanced threat protection capabilities.

Related content: read our guide to zero trust architecture

Apply Detailed Policies

Policies are rules that enforce specific measures. A zero trust policy enforces rules that grant or deny access to resources, according to predefined standards. You can configure devices to adhere to zero trust policies only and deny any other attempted access.

Generally, a zero trust policy allows access only when absolutely necessary. However, you can and should specify the users, applications, and devices that are allowed access to each data type and service.

Monitor and Alert

To properly work, a zero trust architecture relies on components that enable continuous monitoring, including data correlation and log analysis. This information is vital to ensure the system detects signs of compromise. The monitoring tools you choose should integrate well into your existing ecosystem and provide you with alerting capabilities.

Alerting helps ensure that your team and relevant stakeholders are notified on time. However, be sure to configure alerts in a way that prevent false positives. The team needs to respond quickly, if not in real-time, but the team cannot and should not respond to any event that triggers an alert. You need to prevent alert fatigue and ensure the team remains productive.

Zero Trust for Virtualized Desktops with Hysolate

Hysolate splits a user’s device into two segregated zones, each running in its own OS, leveraging the latest hypervisor and virtualization-based security technologies. One OS is the user’s unmanaged/untrusted/personal OS and another is a trusted corporate OS running in a VM.

The corporate VM runs a fully locked-down operating system that can contain an inaccessible client certificate that vouches for the integrity of the VM. The ZTA broker would only allow that corporate VM running on Hysolate to have access to sensitive enterprise applications. The end-user would be unable to access these applications from any other untrusted environment/device.

With Hysolate, IT can isolate the corporate sensitive VM from the user’s “riskier productivity zone” OS, including detailed controls over clipboard, USB, network, applications and more. With this Zero Trust architecture in place, enterprises can really move to a secure-by-design architecture.

Learn more about Hysolate’s zero trust access solution

Learn More About Zero Trust

What is a Zero Trust Network?

A zero trust network continuously authenticates and validates users and connected endpoints. The goal of zero trust security models is to ensure networks remain protected, while providing access to remote endpoints and users, including bring your own device (BYOD) endpoints and external-third party integrators. Learn about the concept of zero trust networks, how they enable better security with improved remote accessibility, and how to select a ZTNA solution.

Read more: What is a Zero Trust Network?

Zero Trust Architecture: 3 Approaches and 4 Best Practices

A zero trust architecture is an approach to security that assumes that all systems, networks, and users are untrusted. It requires continuous authentication of devices, users, and applications.

Learn how a Zero Trust Architecture (ZTA) works, discover approaches to implementing a ZTA, and best practices for making it a success.

Read more: Zero Trust Architecture: 3 Approaches and 4 Best Practices

What Will Zero Trust Security Mean for Your Organization?

Zero trust security helps organizations enforce policies and processes that authenticate, authorize, and continuously validate all users and devices. It is based on the notion that no user, device or application on the network should be trusted, even if it is within the organization’s security perimeter. Learn about zero trust security concepts and components, and how to begin implementing zero trust in your organization.

Read more: What Will Zero Trust Security Mean for Your Organization?

Zero Trust Model: Principles, Challenges, and a Real Life Example

The zero trust model is a holistic approach to network security, which requires the verification of each person and device whenever it attempts to access resources on a private network. This remains true, no matter if that device or person is already inside or still outside the network perimeter. Learn about the core principles of a zero trust model, its challenges, and see how Microsoft is implementing Zero Trust across its corporate network.

Read more: Zero Trust Model: Principles, Challenges, and a Real Life Example

Zero Trust Solutions: Which ZTNA is Right For You?

A zero trust security model assumes that all persons and devices trying to access a network are not to be trusted until they are verified as legitimate. Thereafter, it only grants the least privileged access to resources required for an applicant. Understand zero trust solutions including agent-initiated ZTNA and service-initiated ZTNA, how they compare and how to evaluate ZTNA solutions for your organization.

Read more: Zero Trust Solutions: Which ZTNA is Right For You? (coming soon)

Application Whitelisting: Challenges and Best Practices

Whitelisting is a way of creating an inventory of secure software applications that may run on an organization’s network. Whereas blacklists block specific application sets, whitelists specify which programs are allowed—with the objective of preventing harmful files and malicious software from running on a company’s infrastructure. Learn how application whitelisting works, challenges involved in identifying and maintaining application whitelists, and best practices to help resolve them.

