0-Trust vs 0-Hack

Organizations that steadily and consistently execute on timely, data-driven decisions that are focused on risk-reduction are more likely to win the day. Every organization, regardless of size, faces difficult choices about where to allocate their limited resources; and you can never eliminate the risk of a cybersecurity incident entirely. So, 0 Hack vs 0 Trust can give you how you can drive the security strategy inside your organization to finalize better effort budget and governance to become an “ITSec Creature” capable of adapting to change not in a resilient mode but in anti-fragile way which means managing the unexpected and the unplanned and having a metamorphosis of non-reactive but adaptive security

0 Trust

repeats itself in the ages of it security seems almost like a sine wave like the “courses and appeals “by G.Vico in human history

Establishing zero-trust policies first requires a thorough audit of current security practices: what defenses are in place, who’s managing them and, most importantly, are they effective? Once that baseline is established, ensure that everyone, not just IT, understands the threats and how they could be affected.

Zero trust may sound like borderline paranoia to some, but pressures inside and outside the tech industry are making it the most viable security strategy.

Zero trust is fundamentally people-centric. It acknowledges that anyone is capable of compromising network security and proactively works to manage that risk. With that in mind, regularly train the workforce to recognize suspicious emails or applications that could potentially infect their systems, as well as require regular password changes and updates.

Finally, understand the outside software used in the workplace. Even if your own networks are secure, a poorly encrypted and or security strategy related to app or application, internal or external reached furthermore via smart working could easily provide a vulnerability for hackers to exploit

0 Hack

starting from the logical assumption that if you don't see something you can't steal it or better nothing to steal. This simple but effective normal assumption could be the solution to pass through from   0-Trust concept, that would be surpassed, to 0-Hack approach

I would like to approach the 0-Hack topic from a slightly different perspective and focus on the “top 10 Innovative Sec Tech 2020“ that for sure you can find on internet, to propose a way of work in 8 steps to implement in your organization such as:

• Multi-factor / Multi-step Authentication/ Password or token id less:  The majority of breaches involve the use of cracked, intercepted or otherwise disclosed authentication credentials at some point ( dark web is full of these info). Use strong, multi-factor authentication methods by default with password less or id less foundation, this means nothing to steal because your customer or your employee digital behavior act to build your virtual password just in time. 
• Sec UEBA and not UEBA general purpose: Combined with the ability to detect and alert on failed login attempts, this practice can provide clues to users that may be the focus of targeted attacks or User Behavior mismatch in join with Password less or token id less strategy, last but not the least an engine able to follow every digital profile inside your company and verify that acts in really safe mode.
• 2nd generation of Endpoint Detection and Response with Deception features and SOC Service embedded : The End Point protection strategy is crucial to build a realistic end point security map but also because most of that email is destined for a user that will click on attachments and potentially infect themselves with malware of some kind. The second most common malware infection vector is through malicious web content; also, an end-user action. As a result, it makes sense to have a thorough suite of controls on the endpoints and servers in the environment to identify and shutdown viruses, malware, and other potentially unwanted programs. Making sure that all endpoints are under management and kept current will help prevent lateral movement by deception feature, botnet, Rat and malware infections that can persist in environments with inconsistently applied controls and SOC service can trigger in real time the end point health check with in time remediation activities per each end point by internal SOC sec Analyst or vice versa by vendor SOC following mutual Play book
• Application detection and response platform: having the visibility on which application platforms communicate with which within your network by having a graphic dashboard capable of showing you the non-coherent open flows regardless of how many firewalls you have in the field allows you to have exactly the map of the attack vectors that a hacker can use. but not least in hybrid environments with many technologies it can give you the “Ariadne’s thread“ to reconstruct the application flows. Over time this creates a large, persistent baseline of low to medium risk issues in the environment that can contribute to a wildfire event under the right conditions.  Lack of a complete asset inventory, both hardware and software, contributes to this risk as applications and devices become unmanaged. Staying on top of patching, system/application updates, end of support/life platform migrations, user administration and configuration management is tedious, time consuming, and generally underappreciated.  This activity more than any other single task, will reduce the risk of cyber events in an organization and dramatically reduce the risk of opportunistic attacks per each asset and can finalize your VA/PT and CODE Code review activities in order to avoid back doors and unexpected Application kill chains.
• Security Data lake strategy: history teaches us that prevention-centric strategies will fail and should be paired with detective controls to minimize time to detection and remediation. For sure you had a well-tuned SIEM but now is not more enough we have to use a Data Lake foundation with SOAPA & SOAR infrastructure as part of your security architecture and that that is receiving logs that cover the internal network and applications as well as through the perimeter internal & external like smart working or third party. This includes tuning of endpoint, application, and network device logs to enable an early detection and response capability in the environment. Furthermore, this approach can give you a tremendous opportunity to collapse inside data lake foundation even anti-fraud activities. Nevertheless SOAPA can speed up efficient and effective data collection, processing, sharing, and analysis, SOAR can set-up the best sec playbook to automate security operations processes, many of which are completely or partially manual today and can be weakness related to human factor.   
• Patch and Update Constantly: Ultimately the most hacker-resistant environment is the one that is best administered. Organizations are short cutting system and network administration activities through budget / staff reductions and lack of training. This practice often forces prioritization and choice about what tasks get done sooner, later or at all. Moving your service platform inside strong Cloud provider can grant you a continues patching model at least on core environment and can give to you more visibility about your patching strategy patching audit compared with on prem installation.
• Email Security: Email is the number one entry point for malware into the enterprise. No surprise really. An Email cloud base strategy is recommended to use anti-spamming engine scalability in join with strong cloud provider where is in place a touchable security strategy. However, CASB adoption to grant a full cloud email service visibility is a must it should be the next cloud place where organizations double-down on security. 
• Deception Strategy: Just because a hacker or piece of malware makes its way into your environment, doesn’t mean they should be able to spread adjacent network nodes or waltz back out with your mission critical, regulated data. Using Deception strategy, you can masquerade your network and application visibility bring your attacker inside a trap environment limiting the ability to communicate both across and outside the network and limit the impact of an incident and help prevent a network and application incident from becoming a public data breach