Software supply chain attacks have been on the rise lately. With the current pervasiveness of third-party and open source libraries, which presumably developers cannot control as strongly as the code they create, vulnerabilities in these software dependencies are causing serious security risks to applications.
Supply chain attacks abuse the inherent trust that users have with a software provider. When a vendor uses a vulnerable dependency, a miscreant can penetrate the vendor’s system and plant malicious code. When the vendor distributes their software downstream to a wider audience, the attacker uses the trusted vendor’s software to stage attacks.
Zero Trust is a new security model that aims to eliminate the implicit trust users have on any type of software. It assumes breach and helps you to deploy proactive strategies for defending your systems.
This article covers Zero Trust and how you can use it to take your software supply chain security to the next level.
Zero Trust is a modern security model that throws away the idea of trust in an organization’s computing infrastructure, just as its name suggests. It’s a proactive approach that requires every request, whether coming from inside or outside the corporate network, to be authenticated, authorized, and continuously validated for security compliance before being allowed to access resources and data.
Zero Trust is based on the “never trust, always verify” concept. Rather than trusting everything behind the organization’s firewall, it assumes a breach and verifies every request as if it emanates from an unsanitized network.
Zero Trust is a significant shift from the old castle-and-moat model that follows the “trust but verify” concept. You can think of your organization’s network as the castle in which authorized individuals are able to “cross the moat defenses” and get inside your network perimeter.
The traditional perimeter-based security model concentrates on the dangerous idea that trusted users can access any resource within the organization while untrusted users are kept outside the network boundaries.
Founded by an industry analyst at Forrester Research in 2010, Zero Trust has metamorphosed into a model that addresses today’s supply chain security challenges. The old perimeter-based security approach where a protective wall is built around the IT system has proven to be ineffective.
In a Zero Trust environment, every software is untrusted by default. Therefore, sufficient measures must be placed to verify and secure all resources before access is granted.
The Zero Trust philosophy depends on several existing technologies and best practices to realize its objective of safeguarding the enterprise IT environment.
Let’s delve into some of its core principles and how you can use them to address supply chain vulnerabilities.
Zero Trust advocates for authenticating and verifying access to every resource. The identity of the users, their access privileges, as well as the identity and security of their devices must be continuously validated.
Zero Trust assumes there are intruders both inside and outside the organization’s network. Therefore, you should not automatically trust any user, device, or package.
The initial attack vector is usually not the ultimate goal of a supply chain attacker. Therefore, verifying explicitly can assist in preventing a bad actor from gaining that initial access. For example, after completing login or connection requests, users and devices should time out at defined intervals, compelling them to be constantly re-authenticated. Also, if an already logged-in user tries to access another resource within the network, they must be re-validated.
With the Zero Trust approach, you should not automatically perform dependency updates. You should assume that every update is unsafe and explicitly verify its security before installing it.
Least privilege is a security principle that mandates that a user should be given only the bare minimum level of access or permissions necessary to complete the required task.
In a Zero Trust environment, every user’s privileges and access to data are tightly controlled. This prevents intruders from using a single breached account to make lateral movements that could allow them to inject malicious code into your software.
You can also limit the permissions granted to third-party libraries on your systems. This reduces security risks and safeguards against supply chain attacks.
Microsegmentation is another Zero Trust principle. It refers to setting up separate segments across a network with their own unique access credentials. A user or device able to access a single segment is not allowed to access another segment without separate verification.
This practice helps enhance security and prevents attackers from making lateral movements and causing havoc to the entire software, even if a single package is compromised. If a vulnerability is detected, the breached dependency can be quarantined and sanitized without affecting the rest of the software.
Multi-factor authentication (MFA) is a vital Zero Trust principle that requires multiple pieces of independent evidence before a user is authenticated—providing only a password is not sufficient to gain access.
A popular implementation of MFA is the 2-factor authorization (2FA) technique, which, in addition to the password, allows users to receive a code sent to their devices, such as a mobile phone, for them to confirm who they claim to be. As such, 2FA offers two pieces of evidence for users to verify their identity.
Zero Trust requires that every activity should be inspected, analyzed, and logged without disruptions. By continuously monitoring your packages, you can discover abnormal activities that can bring your software to its knees. For example, if you notice that a dependency is trying to open connections to other external resources that it does not require to interact with to undertake its function, you can raise the red flag and investigate the issue.
Trust is the fundamental problem in today’s dynamic and rapidly evolving security landscape. The modern security environment requires a resilient model that can easily adapt to the shifting threats and perimeters.
By eliminating implicit trust from an enterprise’s network architecture, the Zero Trust approach is crucial to ensuring protected and healthy digital environments. It’s the model you need to embrace to enhance the security of your data, devices, and people across the organization.
WhiteSource Diffend can help you apply Zero Trust strategies to your software supply chain. With Diffend, you can avoid poisoning your downstream clients with malicious applications. It increases your visibility into third-party libraries so that you can avoid treating them blindly as trusted components of your software.
With WhiteSource Diffend, you can scan your packages for the presence of vulnerabilities, control the dependencies allowed in your enterprise, assess if any package update is malicious, and more. It’s the tool you need to fortify your defenses against software supply chain attacks.