Read more: Application Whitelisting: Challenges and Best Practices (coming soon)

Zero Trust Model: Principles, Challenges, and a Real Life Example

What is the Zero Trust Model?

The zero trust model is a holistic approach to network security, which requires the verification of each person and device whenever it attempts to access resources on a private network. This remains true, no matter if that device or person is already inside or still outside the network perimeter.

This resolves many issues in the traditional network security model, which relied on the concept of a security perimeter. Access to a network was tightly controlled, but once inside, connections were trusted by default and an attacker could cause significant damage. In today’s distributed environment, with data and applications running on remote cloud services, employees working from home or from personal devices, and the growing use of mobile and IoT, the security perimeter approach is no longer valid and is being replaced by the zero trust model.

The zero trust model comprises a set of principles, and recommends the use of technologies and techniques in line with those principles. There are many technical and operational approaches to implementing zero trust.

What are the Core Principles of the Zero Trust Model?

Here are the main principles driving zero trust implementations at organizations.

Strict Evaluation of Access Controls

The zero trust model assumes that potential attackers may exist inside and outside a network and therefore trusts neither. Any and all users or devices attempting to access network resources must be authenticated, and each access request must be authorized and encrypted.

Variety of Preventative Techniques

To prevent breaches and minimize their damage, a variety of preventive techniques are available.

Multi-factor authentication is the most common method of confirming user identity. It requires the user to provide at least two forms of evidence to confirm credibility. These may include security questions, SMS or email confirmation, and/or logic-based exercises. The more means required for access, the better the network is secured.

Limiting access for authenticated users is another layer used to gain trust. Each user or device only gains access to the minimal amount of resources required, thus minimizing the potential attack surface of the network at any time. All else remains blocked, thereby denying lateral movement for trusted entities.

Micro-segmentation is a network security technique that involves separating networks into zones, each of which requires separate network access. The damage a hacker can do, even once security is breached, remains limited to the microsegment they have managed to penetrate.

Real-Time Monitoring to Identify Malicious Activity

The zero trust model is mainly a preventative one. In addition to preventive measures, real-time monitoring is important, because it can minimize the time between an initial breach and the moment a threat spreads to additional systems on the network. Swift monitoring enables detection, investigation, and remediation, closing the window of opportunity for attackers.

Alignment with the Broader Security Strategy

The zero trust model is insufficient in itself as a comprehensive security strategy. Endpoint monitoring, detection, and incident response capabilities are critical to ensure network safety. Technology solutions, though important, cannot replace a holistic security approach that considers the organization’s broader security needs and compliance obligations.

Learn more about zero trust in our detailed guides:

• Zero Trust Security

• Zero Trust Architecture (coming soon)

• Zero Trust Solutions (coming soon)

Example Zero Trust Implementation: The Microsoft Zero Trust Model

Microsoft shared details of its own implementation of a zero trust model. Microsoft’s zero trust implementation focuses on:

Corporate services used across the organization, including Office applications and line of business applications

• Devices running Windows, Mac, iPhone, and Android
• Device management is handled by Microsoft Intune, a cloud-based mobile device management (MDM) service

Microsoft’s zero trust model has four phases:

• Verify identity—Microsoft requires two-factor authentication (2FA) for remote access to its networks. The authentication method evolved from a physical smartcard to phone-based challenges using the Azure Authenticator phone app. In future, Microsoft aims to eliminate passwords and move to full biometric authentication.

1. Verify device health—Microsoft enrolls user devices using the Intune MDM service. There is a device-health policy that specifies devices need to be managed and healthy (patched and tested to be free of malware and vulnerabilities) in order to access the company’s large productivity applications—Exchange, SharePoint, and Teams. Microsoft will support unmanaged devices for special use cases by providing virtualized Windows desktops and applications.
2. Verify access—Microsoft has minimized access to corporate resources and requires both identity and device-health verification. Access to primary services and applications will transition from direct access to corporate network, to Internet plus VPN, to Internet-only—reducing the number of users who need access to the corporate network.
3. Verify services—finally, Microsoft plans to add service health verification, ensuring that a service is healthy before beginning interaction with users. This is currently in proof-of-concept.

