Who can you trust? More importantly, how far should that trust extend? Andy Smith, VP of Product Marketing for Centrify, joins me on this episode of the Inner Circle podcast to talk about zero trust privilege.
We talk about the reality of the threat landscape and the fact that attackers generally log in with compromised or stolen credentials. From a traditional authentication perspective, the attacker appears as “legitimate”, and–without additional protection–would have free reign to any assets or data the actual owner of the compromised or stolen credentials has access to.
Zero trust security–or zero trust privilege–takes authentication to the next level. It is a combination of the concept of least privilege access and user behavior analysis to consistently monitor activity and verify the credentials of the individual as the individual (or credentialed service or API) moves about the network and accesses different resources.
It’s crucial for organizations to understand that whether an attack is external or internal, it is most likely going to be executed with verified access using legitimate network credentials. Zero trust privilege raises the bar from standard authentication, or even two-factor authentication or least privilege access to provide stronger access management to guard against these attacks.