Our new Biannual ICS Risk & Vulnerability Report is the most up-to-date look at CVEs disclosed in OT devices.
Check it out!
The Time for Zero Trust Adoption is Now, and Secure Remote Access is Essential
By The Claroty Team | June 16, 2021
The Zero Trust cybersecurity model has steadily gained traction as a cybersecurity model over the past two decades. Also known as perimeterless security, Zero Trust architecture emerged as an alternative to the perimeter-based security model, which was quickly rendered outdated as digital transformation and remote access were widely adopted across virtually all sectors. And while Zero Trust originally pertained mainly to IT assets, the rapid digitization of operational technology (OT), medical devices, and other cyber-physical systems have made Zero Trust a fundamental best practice for securing the Extended Internet of Things (XIoT).
In a nutshell, Zero Trust seeks to ensure that any given user has a legitimate reason to be doing whatever they’re doing. By requiring all users to be continuously authenticated, authorized, and validated, properly implemented Zero Trust architecture prevents adversaries from gaining carte-blanche access to a victim’s network from a single point of entry.
In this blog, we’ll take a look at why Zero Trust architecture is more critical than ever and highlight why securing remote access to your network is a critical component of its implementation.
A heavy push for Zero Trust from the U.S. private sector
While these directives pertain specifically to U.S. federal government agencies, the urgency by which these directives have been laid out should be seen as a bellwether of Zero Trust’s widespread adoption as a universal standard for protecting data, assets, and operations.
The risk introduced by digital transformation
The 2013 cyber attack against Target, which resulted in a $18.5 million settlement after 40 million credit and debit records were compromised, served as an early, high-profile example of what can happen when internal privileges and remote connections are not properly managed and secured. The adversaries behind the attack gained access to the targeted data using stolen credentials to exploit the external remote-access privileges of a third-party HVAC vendor.
As another example, consider Claroty Global Head of Business Development Mor Bikovsky’s anecdote of a major consumer goods brand that experienced a security breach at its flagship production site, which involved the use of WannaCry ransomware. The attackers gained access to the network via a vulnerable break-room vending machine that was not properly segmented from the rest of the network. Claroty quickly sprung into action, working with the potential customer to isolate the affected assets with zero downtime. But the main takeaway here is that adversaries should not be able to access critical systems—such as credit card databases or major production facilities—through completely unrelated attack vectors, such as HVAC systems or vending machines.
While the rise of the XIoT delivers many performance advantages for organizations across virtually every sector, the intensified interconnectivity it brings can facilitate the types of attacks described above if not properly managed. Consider the 2022 report finding that 53% of connected medical devices and other IoT devices in hospitals have a known critical vulnerability. Typically, these devices are not within the purview of the security team and are not monitored for weak passwords or default credentials, and without proper Zero Trust implementation in place, they can enable cyber attacks to spread like wildfire within a network.
How Claroty enables Zero Trust adoption with Secure Remote Access (SRA)
As organizations continue to build towards a future that is increasingly distributed, Claroty Secure Remote Access (SRA) offers capabilities needed to implement Zero Trust controls and least-privilege principles. In doing so, Claroty empowers organizations to identify connected devices, enforce granular user access controls, and be alerted to non-trusted communications and behavior across the network.
Claroty SRA helps support Zero Trust principles in today’s distributed work environment in a number of ways, including but not limited to:
Role- and policy-based access
You need the ability to define and enforce extremely granular access controls for industrial assets at multiple levels and geographic locations, down to enabling access for a specific user to a specific asset to perform a specific task during a set time window. With a few clicks, SRA allows you to streamline user workflows while shielding critical functionalities from unnecessary access.
Monitor, prevent and audit access
Visibility and control over third-party and employee access before, during, and after a remote session takes place is essential for investigation and response to malicious activity. SRA includes the ability to observe activity in real time and terminate the session if needed, as well as view recordings in retrospect for auditing and forensic purposes.
Instead of relying on third parties for password hygiene, many of whom share passwords among multiple individuals, you need the ability to centrally manage user credentials. SRA provides password vaulting and offers multiple options for multi-factor authentication.
Secure workflows and processes
SRA leverages a single, highly secure encrypted tunnel for intra-facility communications. This greatly simplifies network firewall configurations, and is consistent with segmentation best practices, for example as required in the Purdue Model. And when the nature of the work involves installing a new file, such as for asset maintenance, SRA ensures file integrity by providing secure file transfer capabilities.
Remote incident management
When SRA is integrated with Claroty Continuous Threat Detection, you receive alerts when users engage in unauthorized or unusual activities while connected to the network remotely. You gain details and visibility to monitor, investigate, and respond to incidents so you can prevent, contain, and/or remediate any damage.