What are the Challenges of the Zero Trust Strategy?

Here are a few challenges you are likely to face as you implement a zero trust model in your organization, and how to overcome them.

Fluidity of Users and Roles

Recent events have changed the way we learn, live, and work. To a greater degree than ever before, the workplace as a physical location housing the majority of a company’s employees is under threat. More and more people access data remotely, using home IPs, routers, public WiFi, and VPN services.

Customers, too, access an organization’s information resources. An online shopper must access inventory, delivery services, demos, and the company website. Suppliers must be able to access operations, safety and payments.

The user base that must access company resources is wide and varied, and the number of access points is ever-growing. Each group of individuals requires a specific set of policies, which can be time-consuming to define and maintain. Considering the high pace of employee and customer turnover, security teams can quickly become overloaded.

Proliferation of Devices

Beyond the human factor lies the hardware. There is a huge variety of mobile devices and personal computers through which employees, customers, and suppliers communicate with a company’s systems. Bring your own device (BYOD) policies, IoT equipment, and the “always-on” mentality, leads to a proliferation of properties, requirements, and communication protocols that must be tracked and secured on an ongoing basis.

Related content: Learn more in our detailed guide to BYOD security

Exponential Growth of Applications

The number of devices is dwarfed by the number and variety of applications they run, some of which are sanctioned and required by the organization, and some of which may be unsafe or malicious. In today’s IT environment, many applications and services are cloud-based.

While the huge growth in applications and services boosts productivity, it poses yet another challenge for IT security teams, who must decide what to let in and what to lock out.

Applications may be shared with other agencies, vendors or third-party services. Communications platforms may be outward-facing and not limited to employees. Which departments use what applications? There is a need for clear policies that do not hinder productivity on one hand, but enable strict, consistent security controls.

Distributed Data and Services

Cloud-based environments are globally distributed and accessible from anywhere, which is both an upside and a downside. Companies are storing more sensitive resources, data, and applications in the cloud, and the old security model, in which company-controlled endpoints and corporate networks can be tightly secured, no longer holds.

With the gradual shift to edge computing, IT teams will also have to readapt from top-down centralized security infrastructures to decentralized trust models. Edge-based systems represent a major risk to the zero trust model, and must be treated as individual networks, with their own zero trust controls and policies.

Zero Trust for Virtualized Desktops with Hysolate

Hysolate splits a user’s device into two segregated zones, each running in its own OS, leveraging the latest hypervisor and virtualization-based security technologies. One OS is the user’s unmanaged/untrusted/personal OS and another is a trusted corporate OS running in a VM.

The corporate VM runs a fully locked-down operating system that can contain an inaccessible client certificate that vouches for the integrity of the VM. The ZTA broker would only allow that corporate VM running on Hysolate to have access to sensitive enterprise applications. The end-user would be unable to access these applications from any other untrusted environment/device.

With Hysolate, IT can isolate the corporate sensitive VM from the user’s “riskier productivity zone” OS, including detailed controls over clipboard, USB, network, applications and more. With this Zero Trust architecture in place, enterprises can really move to a secure-by-design architecture.

Learn more about Hysolate’s zero trust access solution

What is a Zero Trust Architecture (ZTA)?

A zero trust architecture is an approach to security that assumes that all systems, networks, and users are untrusted. It requires continuous authentication of devices, users, and applications.

A zero trust architecture is implemented using multiple, integrated technology solutions that support zero trust principles.

Here are some of the main principles of a zero trust architecture, according to the National Institute of Standards and Technology:

• All applications, infrastructure entities and data sources are defined as resources that need to be protected
• All communication, whether inside the corporate network or involving external networks, must be secured
• Users and services are authenticated and authorized before they access resources
• User and service activity is monitored and recorded
• Users are authorized to use services only for specific purposes, and access should be revoked when no longer needed

How Does a Zero Trust Architecture Work?

