In the 12th Century, Mongols successfully raided walled cities, one after the other, leading to demise of walled-city architecture for protection. In our modern 21st century, the classic “moat and castle” network design is going through a similar phase as the high-trust flat network with high-cost and less-scalable tunnel “VPN”, no longer provides a trusted expansion of the network in today’s remote world.
Today’s attackers see this vulnerability with the traditional VPN model, as VPN alone does not have limiting controls if compromised. This risk is increased with attackers shifting towards identity attacks using credential stuffing versus brute force attacks. This is all due to how easily and cheaply it is to purchase compromised credentials on the dark web.
This attack vector exploitation has been further accelerated due to:
- An increase in cloud adoption and usage of SaaS across organizations.
- Enterprise applications (e.g., O365, ERP and other systems) getting transitioned to the cloud, does not allow the usual approach of having a Demilitarized Zone (DMZ) protecting internal networks from untrusted traffic.
So, how do we protect against this changing enterprise application landscape? Organizations across the world need to lead the adoption of Zero Trust Architecture (ZTA) for cybersecurity, as their first principal of implementation. ZTA is scalable and has a cloud-native foundation as its approach assumes an attacker is already in the network.
This article originally published in Security Magazine.