Data loops at the center of ZTA and CTEM can boost your cyber program

Written by Chris Jablonski, Director, CXO Revolutionaries & Community.

In 2011, Google released a groundbreaking report called ZMOT: Winning the Zero Moment of Truth, sending shockwaves across the marketing world. ZMOT refers to the moment when a consumer researches a product before a purchase just after a stimulus is triggered. It revealed the brutal truth that if your product or service was not present during this most powerful moment in a customer's journey, you will lose the sale.

A parallel ‌idea exists in cybersecurity. There is a zero moment of truth every time your digital environment faces a transaction across a network. We can call it that or more aptly the “zero moment of trust,” which is based on policies and rules in place to define truth.

Every app or data access transaction in an organization is part of a constant giant stream of “stimuli” that must be verified, evaluated, policy-enforced, connected or blocked, and analyzed. If any part of this process is missing or performs incorrectly, it can allow for a malicious act to advance along an attack chain. In this case, you don’t just lose a sale–you can lose your company’s crown jewels.

Enterprise digital marketers use costly and complex tech stacks (just ask any CIO how much of the IT budget supports marketing) to be present across the web at every possible touchpoint where a buyer may start contemplating a purchase, like a search engine result page. ZMOT showed that they must actively manage their online presences to influence and engage customers.

In cybersecurity, a similar real time dynamic must take place to understand behaviors and intentions to prevent against the onslaught of evolving threats and hacks. Cyber teams can now use two modern frameworks in unison to reduce and control their attack surface and threat exposure while harnessing the fullest extent of available data: zero trust architecture (ZTA) and continuous threat exposure management (CTEM).

These complementary frameworks can give you a robust defense against modern cyber threats. Integrated ZTA and CTEM can continuously validate and monitor all access requests and activities, ensuring that even if a threat bypasses initial defenses, it can be quickly identified and mitigated. In other words, data and insights from a ZTA inform CTEM to make better risk prioritization decisions at the “zero moment of trust.”

Much has already been published about CTEM, but the easiest way to understand it is to compare it to a group of hall monitors who are always walking around the school, checking every nook and cranny to make sure everything is secure. They're not waiting for something to happen; they're actively looking for any signs of trouble, like an open window or a broken lock, and they fix it before someone sneaks in. The hall monitors in your environment are security tools and teams doing the ongoing monitoring to ensure that access controls and security measures (i.e., ZTA) are always up-to-date and effective against the latest threats.

Here’s a close look at how the two work together to create a fluid, proactive cybersecurity program with the tightest access controls possible.

Risk reduction - While ZTA minimizes the risk of unauthorized access through strict verification, ‌CTEM reduces the risk of vulnerabilities being exploited by continuously identifying, prioritizing, and addressing potential threats. CTEM includes multifactor scoring to pinpoint your organization’s top risks.Risk prioritization helps when, for example, a critical CVE that’s sitting on an asset in a development environment is less crucial to remediate than a medium CVE sitting on an exposed asset that contains sensitive data and is used by someone who is known to regularly fail phishing tests. Some solutions can activate risk mitigation policies, assign, and track workflows, and automatically update your CMDB.

Adaptive defense - The combination allows for a more adaptive and resilient defense strategy. ZTA provides a strong baseline of security controls, and CTEM ensures these controls are continuously tested and improved based on emerging threats and vulnerabilities.

Real-time response - CTEM feeds intelligence into the ZTA framework, delivering real-time threat detection and automated responses to potential security incidents, minimizing the impact of any breach.

Comprehensive visibility - Together, ZTA and CTEM provide comprehensive visibility into user activities, access patterns, and potential vulnerabilities, enabling a complete view of the security landscape and more informed decision-making. You can better understand the implications of exposures in the context of your own unique environment, including mitigating controls in place and current threat intelligence.

Security is a data problem you can now fix

The feedback loops between ZTA and CTEM can help security teams understand cyber-related business risks in an entirely new way. You can finally connect the dots between data sets and data sources from across your infrastructure and tools for nuanced insights. CISOs have been asking for automated data correlation, risk prioritization, and posture insights to understand and mitigate risk across their global systems. Now they can have it.

ZTA and CTEM on their own are powerful frameworks. When combined the result can be a robust, adaptive, and resilient cybersecurity defense program ready to face the challenges of today and tomorrow. Intelligent cloud-based platforms are finally here to make it all possible, and not a moment too soon.

About the Author

Christopher Jablonski is Director, CXO REvolutionaries & Community at Zscaler. He’s held marketing, editorial, and research analyst positions at successful brands across the high tech and media industry, including Adobe, CBS Interactive, Riverbed, and Tradeshift. His specializations are CXO thought leadership, content strategy, marketing, and executive communications.

Chris has contributed hundreds of articles to ZDNet, Cloud Security Alliance (CSA), Association of National Advertisers (ANA), Global Trade, Supply Chain Digital, Techonomy, and other publications. He earned a bachelor’s degree in business administration from the University of Illinois at Urbana/Champaign and has both studied and worked in Australia and Japan.