The Zero Trust Model, a conviction where by both internal and external entities can never be trusted, is a mature security principle seen in cyber security as Nirvana which has become quite relevant nowadays largely due to cloud computing.
Many security products try to implement a Zero Trust Model on cloud workloads via application whitelists/blacklists or through an approved point-in-time workload baseline. Regrettably, none of these tactics provide zero trust leading to wasted opportunities. As a matter of fact, a major unrecognized security threat that many organizations face in their environment is a trusted workload being compromised. The flaw of these tactics come down to the fact that underlying components of the workload, i.e. OS components, or existing binaries are trusted by default. For example, if a Workload was compromised by a vulnerability, the first action an attacker will take is to try and access operating system components such as administration utilities, i.e. powershell.exe, to do their nefarious business. If powershell.exe is trusted to execute without restriction, there is no chance of preventing an attack. We see this today in many of today’s popular file-less attacks such as Petya and WannaCry, ransomware malcode that manipulate existing files that live on the system to create a devastating effect as part of their attack.
Symantec Cloud Workload Protection (CWP) is the evolution of the proven and mature Data Center Security: Server Advanced product built in the cloud, for the cloud. Unlike whitelisting or approved baselines tactics, which are in no way substitute techniques to place zero reliance on trust when it comes to workload security, CWP provides policy-based controls that enforce Least Privilege Access Control (LPAC) with a low impact agent to monitor and protect hybrid and cloud environments existing in both AWS and Azure.
In CWP’s workload segmentation model every application, service, daemon or kernel process is encapsulated. Inside each capsule, LPAC works intelligently to only allow exactly the right access to relevant resources on a workload. The workload actions are never fully trusted - although allowed to perform its desired functions - and isolated from the underlying system and running processes. This is critical because there is often a large “gap” between the resources and privileges requested by a workload and those resources and privileges it actually needs to execute correctly and safely. This “gap” is what hackers and cyber criminals look to exploit.
The LPAC approach is almost the direct opposite to of traditional methods. It creates a condition where no trust is granted to any user, application, service or operating system component if that element starts to behave suspiciously. In this way, policies can be simply applied to a workload to make it impenetrable to insider or external attack without having to intently look at which application is running, baseline the workload or learn what applications are in use day to day.
This approach is looked upon favorably by Compliance and Risk analysts and Auditors alike. The LPAC approach even allows for removal of full administrator or root privileges from DevOps staff, thereby reducing the threats from insider attack or from well-meaning “misconfiguration” of the workload.