The digital era has ushered in a new age of connectivity and convenience and brought with it unprecedented security challenges, especially concerning unstructured data. In a recent SANS webinar, industry expert Eric Avigdor, VP of Product Management at Votiro, delved into the intricacies of Zero Trust content security. His insights shed light on how organizations can protect their data from evolving threats. Host and Certified SANS Instructor Matt Bromiley offered a comprehensive look at securing unstructured data through innovative approaches.
What is Zero Trust Content Security?
Eric started by emphasizing a Votiro motto; “no application is left behind.” He continued, “Just like we used to say trust no one, right now, what I’m going to share with you is how no file is going to be left behind because files are a source of trouble.” This concept, referred to as “Trust no file,” encapsulates the essence of Votiro’s approach to content security.
The Evolution of Zero Trust
Eric provided a brief overview of Zero Trust, noting its evolution from focusing primarily on identity and access management to encompassing data security. “Zero Trust was put in place in order to secure your data, to make sure that your data is safe to be used, and is contained in a safe way,” Eric explained. He emphasized that the ultimate goal of Zero Trust is to protect data, which includes not just identities but also the content that flows through various channels.
Challenges with Unstructured Data
Unstructured data, such as files and documents, pose significant security risks. Eric highlighted the various entry points through which unstructured data can infiltrate an organization’s network, including email attachments, software as a service (SaaS) applications, customer-facing portals, and collaboration tools like Teams and Slack. “Think about every entry point you have in your virtual IT environment where unstructured data comes in, where content comes into your network, onto your endpoints, onto your servers, onto your applications,” he urged the audience.
The problem with unstructured data is its potential to carry malicious payloads that can bypass traditional security measures. Eric described the “zero-day dilemma,” where organizations struggle to balance security and business efficiency. “How do I maintain business efficiency, and yet maintain a good level of security?” he asked, highlighting the challenge of dealing with unknown threats that antivirus engines and sandboxing solutions might miss.
The Zero-Day Dilemma
Eric elaborated on the zero-day dilemma, explaining how unknown threats, or zero-day attacks, can evade detection by traditional security solutions. These attacks often involve new variants of malware with different signatures, making them difficult to identify.
The dilemma extends to the impact on business operations. Blocking or quarantining suspicious files can disrupt workflows and cause frustration among users who need immediate access to critical documents. “If that file is a false positive and it’s blocked, but the user needs it, that user is going to be very annoyed, begging IT to release that file,” Eric pointed out.
The Role of Collaboration Tools
Eric underscored the growing exploitation of collaboration tools by attackers. Tools like Teams and Slack, while trusted by users, can become conduits for malicious files. This necessitates a robust security approach that scrutinizes every file, regardless of its source.
Addressing the Cyber Kill Chain
Eric provided a detailed analysis of the Cyber Kill Chain, illustrating how malicious files can be used at various stages of an attack. He cited the Casbaneiro Attack as a case study, explaining how it begins with a phishing email containing an HTML file. This file directs users to a malicious domain where they download a password-protected zipped file, effectively bypassing many security defenses. “A zipped archive file, potentially password protected, is the best and most efficient way to bypass most of your, if not all, of your defenses,” Eric explained.
The Importance of AI in Modern Threats
Eric highlighted the role of AI and large language models in creating sophisticated attacks. AI can generate malware, design sophisticated phishing attacks, and even tailor attacks to specific users, increasing the threat landscape.
The Journey of Malicious Files
Malicious files often follow a journey within an organization, from initial upload to widespread distribution across various systems. This journey illustrates how a single malicious file can proliferate within an organization, potentially compromising multiple systems and endpoints. Effective content security must address the entire lifecycle of these files.
Zero Trust Content Security Steps
Eric outlined the steps for implementing Zero Trust content security: detecting known bad, disarming unknown bad, and providing real-time analytics. “We need to be able to detect known bad as well as unknown bad,” he stated. This involves identifying malicious files, disarming threats, and ensuring that security teams have the necessary analytics to track and mitigate risks in real time.
Content Disarm and Reconstruction (CDR)
Votiro’s approach to content security revolves around Content Disarm and Reconstruction (CDR). Eric explained that CDR involves extracting known good content from files, sanitizing them, and ensuring they are safe to use. This approach ensures that users receive sanitized, functional files without the risk of malware, maintaining both security and usability.
Real-Time Content Security
Votiro’s solution operates in real-time, ensuring that all files entering an organization are safe to use instantly. This real-time capability eliminates the need for blocking, quarantining, or waiting for security teams to analyze files, thus maintaining business efficiency while ensuring robust security.
Eric concluded the session by emphasizing the importance of a unified approach to content security. Votiro’s mission is to integrate content security across all IT environments, ensuring that files are safe to use, whether they come from email, collaboration tools, SaaS applications, or other sources. “Our mission is to ensure that content is safe and secure, everywhere,” he stated.
The webinar provided valuable insights into the complexities of securing unstructured data in a Zero Trust framework. By leveraging advanced techniques like Content Disarm and Reconstruction, organizations can protect themselves from sophisticated threats while maintaining business efficiency. As the digital landscape continues to evolve, solutions like Votiro’s will be crucial in safeguarding data and ensuring a secure and productive environment.
IMPLEMENTING A ZERO TRUST ARCHITECTURE is not a one-size-fits-all solution; it requires careful planning, implementation, and ongoing management. For those interested in delving deeper into the subject, SANS has recently released a Zero Trust strategy guide. This document is an excellent resource for anyone looking to learn more about the principles, implementation strategies, and benefits of adopting a Zero Trust Architecture in their organization.