The National Cyber Security Center of Excellence recommends four main features of a zero trust architecture:

1. Identify—creates an inventory of systems, software, and other resources, classifies them, and sets baselines to allow for detecting anomalies.
2. Protect—authentication and authorization processing. Zero trust protection includes policy-based resource authentication and configuration, as well as software, firmware, and hardware integrity checks.
3. Detect—identifies anomalies and suspicious events, by continuously monitoring network activity to proactively detect potential threats.
4. Respond—once a threat is detected, handles threat containment and mitigation.

These capabilities are typically implemented by several IT and security solutions, which work together to create a zero trust environment.

Learn more in our detailed guide to the zero trust security model.

Zero Trust Architecture Workflow

With the above components, you can achieve the following workflow:

1. Users sign into corporate systems using multi factor authentication (MFA), verifying their identity over a secure channel.
2. User accounts are granted access only to the specific applications and network resources they actually need (least privileged access model)
3. User sessions are continuously monitored for unusual or malicious activity
4. When potential malicious activity is detected, threat response occurs in real time

The same workflow is applied to all users and resources in the organization, providing tight, granular control over access.

Related content: read our guide to zero trust network

3 Zero Trust Architecture Approaches

There are many ways to implement a zero trust architecture in an organization. Here are a few primary options, each of which places emphasis on different tenets of the zero trust model.

ZTA with Enhanced Identity Governance

This option makes the identity of the actor an important factor in policy making. You define the access conditions for each enterprise resource based on its identity and assigned attributes of the user or system accessing the resource. The main requirement is to give each user or system appropriate access to resources, without giving access to any unnecessary systems.

ZTA with Micro-Segmentation

This option implements zero trust by placing individuals or groups of resources on different network segments, with secure gateways between segments. Organizations can use network equipment like routers, switches, next-generation firewalls (NGFW), or software agents, to act as a policy enforcement point (PEP) that protects groups of resources.

ZTA with Software Defined Network Perimeters

This option leverages an overlay network, typically at layer 7 of the OSI model (the application layer), but may also be lower down in the network stack. This method is known as Software Defined Perimeter (SDP) because it usually leverages Software Defined Networking (SDN) technology, in which networks are managed using flexible, virtualized appliances.

4 Best Practices for Building a Zero Trust Architecture

Know your Architecture

When building a zero trust architecture, it is extremely important to map out your network topology and know your assets. You need to understand who are your users, what devices they are using, and which services and data they are accessing.

Pay special attention to components that use the network. Consider any network as hostile—whether it is your local network or an unsecured public network. Also take into account existing services that were not designed for a zero trust architecture, and may not be able to defend themselves.

Create a Strong Device Identity

Device identity is a cornerstone of a zero trust architecture. It is the basis for authentication, authorization, and other security mechanisms. It must be strong and unique.

The device identity must be:

Attached to the device rather than to the user. It should be possible to identify devices even if they are not connected to a network or are behind a NAT device.

• Verifiable by the network. A device should not be able to claim multiple identities or identities that do not belong to it.
• Persistent and remain unchanged even if the device is repurposed or replaced.
• Verifiable over time. It should be possible to check if a device is still in use or has been decommissioned.
• Verifiable across networks. The same device should be able to prove its identity when connecting from different networks, including public ones.

Create a Secure Communication Channel

Communication channels within a zero trust architecture must be secure and trusted. They need to protect against eavesdropping, replay attacks, message modification, and other threats.

The communication channel between any two devices needs to provide confidentiality, integrity, and authenticity of messages exchanged between them. It may also need to support non-repudiation for certain use cases.

Communication channels may also need to support:

• Protection against denial of service (DoS) attacks
• Authorization of user requests—for example, when a user attempts to access data they do not have permission for
• Authorization of devices—for example, when a client attempts to connect from an unauthorized device
• Time-controlled access based on time of day or location of the user

Use Network Segmentation

Any zero trust architecture relies heavily on network segmentation and security controls between network segments. These are used to protect sensitive data and services from unauthorized access.

Segmentation can be implemented using VLANs, firewalls, and other types of security controls such as IDS/IPS. It is important to implement these security controls in a way that protects your assets from both internal and external threats.

