SANS GOvernment Cybersecurity Solutions Focus Report

John Pescatore and Terry Allan Hicks

Zero trust is the concept of denying by default. Access is continiously evaluated across users and devices. It is the reversal of the idea of once you are in a system, you are in. Zero Trust is sold as a solution by various vendors like ThreatLocker and Microsoft. The implementations exist on a scale of prepackaged (threatlocker) to do it yourself (Microsoft).

Zero trust needs to be the capstone to your security organization's posture. If the basics of a security posture are not in place, those need to be addressed before you go on to implement zero trust. These include, asset inventory, configuration managament, priv. management, network monitoring, log analysis/management, real-time visibility, and monitoring.

Zero trust requires the restricting of certain actions down to the bare necessity, so if it is applied without the prerequisites mentioned before there will be method to see if the restrictions are breaking essential job functions or working as planned.

Another staggering fact from this article is that the DoD remote workforce went from 90k to 1.2 million in 10 weeks. Thats insane.