Identity security and zero trust have emerged as critical components in the defense against quickly evolving cyberthreats. Together, the solution and the approach support a default stance of “never trust, always verify,” with every risky action requiring authentication, authorization, and audit.
If you’re reading this blog, you may be on a team driving these strategic zero trust initiatives and working with cybersecurity vendors to implement them. And if you haven’t yet considered extending identity security over your desktops and servers, it’s high time you do so. Read on for the why and how.
When working on strategic programs, some investments in cybersecurity, such as multi-factor authentication (MFA) and single sign-on (SSO), are widely recognized for reliably delivering relief to defending teams — and, as such, prioritized. Some are even explicitly called out as examples of required capabilities, such as MFA.
Critically, though, these programs remain no more than a set of siloed technologies for far too many zero trust implementations, as technologies are viewed as belonging to certain domains instead of through a broader lens.
The omissions are most glaring when you look through a holistic identity-first approach lens, especially considering the first mile of user access and the last mile of information consumption — the endpoint. In fact, 79% of 2,300 cybersecurity experts around the globe indicated that identity management is the most critical principle for successful zero trust initiatives, followed closely by endpoint security device trust at 78%. These figures imply that these capabilities are vastly different. But are they?
Should we consider some capabilities of identity management and security as critical contributors to endpoint security?
I certainly think so.
Zero Trust in the Endpoint Department
If your day-to-day job lies in identity and access management (IAM), you should be familiar with many paradigms that fit into and comprise zero trust. Those include least privilege, zero standing privileges (ZSP), just-in-time (JIT) access, and continuous authentication and risk assessment.
The same logic should apply to endpoints — both workstations and servers. Not for nothing, the principle of least privilege is designated as the cornerstone of zero trust. It is an ever-present recommendation of auditors and authorities in cybersecurity. Least privilege, ZSP, JIT access, IAM, and zero trust are connected controls that reduce attack surface and remove implicit trust.
So, if your endpoint security strategy is built around capabilities that scrutinize applications, processes, and actions and respond to those deemed malicious, your zero trust initiative should get some attention in the endpoint department. After all, isn’t zero trust fundamentally about proactive rather than reactive measures? Modern endpoint defense is broader than simple malware response, especially when combined with zero trust and identity context.
A very traditional endpoint security setup would include a combination of unified endpoint management and endpoint detection and response. These technologies, while providing near-complete coverage of an attack kill chain, are very asset- or resource-centric, meaning they usually focus on specific files, folders, and processes.
What should have been there from the very start — the identity context — has been notably missing. Analysts and the industry recognize this and have expanded detection and response to include protection from identity threats in the form of ITDR. But what about identity-centric prevention?
Despite the widespread adoption of various security measures, their effectiveness is ultimately contingent upon their convergence at the endpoint. The endpoint is where identities interact with critical resources, and identity security and zero trust approaches must converge to provide a comprehensive defense.
In today’s environment, characterized by an abundance of new identities, hybrid environments, and sophisticated AI-driven threats, security is a question of how seamless your identity security fabric is and how complete the coverage of your assets is.
The Case for Proactive, Identity-Centric Endpoint Security
Perhaps surprisingly, if you shift your mentality from the comfortably numb, “It’s not a question of if, but when,” back to attack prevention — and do a good enough job of setting endpoint privilege fundamentals — it may just be the security formula you’re looking for.
If you are a tenured defender, you may be thinking, “We tried that. It didn’t work 20 years ago — why should it work today? There’s a reason we ended up in an EDR-centric endpoint security camp.” All true — we did try, heard back from users, and opted for business agility and moving fast.
Around 10 years ago, ransomware changed the game, and cybersecurity today is a board-level issue. Businesses now have to proactively inform shareholders about the security measures they take to prevent cyber incidents. What is also different now is that we finally have the right tools for the job.
Identity — the new, and last standing, security perimeter — must be woven into anything happening within infrastructure. It should be continuous and reliable. As part of identity security, this job is performed by an endpoint identity security layer that provides the ability to:
- Discover and secure privileged accounts on endpoints
- Secure user authentication mechanisms
- Provide passwordless authentication and strong authentication injection points into user workflows
- Harden other security agents and browsers
- Play a critical identity-bridging role to ensure a single point of authority over identities throughout the organization.
Stronger authentication, continuous verification, and phishing-resistant methods are core identity controls.
Couple this with endpoint privilege controls that help discover and remove local admin rights, provide automated and transparent elevation for applications and isolate risky applications from accessing certain resources, enforce role-specific least privilege, defend credentials and security tokens, and add additional ransomware protection — and you have an excellent foundational layer of defense.
Having completed this loop and extended identity security over your workstations and servers, you’ve ensured that your endpoint security plays into your zero trust initiative. Getting this identity-centric prevention right will help your organization do four critical things:
- Extend identity security and zero trust to your workstations and servers
- Decrease the endpoint attack surface and help prevent zero-day attacks
- Reduce IT security and operational costs with endpoint privilege controls
- Demonstrate compliance and meet audit requirements on the endpoint
Additionally, this layer of security can improve user productivity and experience for employees. In short, if you extend identity security over your desktops and servers, your users, administrators, SOC analysts, and shareholders will appreciate it.