Zero Trust Architecture with Hysolate

Hysolate creates Zero Trust Architecture by splitting a user’s device into two segregated zones, each running in its own OS, leveraging the latest hypervisor and virtualization-based security technologies. One OS is the user’s untrusted Operating System, and another is an instantly-provisioned, totally isolated corporate Operating System running in a VM – this VM is spun up without any infrastructure cost/image building work, etc. The corporate VM runs a locked-down operating system and can contain an inaccessible client certificate that vouches for the integrity of the VM.

The ZTA broker would only allow that corporate VM running on Hysolate to have access to sensitive enterprise applications, making it impossible for the end-user to access these applications from any other untrusted environment/device.

IT admins can isolate this corporate VM from the user’s personal OS, including admin managed controls over clipboard, USB, network, applications, etc, all managed from the cloud.

Learn more about the Hysolate Zero Trust Enterprise Virtual Environment solution

What is a Zero Trust Network?

A zero trust network continuously authenticates and validates users and connected endpoints. The goal of zero trust security models is to ensure networks remain protected, while providing access to remote endpoints and users, including bring your own device (BYOD) endpoints and external-third party integrators.

A zero trust network lets all types of users leverage corporate resources, as long as these users and endpoints are continuously validated. According to Gartner, 60% of enterprises will replace their virtual private networks (VPNs) with ZTNA solutions.

To ensure safe access, a zero trust network uses zero trust network access (ZTNA) solutions. ZTNA solutions provide access controls that validate and authenticate users on a continuous basis.

What is ZTNA?

Zero trust network access (ZTNA) is a network security pattern that helps organizations implement zero trust concepts in their network ecosystem.

ZTNA is not a single technology. It encompasses a range of technologies for verifying a requesting user or device, and providing access according to predefined policies. ZTNA solutions create an environment that protects local cloud-based resources. Applications are assumed to be unknown and undiscoverable, and access is granted by a trusted broker.

The ZTNA trusted broker uses the following processes to authorize entities on the network:

• Login—when a user logs in, the broker verifies their identity.
• Device connection—shen a device connects to the network, the broker ensures the device is known, trusted, and has the relevant security updates.
• Least privilege—the broker restricts access according to the principle of least privilege (POLP). It grants access to users depending on their role, and only lets them access the resources necessary for their function, at the minimal level of privilege.

Related content: read our guide to zero trust security

Benefits of ZTNA

ZTNA solutions can provide the following benefits to organizations, as they adopt a zero trust security model.

Secure Cloud Access

Many organizations are running services in the public cloud, and research shows a majority of cloud users run on multiple cloud platforms. To reduce the attack surface, organizations need to limit access to these cloud-based resources.

ZTNA allows organizations to restrict access to cloud environments and applications based on their business needs. Each user and application can be assigned a role within the ZTNA solution. Each role is then granted the appropriate rights and privileges with respect to cloud-based infrastructure.

Secure Remote Access

In the wake of COVID-19, most organizations have moved largely or entirely to remote workforces. Many companies use virtual private networks (VPNs) to enable remote access. However, VPNs have significant limitations such as lack of scalability and integrated security.

A major problem with VPN is that by default, authenticated users gain full access to the entire network, regardless their role or the desired resource that is being accessed. This creates an inherent security vulnerability. ZTNA solutions recognize that users are connecting remotely or via their personal devices (BYOD), and gives them appropriate, limited access to the corporate network.

Protecting Against Account Compromise

Privileged account compromise is a common threat vector in modern networks. Attackers steal, infer, or otherwise compromise user account credentials, and then use them to authenticate on the organization’s systems. This grants the attacker the same level of access as a legitimate user.

Implementing ZTNA can address this threat, and minimize the damage that an attacker can inflict using a compromised account. The attacker’s ability to move laterally across the network is limited by the privileges assigned to the compromised user account.

