Zero Trust Flashcards
What are the foundational pillars of the Zero Trust model? (6)
- Identities,
- Devices,
- Applications,
- Data,
- Infrastructure,
- Networks
These elements work together to provide end-to-end security.
What must be verified when an identity attempts to access a resource in the Zero Trust model?
Strong authentication and least privilege access principles
Identities can be users, services, or devices.
Why is monitoring devices important in the Zero Trust model?
To ensure health and compliance
Devices create a large attack surface for security threats.
Applications in Zero Trust
the way that data is consumed.
Includes discovering all applications being used, sometimes called Shadow IT because not all applications are managed centrally.
This pillar also includes managing permissions and access.
How should data be handled according to the Zero Trust model?
Classified, labeled, and encrypted based on its attributes
Protecting data is a primary focus of security efforts, ensuring it remains safe when it leaves devices, applications, infrastructure, and networks that the organization controls.
What does infrastructure represent in the Zero Trust model?
A threat vector
This includes both on-premises and cloud-based infrastructure.
What assessments should be made to improve infrastructure security?
Version, configuration, and JIT access and use telemetry is used to detect attacks and anomalies.
This allows you to automatically block or flag risky behavior and take protective actions.
What security measures should be employed for networks in the Zero Trust model?
Segmented networks, real-time threat protection, end-to-end encryption, monitoring, and analytics
This includes deeper in-network micro segmentation.
Fill in the blank: In the Zero Trust model, _______ are the way data is consumed.
Applications
Managing permissions and access to applications is also crucial.
What are the 3 principles behind Zero Trust?
- Verify explicitly
- Assume breach
- Least-privileged access
Describe ID component in Zero Trust
An identity in the Zero Trust approach is defined as users, services, and the credentials used by applications, and Internet of Things (IoT) devices.
In the Zero Trust approach, identities control and administer access to critical data and resources.
This means that when an identity attempts to access a resource, organizations must verify it through strong authentication methods, ensure access is compliant and typical for that identity, and enforce least privilege access principles.
Describe endpoint component in Zero Trust
An endpoint is any device that connects to your network whether in the cloud, on-premises, or remotely.
They include devices issued by the organization, IoT devices, smartphones, BYODs, and partner and guest devices.
In the Zero Trust approach, the security policies are enforced uniformly across all endpoints. This is because when an identity is granted access to a resource, data can stream across different endpoints. If the endpoints aren’t secure, this can create a huge risk.
Describe application component in Zero Trust
Applications are productivity tools through which users access their data.
Knowing how these apps and their application programming interfaces work is essential to understanding, managing, and controlling the flow of data.
All apps used across your digital estate should be given tightly controlled in-app permissions and be monitored for abnormal behavior.
Describe network component in Zero Trust
Networks represent the means to access our data.
Using network access controls and monitoring user and device behavior in real time can provide insights and visibility into threats and help cybercriminals to move laterally across your network.
Network segmentation, using threat detection and prevention tools, and encrypting network traffic will reduce the likelihood of an attack and mitigate the fallout from a breach.
Describe infrastructure component in Zero Trust
Your infrastructure covers every aspect of the digital domain, from on-premises servers to cloud-based virtual machines.
The main focus and consideration for infrastructure is to manage the configuration and keep software updated.
A robust configuration management approach will ensure that all deployed devices meet the minimum security and policy requirements.
Describe data component in Zero Trust
Understanding your data and then applying the correct level of access control is essential if you want to protect it.
But it goes further than that. By limiting access, and by implementing strong data usage policies, and using real-time monitoring, you can restrict or block sharing of sensitive data and files.
The company needs to evaluate the session risk before a user accesses M365 resources
What’s the primary component of the zero trust model that needs to be configured?
Identities
Identity based protection relies on the user risk and session risk
The company needs to resolve the concern of improving security through the assessement of version and configurations
What’s the primary component of the zero trust model that needs to be configured?
Infrastructure
The company needs to implement the principle of assume breach
What’s the primary component of the zero trust model that needs to be configured?
Network segmentation
