How Should Zero Trust Apply to Phishing?

Isolation for Zero Trust phishing protection

Phishing sites frequently evade web and email filters because of the inability of secure gateways to detect new phishing websites or categorize them properly. According to Menlo Labs, web and email gateways wrongly categorize 10-15 percent of malicious websites as safe.

This finding creates the perfect use case for Internet isolation. Simply isolate everything and no one has to worry about trying to anticipate the thousands of daily threats.

Currently, however, isolation is not considered a core part of the zero trust model by many in cybersecurity. This is a mistake.

Let’s take a moment to review why the industry should update its view of isolation to be included as a core solution that delivers zero trust, especially in the context of protecting against phishing attacks.

What is Zero Trust?

Zero trust currently consists of five principles that serve as its guiding light. (Zero Trust Networks, Gilman and Barth, 2017)

• The network is always assumed to be dangerous.
• Threats can be inside or outside the network.
• Actors inside the network are not automatically trusted.
• Authenticate and authorize every device, user, and network flow.
• Policies must be dynamic and use multiple data streams.

The zero trust philosophy was created by a high-level network architect within Forrester in 2010 as a set of building blocks for very large networks.

The concept itself is less about dictating the use of particular technologies and more about building a foundation of practices to guide security professionals on how to secure a network that allows users to connect from anywhere. Over time, specific technologies were developed and added as off-the-shelf solutions to address one or several of the five principles.

Phishing—The most common vector for attack

Consider phishing, for example, if an outsider gains access to an employee’s credentials, then they can attack the network by posing as that “approved” user.

To prevent infiltration, you need to find the root cause of the original security incident. Ninety percent of the time, it’s phishing through the browser. (CyberEdge, 2020).

Importantly, the initial threat occurs both when the phishing site evades web/email filtering and when the user actively enters their credentials.

Isolation Enhances Zero Trust to Protect Against Phishing

Cloud-based Internet isolation obviates the idea of trust entirely. Rather than establishing a trusted connection between the host and the Internet, the trust is between the Internet and the virtualized container (remote browser), which can be terminated or limited at will by the IT team.

Isolation enables a new spin on existing capabilities; for example, the ability to place phishing sites into read-only mode to prevent credential theft.

In this lens, isolation should apply to zero trust because of the functionality that precludes the need to establish trust between host machines and the Internet.

Easing Market Confusion about Zero Trust

The flexible nature of the implementation of Internet isolation has led to market confusion over what should be included as a part of zero trust.

There are no rigid protocols to follow—only guidelines designed to enhance one’s thinking about security. The strength of the Zero Trust security model lies in re-contextualizing existing and new technologies away from a centralized, perimeter-focused security model. Cloud-based isolation is a powerful technology that meets the goals of this new form of architecture and may represent a new frontier in the world of secure access under the banner of zero trust.

To learn more about how isolation works to protect against phishing and malware attacks, download our eBook available now.