The U.S. defense industry is one of the most high-profile and frequently attacked sectors in the world. Whether it’s the fault of nation-state actors, terrorists or even financially motivated cybercriminals, the stakes couldn’t be higher — for national security and battlefield success. The war in Ukraine has revealed how kinetic and digital capabilities are increasingly linked in offensive operations. But this isn’t just a Pentagon challenge. Sophisticated attacks are also increasingly targeting critical infrastructure providers in sectors like healthcare and financial services.
That’s why Zero Trust has become not just a government priority – driven by the White House – but something CISOs across the board are planning. A new webinar reveals how Tanium is teaming up with Microsoft to accelerate the journey for customers.
Watch the fireside chat portion from the webinar below.
Zero Trust comes of age
Zero Trust has been around as a concept for over a decade. So why has it taken so long to permeate federal government cyber best practices? Because today we live in the kind of cloud and mobile-centric world where traditional perimeter approaches are no longer sufficient to guarantee security. In fact, the old “castle-and-moat” paradigm creates a broad attack surface. And if a threat actor makes it past the perimeter, there’s nothing stopping them from moving laterally to cause maximum damage.
On the other hand, Zero Trust posits that no devices or personas inside a network are to be trusted. Instead, every device and entity must be continuously verified and authenticated in real-time — not just for initial access. Zero Trust also follows a best practice least privilege approach, which requires user and endpoint segmentation and limiting access only to apps and data required at the time. So, assume breach and always verify — not only validating identity through multi-factor authentication, but also device health through vulnerability and configuration compliance checks.
There’s more to it than this, of course, and organizations will approach their Zero Trust journey differently depending on their level of maturity and what existing technologies and processes they have in place. The U.S. Department of Defense’s framework for Zero Trust is built on seven pillars:
- Users: Authenticate, assess and monitor user activity patterns to govern access and privileges while protecting and securing all interactions.
- Devices: Understand health and status of devices to inform risk-based decisions. Real-time inspection, assessment and patching play a role in every access request.
- Apps & workloads: Secure apps, hypervisors, containers, VMs and everything in between.
- Data: Transparency and visibility enabled by enterprise infrastructure, apps, standards, encryption and data tagging.
- Visibility & analytics: Derive context from analysis of events, behaviors and activities and apply AI/ML to improve threat detection and real-time access decisions.
- Automation & orchestration: Automated security response based on defined processes and policies, enabled by AI.
- Network & environment: Segment, isolate and control networks with granular policy and access controls.
Be in no doubt, Zero Trust can be a significant undertaking, especially for large and complex IT environments. But getting the end user and device authentication piece right can help organizations to take a significant step in the right direction, by protecting their most critical apps and data.
Azure Active Directory’s Conditional Access policies can help to streamline the process. But the quality of the data organizations use is critical to the effectiveness of their programs. For example, if they’re working from old data, organizations may not realize that a user machine is not up to date with its patches, and erroneously allow access. Or they could wrongly block devices that actually pass compliance requirements.
Even if the correct access decisions are made, if multiple users are locked out of a network without any rapid way to remediate device issues, security will significantly undermine productivity.
The Tanium and Microsoft difference
This is where Tanium’s partnership with Microsoft comes into its own. Thanks to the integration between the Tanium platform and Azure Active Directory, customers can leverage real-time device data to ensure that conditional access decisions are always made based on the latest information. And thanks to Tanium, there’s a quick and easy way to remediate any non-compliant devices, thus supporting Zero Trust security while minimizing the productivity impact on users.
The partnership extends to Tanium integration with Microsoft Sentinel. This will enable customers to benefit from real-time Tanium endpoint data whilst using their Sentinel product — to enhance triaging, prioritization, and investigation of alerts, and support threat hunting. Users will also be able to remediate at scale using Microsoft Sentinel Playbooks. It’s all about helping customers’ Zero Trust journey, one step at a time.
Learn more and watch the full webinar – including our full demo – here.