My key takeaways
- the concept of pure perimeter security (inside is good, outside is evil) is outdated
- What is zero trust
- invented 2010 by John Kindervag
- not automatically trust and grant access to a known user, device, account… but check if priviledged
- To implement a zero trust concept a lot of components and different software can be used. But in a broad scenario it increases the probability of a miss due to the increasing complexity
- Compromised credentials are used in 80% of all breaches
- EDR are good in detecting malware and attack tools but not the anormal use of valid credentials
- Detecting anomalies in the behaviour of users or systems offers a good chance of detecting an attacker
- e.g. on a computer which is usually only used by a dedicated user, another user is logging in
- may be valid, may be an indicator of compromise => send MFA request to this user to verify validity
- e.g. on a computer which is usually only used by a dedicated user, another user is logging in