Considerations for Choosing a Zero Trust Network Access Solution

Here are a few key considerations when selecting technologies that will make up your ZTNA solution:

• Agent vs. agentless—whether the solution requires an endpoint to be deployed on devices. Agents can significantly limit the solution’s value for devices that are not owned by the organization.
• Support for workloads—whether the solution supports web applications, legacy applications, containerized infrastructure, etc.
• Cloud based vs. on premises—whether the solution is delivered as a cloud service or deployed on premises. Cloud-based solutions are easier to deploy and provide better protection against DDoS due to their elastic scalability. However, on-premise solutions may provide more flexibility in some scenarios.
• Authentication—which protocols and standards the solution supports. It is important to make sure that the solution can integrate with the organization’s identity provider, such as Active Directory.
• Points of presence POPs)—for cloud based solutions, it is important to evaluate the solution’s global reach and whether it has PoPs in all the locations the organization operates or does business in.
• Unified Endpoint Management (UEM) integration—it is common for ZTNA solutions to work together with UEM platforms. It is important to evaluate whether the solution integrates with the UEM platform already used by the organization.

Zero Trust for Virtualized Desktops: Secure Remote Access with Hysolate Workspace

Hysolate achieves this new ZTA architecture by splitting a user’s device into two segregated zones, each running in its own OS, leveraging the latest hypervisor and virtualization-based security technologies.

One OS is the user’s unmanaged OS (where they can work freely) and another is an instantly-provisioned trusted corporate OS running in a VM – this VM is easily spun up without any infrastructure cost. The ZTA broker would only allow that corporate VM running on Hysolate to have access to sensitive enterprise applications. It’s impossible for the end-user to access these applications from any other untrusted environment/device. With Hysolate IT can isolate this corporate VM from the user’s personal OS, including fine-grained cloud-managed controls over clipboard, USB, network, applications, etc. With this architecture in place, the Zero Trust puzzle can now be complete and enterprises can really move to a secure-by-design architecture.

Learn more about Hysolate’s Zero Trust Isolated Workspace solution here.

What Will Zero Trust Security Mean for Your Organization?

What is Zero Trust Security?

Zero trust security helps organizations enforce policies and processes that authenticate, authorize, and continuously validate all users and devices. It is based on the notion that no user, device or application on the network should be trusted, even if it is within the organization’s security perimeter.

To implement zero trust security, organizations typically leverage a set of tools, including multi-factor authentication, granular access control, and endpoint security systems. Ideally, a zero-trust implementation should help organizations protect the network from advanced threats and improve compliance with standards like GDPR, FISMA, PCI, HIPAA, and CCPA.

Zero Trust Architecture Components

Zero trust is a comprehensive security model that can be used to secure the entire organization. At the heart of the model is data security. Data is an asset that is valuable to an attacker—this can include personally identifiable data (PII), protected health information (PHI), payment card information (PCI), or intellectual property (IP).

Beyond protecting data, zero trust security provides control measures for securing networks, workloads, and devices.

Zero Trust Data

The zero trust approach requires first protecting your data where it is stored, then setting up extra security layers.

Access to valuable data should be severely restricted, operating on the assumption that attackers can breach the security perimeter, leverage misconfigured controls, or compromise insider accounts. Control measures should be introduced to detect and respond to abnormal data access before a breach occurs.

Since data is the ultimate target of most attackers and insider threats, it is the heart of the zero trust framework. To protect data, companies must understand where sensitive data is located, how it can be accessed, and monitor data access to detect and respond to potential threats.

Zero Trust Networks

Under zero trust, attackers are assumed to have access to the network. Networks designed with a zero trust approach use technologies such as next-generation firewalls (NGFW) to segment, isolate, and limit access to the network, making it as difficult as possible for attackers to access sensitive data or critical systems.

Zero Trust Workloads

In a zero trust model, “workloads” are applications and backend software that are either directly used by customers or employees, or serve an important business function. Customer-facing applications or mission critical applications with known security vulnerabilities are a common attack vector. The organization must treat the entire stack, including storage, operating system, back end components like databases, and front end components, as vulnerable. Each layer of the stack must be protected with zero trust controls.

Zero Trust Devices

With the advent of the Internet of Things, there are many devices that may have access to company systems, including smartphones, sensors, smart building systems, connected cars, and smart consumer devices. Each of these connected devices represents an entry point that an attacker can use to break into the network. In a zero trust model, the security team must be able to isolate, protect and control all devices on your network, whether company owned or not.

How to Implement Zero Trust Security

Zero trust is a major shift for most organizations, compared to traditional security approaches. Here are three ways to start implementing a zero trust model in your organization.

