In 1987 at the INF (Intermediate-Range Nuclear Forces) Treaty, President Ronald Reagan used the phrase ‘trust but verify’ when discussing relations between the United States and the Soviet Union. Translated from an old Russian phrase used by Vladimir Lenin and Joseph Stalin, “Doveryai, No Proveryai” is the idea that a responsible person verifies everything before committing themselves to business, even if it’s with a trusted individual.
This was to become one of President Reagan’s greatest quotes, applied to cybersecurity and many other circumstances for almost four decades. In 2021, this concept was modernized as the US federal government and the cybersecurity industry pivoted toward a new security framework: Zero Trust.
What is Zero Trust?
Much like Russia’s “Doveryai No Proveryai”, Zero Trust is the belief that trust can be exploited, so security frameworks should assume that every single attempt to access the network is a threat until confirmed otherwise. This means that understanding who every user is and what endpoint they’re coming from, even if they’re inside the firewall, is imperative to an organization’s cybersecurity posture. To prevent network infiltration and data exfiltration, Zero Trust draws on advanced threat intelligence to verify each user.
Verification through threat intelligence
Threat intelligence helps to determine whether a threat is viable and other pertinent information that is critical in protecting networks and data. A simple example would be verifying an individual entering a country with a passport. Is the passport valid? Is this person a threat to national security? What information determines if this person is a potential threat or not?
Verification can be used in various forms to determine the trustworthiness of an individual, such as biometrics, visual identification, and IDs. Zero Trust intelligence uses practices like multi-factor authentication, IAM, orchestration, analytics, encryption, scoring, and file system permissions to verify each user.
How to implement Zero Trust
Today’s cyber environment is extremely challenging. Cyber threats are increasing and evolving on a dramatic scale, much of the workforce has adopted hybrid working, and the skills gap, tightened budgets, and compliance maintenance are prevalent problems. With Centripetal’s advanced threat intelligence service, CleanINTERNET, our team performs in-depth threat analysis and shielding on your business’ behalf, delivering comprehensive, relevant threat findings directly to your team. This creates a Zero Trust environment within your network, alleviating the burden of implementation and maintenance from your security teams, as well as saving your business millions of dollars on separate threat feeds.
This article was updated March 2022.