Discussions around Zero Trust has grown in recent years in response to the increased cyberattacks and questions by leadership around the effectiveness of current security measures and solutions.
The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context, and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the surface area for attack.
Sophos’ research, “Windows Services Lay the Groundwork for a Midas Ransomware Attack” reveals how attackers were able to spend nearly two months undetected in a target’s environment, taking advantage of limited access controls and network and application segregation, which would have been better protected with ZTNA.
The attackers further leveraged no-longer-used “ghost” remote access tools to move laterally, target and compromise other machines, create new accounts, install back doors, and exfiltrate data, before releasing the Midas ransomware.
Joe Levy, chief technology and product officer at Sophos, acknowledges that people, applications, devices, and data aren’t constrained to offices anymore – they’re everywhere, and we need more modern ways to secure them.
“Zero trust is a very effective cybersecurity principle, and ZTNA embodies it in a practical, easy to use way, ensuring that users have secure access to only the resources that they need,” he continued.
Sophos tightens integration
Sophos unveiled Sophos ZTNA, a zero-trust network access (ZTNA) offering that integrates with Sophos Intercept X to provide advanced endpoint protection and zero-trust network access with a single agent.
Sophos ZTNA introduces a transparent and scalable security model for connecting users and devices to applications and data, improving, and simplifying protection against ransomware and other advanced cybersecurity threats.
According to the company by integrating with other Sophos products, Sophos ZTNA removes the complexities of managing multiple vendor products and agents and provides end-to-end protection for endpoints, users, their identities, and the applications and networks that they connect to.
“Many traditional remote access solutions, like remote desktops and IPsec and SSL-VPN, provide strong encryption, but very little else in defence against modern threats. We see attackers increasingly exploiting these limitations, stuffing credentials into RDP and VPNs to gain access to victim networks, and then moving freely once inside, all too often culminating in costly data theft and ransomware incidents,” explained Levy.
As part of the Sophos Adaptive Cybersecurity Ecosystem, Sophos ZTNA shares real-time threat intelligence with other solutions and automatically responds to threats. Working together, the solutions can better identify active threats and assess device health, so compromised and non-compliant devices can be quickly isolated.
IDC research director for network security products, Christopher Rodriguez says the future of work will be hybrid, making it imperative that organisations are able to protect remote workers, remote data and remote applications.
“By integrating ZTNA with endpoint protection, Sophos ZTNA enables risk-appropriate access to resources from any device, at any time and from any location. Trust is a key factor in business today – one that requires critical security controls to protect against business-impacting events, such as ransomware and data compromise,” he opined.