Oceanne Gallagher by Oceanne Gallagher | | Blog

verification process on computer

In cybersecurity terms the phrase ‘never trust, always verify’ means treating everyone and everything as potentially malicious. Or, to put it another way, adopting a zero-trust approach.

All well and good, but the phrase is a little ambiguous. It often means different things to different cybersecurity vendors, with some skewing the concept completely to fit their own processes. So what does the real thing actually look like?

Everyone is a Threat

Many vendors recommend that zero-trust security architectures should be built around the notion of not trusting users or sources of data. Others recommend not trusting any network traffic. This means that everything coming into a network should be “verified”, regardless of the source it comes from or the internal user it’s going to.

This makes sense. We’re saying users, sources of data and network traffic should not be trusted. But what about the data itself? What about digital content? In a world where malware concealed inside documents and images routinely evades detection, true zero-trust means finding a way of verifying beyond doubt that the content is also threat-free.

For example, let’s imagine that an email arrives from a well-respected partner organisation to the financial director of your organisation. The email is perfectly normal for an interaction between these two parties and contains a macro-enabled Office spreadsheet listing some financial figures relevant to previous email interactions.

On the face of it, this is a perfectly trustworthy network exchange, between trustworthy entities containing a trustworthy file type. However, the macro-enabled Office spreadsheet within the email actually contains parts of an executable, which will be assembled and executed when the macro is run. If this email had been trusted because of the trustworthy source, recipient or attachment file type, then malware could have entered the network.

It’s just as important to protect ourselves from those we trust as those we don’t. There’s simply no way to be sure who’s been compromised and who hasn’t, so ‘zero trust’ means exactly that.

Transforming Security

Our approach to threat removal is to not trust users, sources of data or network traffic. And it doesn’t trust any content which is part of that network traffic. In fact, in its purest form it doesn’t trust any application to handle data correctly, or even trust internet-facing components of defences

Instead, the Deep Secure threat removal platform treats every incoming file with the same distrust regardless of file type, source or user and verifies everything following the recommendations written by the National Cyber Security Centre (NCSC) for safely importing data.

With this approach “verification” consists of transforming every file regardless of whether it could contain a threat. During transformation, the content is decoded and only the valid business information is extracted from it. The original file is then discarded, along with any encoding context, unnecessary metadata, active code or malware. The extracted business information is then formatted to match the original and put in a wholly new file.

Our zero-trust approach would have transformed the email in the earlier example as well as its attachment to create a brand new, clean, identical email and attachment inside the network which wouldn’t contain the hidden malicious data. It would also perform the exact same transformation on every other email which entered the system, in case any of those also contained malware, known or not.

Where necessary in high-assurance environments, we also use “hardsec” hardware logic and a physical air gap to minimise the protected network’s attack surface and protect our own software from possible compromise.

From the Ground Up

In 2008, Author Maria V. Snyder wrote: “Trusting is hard. Knowing who to trust, even harder.” Eleven years later there’s a groundswell of opinion that when it comes to cybersecurity it’s best not to trust at all. Making this a reality, involves building a zero-trust security model from the ground up, as well as using technologies such as transformation and hardsec to defend the organisation.

See Document Transformation In Action
Sign up for a Free Trial

View all posts