{"id":45342,"date":"2022-02-17T17:00:00","date_gmt":"2022-02-17T17:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=105135"},"modified":"2022-02-17T17:00:00","modified_gmt":"2022-02-17T17:00:00","slug":"4-best-practices-to-implement-a-comprehensive-zero-trust-security-approach","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/4-best-practices-to-implement-a-comprehensive-zero-trust-security-approach\/","title":{"rendered":"4 best practices to implement a comprehensive Zero Trust security approach"},"content":{"rendered":"

Today\u2019s threat actors don\u2019t see barriers, they see opportunities. As the old firewalls protecting the corporate network become obsolete amid the rush to adopt a hybrid workspace, implementing Zero Trust security<\/a> has become an imperative across all sectors, both public and private. During this time of unprecedented change, Microsoft Security is committed to helping you be fearless<\/a> in pursuing your vision for growth and success.<\/p>\n

Because an effective Zero Trust approach needs to operate holistically across your complex digital estate, Microsoft Security solutions function as a unified whole to protect your people, data, and business. We\u2019re uniquely positioned to simplify and strengthen security across your entire enterprise\u2014even integrating easily with your existing third-party products. In this blog, we\u2019ll look at four guidelines for implementing a comprehensive Zero Trust strategy that can help your organization continue to move forward confidently in these uncertain times.<\/p>\n

\"Identities<\/figure>\n

Figure 1. Microsoft Zero Trust architecture.<\/em><\/p>\n

1. Build Zero Trust with comprehensive coverage<\/h2>\n

Despite what the name implies, a Zero Trust approach empowers organizations to grant employees greater freedom across all data, apps, and infrastructure. In a recent Microsoft-commissioned study conducted by Forrester Consulting, The Total Economic Impact\u2122 (TEI) of Zero Trust Solutions From Microsoft<\/a>, the principal architect at a logistics firm described how Microsoft\u2019s comprehensive Zero Trust implementation allowed them to create a bring your own device (BYOD) program for the company\u2019s seasonal frontline workers, leading to efficiency gains. \u201cBefore, our seasonal workers would have to be paired with our full-time employees when [performing field visits]. But now, they can go out on their own.\u201d<\/p>\n

The interviewees said that \u201cby implementing Zero Trust architecture, their organizations improved employee experience (EX) and increased productivity.\u201d They also noted, \u201cincreased device performance and stability by managing all of their endpoints with Microsoft Endpoint Manager<\/a>.\u201d This had a bonus effect of reducing the number of agents installed on a user\u2019s device, thereby increasing device stability and performance. \u201cFor some organizations, this can reduce boot times from 30 minutes to less than a minute,\u201d the study states. Moreover, shifting to Zero Trust moved the burden of security away from users. Implementing single sign-on<\/a> (SSO), multifactor authentication<\/a> (MFA), leveraging passwordless authentication<\/a>, and eliminating VPN clients all further reduced friction and improved user productivity.<\/p>\n

\"Zero<\/figure>\n

Figure 2. Microsoft Zero Trust solutions and capabilities.<\/em><\/p>\n

2. Strengthen Zero Trust with AI and integration<\/h2>\n

The Forrester study also found that \u201cexisting solutions failed to provide the high-fidelity signals, comprehensive visibility, and end-to-end self-healing capabilities needed to defend against today\u2019s sophisticated attackers and volume of cyberthreats.\u201d For the interviewed organizations, \u201cprior solutions could not provide telemetry of a threat\u2019s effect on data, a user\u2019s exact activity on the network, or a timeline for effective remediation.\u201d And because the organizations relied on security solutions from multiple vendors, \u201cconsolidating telemetry information for triage and analytical work was difficult and time-consuming.\u201d<\/p>\n

Microsoft Sentinel<\/a> solves the problem of vulnerable security silos by providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. As a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution, Microsoft Sentinel uses AI to eliminate security infrastructure setup and maintenance by automatically scaling to meet user needs. Because Microsoft Sentinel is available out of the box with service-to-service connectors, it\u2019s easy to gain real-time integration with Microsoft 365 Defender<\/a>, Microsoft Azure Active Directory<\/a> (Azure AD), Microsoft Defender for Identity<\/a>, and Microsoft Defender for Cloud Apps<\/a>.<\/p>\n

Any truly comprehensive Zero Trust implementation requires functionality across multiple platforms. Microsoft Sentinel also contains 30 new out-of-the-box data connectors<\/a> for Cisco, Salesforce Service Cloud, Google Workspace, VMware ESXi, Thycotic, and many more. These data connectors include a parser that transforms the ingested data into Microsoft Sentinel normalized format<\/a>, enabling better correlation for end-to-end outcomes across security monitoring, hunting, incident investigation, and response scenarios. Microsoft Sentinel automates routine tasks\u2014with a 90 percent reduction in alert fatigue\u2014so, your security team can focus on the most critical threats.<\/p>\n

