CISO Perspectives: Enhance Network Security With ZTNA to Thwart Shifting Attack Tactics

Throughout 2023, global news headlines underscored the breadth of organizational vulnerability to escalating cyberattacks and expensive breaches. As threat actors become more aggressive, CISOs must continuously reevaluate defense strategies and bolster network architecture with comprehensive Zero Trust Network Access (ZTNA) and other solutions that change the way organizations defend themselves: solutions that cloak infrastructure, increase fidelity of access, and flex and adapt to meet the changing needs of business.

The Threat Actor Shift to Infrastructure Targets

When I served as CISO for the FBI, my top priorities included staying ahead of cyberattack trends and quickly identifying possible vulnerabilities in our defenses. Here at Appgate I lead the Threat Advisory Services team focused on similar priorities for our customers. One trend we’ve been tracking is that hackers are shifting away from targeting endpoints and toward exposed infrastructure components. This shift is driven by several factors:

• Expanding attack surface: Internet-facing infrastructure components present a vast attack surface that is rapidly growing. Driven by consumer demand for more capabilities; business demand for functionality that mirrors consumer apps; and the cumulative need for ever-better tech and speed means we don’t have an opportunity to retire or update the old before adding new. And it’s all exacerbated by the adoption of leased capabilities (e.g., SaaS) that also changes the attack surface and takes it out of an organization’s control.

• Exposed vulnerabilities: A correlating but somewhat distinct aspect that impacts the attack surface is exposed vulnerabilities. Each Patch Tuesday, each major update, every CISA alert and advisory adds to a CISO’s reduce risk “to do” list. Vulnerabilities require patching, patching requires testing, testing requires time and people. Sometimes patching servers and other non-end user devices lags because they are very complex. Included on the list of potential targets is some of the organization’s most critical business systems such as procurement, web presence, interactions with customers, vendors and staff.

• Efficiency and cost-effectiveness: Adversaries target infrastructure because it’s a faster and easier way in than phishing. Yes, phishing and credential theft still rank as top attack vectors, but critical infrastructure-based attacks are on the rise. And the reason is clear. All those vulnerabilities in internet-facing systems make an easy path to follow, and attackers can efficiently and cost-effectively bypass user and email defenses and move straight to data compromise. If unpatched devices support systems that are visible on the internet, they can become a prime attack focus that can be even more easily exploited than end users.

Rethinking network architecture

There is an effective response to this evolving threat landscape ... a Zero Trust network architecture that can shield your infrastructure from the internet and eliminate some of the urgency associated with patching and updates. By moving to Zero Trust security, you are adjusting to the new perimeter which is wherever someone is working. It’s not enough to run security at the network edge because the edge has moved. And traditional network edge security components like VPNs, firewalls and gateways are difficult to maintain, laden with vulnerabilities and, just like other IT and security stack components, inadvertently expand the attack surface. Comprehensive Zero Trust Network Access solves these complexities created by dispersed infrastructures, obsolete security solutions, and scattered users and devices that need secure access an organization’s networks whether they are in-office or remote.

ZTNA: A strategic solution

ZTNA aligns with the evolving Zero Trust cybersecurity principle of least privilege and can significantly enhance network security in several ways:

1. Identity verification
   ZTNA begins by rigorously verifying the identity of users and devices attempting to access the network, regardless of their location. Multi-factor authentication (MFA) and user/device profiling ensure that only authorized entities gain entry.
2. Granular access controls
   Once identity is verified, ZTNA enforces granular access controls based on user roles and permissions. Access is determined by evaluating the specific resources or services the user is attempting to access.
3. Cloaking
   Adding cloaking capabilities enhances the Zero Trust Network Access model because even authorized users can’t see assets they aren’t permitted to see. This means that if they are compromised, threat actors can’t scan for additional systems to move laterally, because those systems are cloaked and the infrastructure itself is invisible.
4. Microsegmentation
   Microsegmentation breaks the network into zones that link precise security policies to each application workload. ZTNA can extend traditional data center segmentation all the way to the source or requestor. Access is based on least privilege; entities only have access to the data, resources and applications needed to complete a required task. Microsegmentation grants authorized user and device access to only what is allowed and blocks (cloaks) everything else.
5. Secure concurrent access
   Encrypted multi-tunneling technology built into ZTNA allows simultaneous and direct connections (mTLS tunnels) from users to every location and resource they are allowed to access across multiple on-premises sites and/or multi-cloud environments. These tunnels protect data in transit against eavesdropping and interception.
6. Continuous monitoring
   ZTNA enables monitoring of user behavior and network traffic for anomalies. By integrating with SIEM and SOAR systems, including user behavior analytics, organizations can alert on suspicious activity and automate response to prevent unauthorized access to exposed infrastructure.
7. Dynamic policies
   Even beyond incident response, ZTNA allows for dynamic policy enforcement, adapting access permissions in real-time based on changing conditions. This flexibility ensures that access remains restricted, even as network configurations evolve.
8. User-based control
   ZTNA enhances MFA by combining identity with the device, need to know, protections and other elements, as an organization allows. ZTNA enables user access aligned to their risk posture based on their attributes, that can then detect changes and make real-time access modifications.

Building greatly improved network architecture with ZTNA is a proactive security response to shifting threat actor tactics that can deliver true reductions in operational costs and complexity and set organizations up for long-term success. To reach Zero Trust objectives, start by examining critical functions considering the network design to find redundancy, areas of complexity and opportunities for improvement. Incorporating ZTNA can minimize the attack surface and eliminate over-privileged user access.

By incorporating universal ZTNA solutions like industry-leading Appgate SDP into their security strategies, CISOs can fortify their organization's defenses, ensuring that only authenticated and authorized users and devices access critical infrastructure components, while continuously monitoring and adapting to emerging threats. Ultimately, the right ZTNA solution will set CISOs up to meet evolving cybersecurity and operational challenges of 2024 and beyond.

Additional ZTNA resources

Guide: The Difference Between Cloud-routed vs. Direct-routed ZTNA
5-Step Guide eBook to Simplify VPN to ZTNA Migration
Solution brief: About Direct-routed, Universal Appgate SDP ZTNA