Cyber SecuritySecurity Culture

Machine Learning for Zero Trust – How Can It Be Done?

Zero trust is the security way forward. If you have been aware of the cybersecurity industry, then you know that this term has been around for quite some time now.

Zero trust essentially means that setting external perimeters to keep the external threats at bay is just not enough anymore. The zero trust policy assumes that threats exist internally as well as externally, and anybody who needs access in a corporate ecosystem has to be validated— “always verify, never trust”. And this is a valid way of looking at security, the Verizon 2019 Data Breach Investigations Report[1], states that insiders were responsible for 34% of all data breaches. These are not just numbers that can be brushed aside. These are people within an organization. With or without their knowledge, they might contribute to you making the front-page headline for all the wrong reasons.

Previously we have explained this concept in detail. Read zero trust policy – always question before you allow[2], to understand it better.

Another term that has taken over this generation is machine learning—along with other cognitive technologies. In this read, we’ll talk about how these two—zero trust and machine learning go hand in hand in enabling businesses with effective cybersecurity.

Modern problems require modern zero trust solutions

The threat landscape has vastly changed over the years, that is why the earlier security methods such as castle and moat simply do not cut it anymore. You can’t hide behind your firewalls, and the likes of such tools—vigilance at every instance for every access is the necessity.

With the advent of cloud, multiple devices, remote work, an ever-increasing amount of data, and not to forget the human factor, which is habituated to err, the complications of threat keep on piling.

Take the example of the data breach at Desjardins[3], although unfortunate, it is a classic case of an employee misusing privileged account and costing them $53 million.

If you are still reluctant about imbibing zero trust model, ask yourself these questions:

How certain are you that your cloud applications are safeguarded with stringent regulations and are invincible? If you are, how certain are you that those who have access to it are not oversharing information on cloud?

Are you sure all your employees are following the best practices with their passwords? They don’t write it down anywhere or don’t repeat their passwords on personal as well as business accounts?

How sure are you that shadow IT[4] hasn’t allowed several critical applications to your users?

Can you bet that there are absolutely no orphan accounts, no accounts openly left for hackers to take over?

Do you know if any of your employees have the intention of sending across crucial information like Personally Identifiable Information (PII) [5] to the outside world?

How certain are you that your employees haven’t accidentally clicked on a phishing email?

Most importantly, are your privileged accounts secure? These accounts have access to sensitive information. They surely can’t be compromised, but are you certain they aren’t already compromised?

Cybersecurity is indeed tricky. Zero trust requires you to question every access within your organization—this can be met with a lot of apprehensions from employees — especially the ones who have been with you long term. To learn how you can manage this apprehension, read our blog, zero trust policy – the people perspective[6].

Another struggle in organizations is managing data. There is an abundant amount of data produced and stored in companies every day, and it is crucial to know how it is handled. There is company data, and financial data about various transactions with employees, customers, vendors, third parties, and supply chain companies. Then there is customer data, which is crucial information at your hands and data that is used for marketing and sales purposes. Lastly, there is data about the accesses in your organization.

This wide array of data could also be personally identifiable information about people, be it customers or employees, most of which is sensitive.

Yet, what this tells us there is a lot of data that has to be protected, of course. But it is also an opportunity to use data for security.

This combination of zero trust, data, and enabling your employees’ productivity because of zero trust and not despite it, is where machine learning comes into the picture.

Machine learning for zero trust, smarter security

If zero trust requires verifying accesses at every step, then machine learning aids smoother, more intelligent continuous authentication[7] of these accesses. While zero trust requires you to monitor all the traffic, make silos of accesses, and ensure no access has been compromised internally or externally, machine learning can monitor this with ease—negating human error.

Zero trust security monitoring with machine learning:

You must monitor incoming and outgoing traffic throughout the organization. This monitoring must happen at every interaction checkpoint. The way an application is accessed, the number of times passwords were entered wrong, the way an application was used, and most importantly, who used it. These answers must be with you when you talk about zero trust. But studies[8] have revealed that organizations spend about 21,000 hours chasing after false data or security alerts, which costs them $1.3 million every year. Machine learning can save you cost and time, as it can read data at a much faster rate. Only those instances which are truly problematic can come to your IT.
Moreover, machine learning allocates risk scores for every access based on the type of access, the user who has requested access, and the application requested. The higher the risk score, the higher are the actions needed to solve the issue. Such a risk engine[9] can minimize IT labor and maximize productivity.

Security at all times, not just 9 to 5

Machine learning can continually read your data at all times. For example, if any of your employees who usually accesses a business application at 10 AM, accesses it at 2 AM, instead, machine learning catches this anomaly. Zero trust defines, who has access to what, and nothing beyond this rule is allowed. This means only the people who are authorized to access an application must indeed be allowed to access it. But, how do you ensure the person is who he/she claims to be? This is why behavior analytics is crucial. Knowing your employees’ habitual information, location, IP address, and device are necessary parameters to recognize them. Cognitive technologies can be trained to understand what is normal, and every action is measured against it. Any abnormality is quickly identified, either the access is elevated with more authentication requirements or blocked altogether.

Your employees need not be prompted to enter an OTP every time

Some of your employees may not have a streamlined access habit like others. Their location might keep changing constantly, they may use multiple devices and might have to use applications at unusual hours. Imagine being prompted to wait for an OTP on your phone every time you need access to an application from a new location when your job requires you to travel to multiple locations. Machine learning, as the name goes, learns the behavior of such employees and adapts to them rather than causing them a headache. While the zero trust model is made to increase security, it has to be carried out in a way that does not intrude on organizational productivity.

Be more proactive than reactive

We all tend to go about the philosophy of learning from other’s mistakes. In cyberspace, this approach does no good. Surely you can up your security game by learning from the company which got hacked, but how is that enough? Cybercrime is evolving. You must evolve with it. As machine learning continuously reads your traffic, it can detect anomalies in real-time. This means, as and when a hacker tries to break into your system or launches bots at your traffic, it can be identified by machine learning, and once notified, quick actions can be taken. Or even if a phishing email is sent to your employees, you can recognize it and remove it from your network in no time. This enables you to stop an attack before it even happens.

Cybersecurity becomes a continuous process rather than a scheduled initiative when you combine the philosophy of zero trust with machine learning. Security measures must enable you to be productive and not cause intrusion. Zero trust policy can transform your business, do it the right way, with the right tools, and not only secure your organization but also make it efficient.


  1. https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf 06/25/2020
  2. https://www.ilantus.com/blog/zero-trust-policy-always-question-before-you-allow/ 06/25/2020
  3. https://www.ilantus.com/blog/data-breach-at-desjardin-what-couldve-been-done/ 06/25/2020
  4. https://www.webopedia.com/TERM/S/shadow-it.html 06/25/2020
  5. https://www.ilantus.com/blog/what-is-personally-identifiable-information-pii/ 06/25/2020
  6. https://www.ilantus.com/blog/what-is-zero-trust-policy/ 06/25/2020
  7. https://www.ilantus.com/blog/continuous-authentication-the-future-of-authentication/ 06/25/2020
  8. https://www2.deloitte.com/us/en/insights/industry/public-sector/addressing-cybersecurity-talent-shortage.html 06/25/2020
  9. https://www.ilantus.com/blog/dont-risk-it-heres-why-your-business-needs-an-identity-risk-engine/ 06/25/2020
Latest posts by Binod Singh (see all)
Show More
Back to top button
X

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.