For example, by adhering to the values of Zero Trust, the Microsoft security operations center (SOC) assumes that any device or user can be breached. That means we end up scrutinizing roughly 600 billion security events each month. But because we utilize Microsoft Sentinel and our other security tools that leverage machine learning, threat intelligence, and data science, we\u2019re able to filter 600 billion monthly events down to around 10,000 alerts<\/a>. We also use Microsoft Defender for Endpoint Automated Investigation and Response (AIR)<\/a> capabilities to find and fix low-level malware instances and other nuisance alerts. Microsoft Defender for Endpoint AIR capabilities can also clean up a device, delete the service, erase the file, and tell us when the problem has been remediated. This reduces noise for our SOC and helps shrink those 10,000 monthly alerts down to a manageable 3,500 cases for investigation. Whittling those numbers down is what helps us\u2014and you\u2014zero in on real threats.<\/p>\n

3. Simplify for easier compliance and identity and access management (IAM)<\/h2>\n

The five organizations in the Forrester study struggled to comply with regulatory requirements because \u201cthe complexity of their IT environments made it difficult to audit their environments or effectively implement governance policies.\u201d Sound familiar? Fortunately, Zero Trust requirements can sometimes exceed some compliance requirements; meaning, organizations sometimes find that they\u2019re better off than they had been previously.<\/p>\n

As a feature in the Microsoft 365 compliance center<\/a>, Microsoft Compliance Manager<\/a> solves this common problem with intuitive management and continuous assessments\u2014from taking inventory of data risks to implementing controls, staying current with regulations and certifications, and reporting to auditors. Compliance Manager\u2019s machine learning and analytics even help sort through relevant data to respond to your legal, regulatory, and internal obligations based on requirements from the International Organization of Standardization<\/a> (ISO), National Institute of Standards and Technology<\/a> NIST), Cybersecurity and Infrastructure Security Agency<\/a> (CISA), and General Data Protection Regulation<\/a> (GDPR). It automatically measures your progress toward completing necessary actions\u2014providing a compliance score around data protection and regulatory standards\u2014along with workflow capabilities and built-in control mapping to help carry out improvements.<\/p>\n

To make compliance even easier, the new Microsoft Sentinel: Zero Trust (TIC 3.0) Workbook<\/a> features a redesigned user interface, new control card layouts, dozens of new visualizations, and better-together integrations with Microsoft Defender for Cloud<\/a> to monitor compliance posture deviations across each TIC 3.0 control family. The new workbook also provides a mechanism for viewing log queries, Azure Resource Graph, metrics, and policies aligned to TIC 3.0 controls\u2014enabling governance and compliance teams to design, build, monitor, and respond to Zero Trust requirements across 25 plus Microsoft products.<\/p>\n

Microsoft also offers more than 300 pre-built risk assessment templates to help you comply with evolving regulations, as well as integrated workflows to help ensure the right people across security, HR, legal, and compliance can investigate as soon as a risk is identified. The director at a manufacturing firm explained that \u201cMicrosoft Secure Score<\/a> reduced the time it took us to be compliant with the California Consumer Privacy Act (CCPA) and GDPR. And Azure AD and Microsoft 365 E5<\/a> really enhance our security capabilities.\u201d Secure Score simplifies your security posture by providing centralized visibility across all your Microsoft 365 workloads. This helps identify potential improvements, as well as benchmark your organization\u2019s status over time. Embedded guidance enables you to evaluate each recommendation and determine which vectors of attack are a priority, and how they can be mitigated.<\/p>\n

Organizations in the Forrester study also stated that \u201cLegacy infrastructures made it difficult for IAM teams to meet organizational security requirements and the needs of their users.\u201d Azure Active Directory integration<\/a> enabled these businesses to streamline sign-in and easily deploy applications companywide, as well as enable SSO and automate user provisioning. These efficiency gains allowed their IAM teams to focus on improving security by implementing additional Zero Trust policies. By adopting Azure AD, the IAM teams also reduced time spent managing IAM infrastructure, provisioning and de-provisioning users, managing vendors, and dealing with application downtime and remediation.<\/p>\n

4. Look for best-in-breed protection <\/h2>\n

When looking for a Zero Trust solution you can rely on, there\u2019s a confidence that comes from knowing your security provider has seen more than 40 percent year-over-year growth<\/a> and more than USD10 billion in revenue. As Thomas Mueller-Lynch, Service Owner Lead for Digital Identity at Siemens<\/a> put it, \u201cThere aren\u2019t too many vendors on the planet that can create a solution capable of providing consolidated insights into large, complex environments like ours. That\u2019s why we chose Microsoft.\u201d<\/p>\n

Microsoft Security<\/a> is a leader in five Gartner Magic Quadrants<\/a> and eight Forrester Wave\u2122 categories<\/a> and ranked the highest in the MITRE Engenui<\/a>t<\/a>y\u00ae ATT&CK Evaluation<\/a>. Microsoft was also named a Leader in IDC MarketScape<\/a> for Modern Endpoint Security. By unifying security, compliance, and identity, we can help you improve productivity and protect your entire environment\u2014from Windows and macOS to Linux, iOS, Android, and Amazon Web Services (AWS). For built-in intelligence, easy integration, and simplified management that addresses all three Zero Trust pillars, Microsoft Security provides the comprehensive solution you need to move forward\u2014fearless. <\/p>\n

Learn more<\/h2>\n