Evaluate and Bolster Security Tools

In most cases, traditional network security tools are not compliant with the end-to-end zero trust architecture model.

Perform a security assessment of your security tools, and where you discover gaps, identify tools or technologies that can add another layer of protection. Fortunately, modern security tools integrate with each other and can share data to help cover for each other’s shortcomings.

Examples of tools commonly used to meet the requirements of the zero trust framework:

• Network micro-segmentation
• Single sign-on (SSO) for all applications and data
• Multi factor authentication (MFA)
• Advanced threat protection tools including endpoint protection platforms (EPP), endpoint detection and response (EDR), and eXtended detection and response (XDR)

Define and Apply Zero Trust Policies

Once you have the right tools in place, create a zero trust policy that will guide you when configuring and managing the tools. A zero trust policy is a strict set of rules that allow access to resources only when absolutely necessary. 

Your policy should be highly detailed, describing exactly: 

• When and which users can access data and services
• When and which devices and workloads can data and services
• Which network segments are allowed to access other segments

The general process is to define these policies at an abstract level, and then configure each security tool in line with the policies. Zero trust security platforms are emerging that will allow organizations to define these policies centrally, and automatically apply them to the entire ecosystem of security tools.

Monitor and Alert

A critical part of zero trust is thorough monitoring and effective alerting technology: 

• Monitoring tools must give security personnel insight into whether the security policy is effective, and where there are gaps in the zero trust framework
• Alerting tools must capture malicious activity when it actually occurs, and escalate it to the appropriate staff for immediate action

It’s important to remember that even with a zero trust framework, nothing is completely safe. Security teams must be keenly aware of what is happening in the environment. When security incidents occur, they must perform root cause analysis, to identify and repair flaws in existing security mechanisms.

Zero Trust Implementation Example: BeyondCorp

BeyondCorp is a cybersecurity architecture developed at Google that shifts access control from the traditional network perimeter to individual devices and users. The goal is to enable users to securely work anytime, anywhere and on any device without having to use a virtual private network, or VPN, to access an organization’s resources.

The two most important tenets of BeyondCorp are:

Controlling access to the network and applications: In BeyondCorp, all decisions about whether to give a person or device access to a network are made through an access control engine. This engine sits in front of every network request and applies rules and access policies based on the context of each request – such as user identity, device information, and location – and the amount of sensitive data in an application. It provides organizations with an automated, scalable way to verify a user’s identity, confirm they’re an authorized user, and apply rules and access policies. However, access control alone is not enough to ensure effective security.

Visibility: Once a user has access to an organization’s network or applications, the organization must continually view and inspect all traffic to identify any unauthorized activity or malicious content. Otherwise, an attacker can easily move around within the network and take whatever data they want without anyone knowing.

Automation—user identity verification and authorization are automated and scalable. Rules and access policies are defined in one place and propagated to the entire network.

BeyondCorp provides a foundation to build a Zero Trust implementation. Inspection and logging of all traffic plays an important role to establish Zero Trust, because one should not presume all traffic from an endpoint is trustworthy or safe for data. For this reason, organizations implementing BeyondCorp should also consider implementing Zero Trust principles to further reduce risk.

Learn more about BeyondCorp and get Google collaterals that can help you implement it in your organization.

Zero Trust for Virtualized Desktops with Hysolate

Hysolate splits a user’s device into two segregated zones, each running in its own OS, leveraging the latest hypervisor and virtualization-based security technologies. One OS is the user’s unmanaged/untrusted/personal OS and another is a trusted corporate OS running in a VM. 

The corporate VM runs a fully locked-down operating system that can contain an inaccessible client certificate that vouches for the integrity of the VM. The ZTA broker would only allow that corporate VM running on Hysolate to have access to sensitive enterprise applications. The end-user would be unable to access these applications from any other untrusted environment/device.

With Hysolate, IT can isolate the corporate VM from the user’s personal OS, including detailed controls over clipboard, USB, network, applications and more. With this Zero Trust architecture in place, enterprises can really move to a secure-by-design architecture.

Learn more about Hysolate’s Zero Trust Isolated Workspace solution here.