Explaining “Zero Trust,” Why You Need It, and the Best Way to Bring It to Your Organization

I’m going to throw some names out at you: Target, Uber, Colonial Pipeline, Equifax, Twitter. I’m sure most, if not all of you know these household names… maybe with the exception of Colonial Pipeline. I myself had never heard of them until I was sitting in my car in line to get gas while vacationing in the Outer Banks of North Carolina. On the radio was playing the news of how Colonial Pipeline had suffered a severe network breach that allowed an attacker to launch ransomware on their systems, shutting down their fuel transmission operations to the Southeastern United States. Which by sheer luck, I happened to be in that neck of the woods and got to experience my first-ever gas shortage. All I knew was I needed gas, or I wasn’t going to be able to leave the beach! Wait… how is that a bad thing? I digress.

What all of these companies have in common is that they experienced significant data breaches and network intrusions that cost them millions of dollars. The cost impact is not only to rectify the issue that caused the breach to begin with, but also to compensate affected customers and pay fines issued by the government, as well as all of the marketing they need to do to get back in their customers’ good graces. Don’t even get me started on repairing their business’s reputation. I’m looking at you, Equifax! How could these companies have been better protected against the threats that ultimately brought them down? A new white knight is on the horizon that promises to be the most effective means yet at preventing these mishaps… and that white knight is Zero Trust.

Zero Trust is a paradigm shift in the world of digital security. Before its initial inception in 2010, the primary means of protecting a network and the data it holds was a perimeter-based approach.  Picture the old Under Armor commercials with football players yelling, “We must protect this house!” as they took their positions on the football field.  Instead of football players, us digital security fans were lining our fields (our networks) with firewalls, antivirus software, bastion servers, and encryption.  This had largely been enough to protect the digital realm in the formative years of network and data security; but things changed when a new supervillain flung itself into primetime: ransomware.

Ransomware began wreaking havoc on businesses as it found its way onto corporate systems and encrypted their vital operating data. The only way to recover from this type of attack is to restore from a backup if they have one (and if you do not have a backup strategy, you need to get one, ASAP). The other option is to pay the ransom and HOPE that they actually decrypt the data, which is definitely not a guarantee. There are even instances of the hackers giving the victim the decryption key after they paid the ransom, but the hackers also turn around and sell the victim’s data to the highest bidder on the dark web.  The victim is victimized twice, and the hackers profit twice. I guess there truly is no honor among thieves.

Antivirus solutions reacted quickly to ransomware attacks and found solutions for the ones that were prevalent, but this left a huge hole in security. What about ransomware variants that have never been seen before? These are known as “Zero Day” threats, or rather threats that the security world has had zero days to prepare for. Even the best malware security companies can’t predict the future and create countermeasures to threats not yet seen. This is where Zero Trust rides in on its white horse.

Zero Trust takes a different approach to security. Instead of reacting to threats currently known, Zero Trust makes it so that any threat, known or unknown, cannot even begin to install. It accomplishes this by using “whitelists”, also known as “allow lists”. These contain lists of programs, users, or connection types that are pre-vetted and specifically allowed by the administrators. If something or someone that is not on those lists attempts to install software or perform any action, it will be denied. It is as simple as that.

Another benefit of Zero Trust is that it knows no borders or network perimeters. Previous security postures focused primarily on protecting the border of the network and whether something could come in or out. This is how firewalls work. COVID-19 changed the digital world almost in an instant by taking people from the digital safety of their offices and making them work from home. This dramatically erased the border protection posture that thrived pre-COVID. A company’s network border now needed to be expanded to include the workers’ homes. This led to many security holes that once were never even considered. Mobile phones are also working overtime to erase the effectiveness of network security. Our phones can now do just about all the major tasks that we would normally have done within the safe confines of our office network. Now, they can be done while in the drive-thru of a fast-food restaurant. Security engineers need a way to protect against this perimeter destruction, and Zero Trust is the answer. With Zero Trust, even if someone was able to gain access, unless the whitelists specifically say that users can do whatever action they are trying to do, it will not work.

The best implementation of Zero Trust that I have seen is the ThreatLocker platform. ThreatLocker is an application whitelisting program that will only allow previously approved programs and executable files to install. So, if a user tries to install Microsoft Word, ThreatLocker will allow the software to be installed, as it is on the preset list of approved programs within ThreatLocker. When someone tries to install a program not on the list, such as a file-sharing program like BitTorrent, ThreatLocker cross-references the installation file data against its database of approved programs. When it sees that it is not on the list, it will deny access to the Windows resources needed to perform the install. If it is a legitimate program, the user has the option to request its approval. An administrator then can research the program and determine if it is something they want running in their environment or not, then act accordingly. ThreatLocker does not just protect against unwanted software installs. They also allow for whitelisting USB flash drives, network access control, as well as privilege escalation control. These are all tools that add even more layers to your security stack.

With ThreatLocker, the layers of defense in depth strategies are greatly reinforced, stopping attackers and their ransomware tools in their tracks. Zero Trust, and specifically ThreatLocker, are a vital tool to any organization with digital assets. If you are looking for a managed security service offering real protection against zero-day threats, you have found it.

Looking to get started with ThreatLocker? Reach out to your trusted advisors at Appalachia Technologies for assistance – 888-277-8320 or .

For more information on Zero Trust, check out What is the Zero Trust Security Model by TechTarget.

Curtis McPherson is a Lead SOC Analyst who also spends time performing penetration testing and ethical hacking, making him a true purple team member. Curtis graduated cum laude from Penn State University with a bachelor’s degree in Security and Risk Analysis, concentrating on cybersecurity and digital forensics. In his time at Penn State, he participated in the Technology Club, which conducted open-sourced intelligence (OSINT) investigations into missing person cases, using social media and the internet to find clues to their disappearance. Curtis is married with two cats and a bouncy bearded collie named Laddie. In his spare time, Curtis is an avid fiction writer, Civil War historian, and a tried and true lover of all things related to airplanes and aviation.