Sunday, September 8, 2024

The Advent Of "Trusted Source" In Cybersecurity

 


One of the biggest buzz words that has been (or still continues to be?) is that of “Trust”.  This is a word we hear often, both in our professional and personal lives.  But, no matter in what venue you hear it in, have you ever thought to think what trust really means?  Well, as it relates to Cyber, here is a definition of it:

“At the heart of trust in information security is authentication, the process of verifying the identity of a user, device, or system. Authentication methods can include something a user knows, something a user has, or something a user is.”

(SOURCE:  https://asmed.com/understanding-trust-in-information-security-a-comprehensive-guide/#:~:text=At%20the%20heart%20of%20trust,or%20something%20a%20user%20is.)

So really, it is all about making sure that the individual who wants to get access to your shared resources is actually who they are claiming to be.  There are many ways to do this, ranging from the ever so famous password to challenge/response questions, to the RSA token, to the One Time Password (OTP), and even down to Biometrics. 

Given the advent of Generative AI and how it can be used to create something that is fake which is extremely hard to discern if it is real or not, businesses are opting to use multiple layers of identification.

This is known as “Multifactor Authentication”, or “MFA” for short.  Essentially, you are using at least three or more layers of authentication.  But, in order to make this robust, all of the authentication mechanisms must be of a different nature.  For example, using a password along with an RSA token, and using something like Fingerprint Recognition in a quick, successive fashion.

But now, there is a new term that is being bandied about in the world of Cyber, and this is called the “Trust Anchor”.  What is it, you may be asking.  Here is also a definition of it:

“Trust anchors serve as authoritative data sources that provide verifiable and accurate identity information.”

(SOURCE:  https://www.darkreading.com/cybersecurity-operations/trust-anchors-in-modern-it-security)

So the key here is a source that you can use to confirm the identity of an individual that are deemed to be reputable.  These entities can be both human and non-human.  For instance, it can be a passport, a state ID card, or even an outside, third party that you deem to be honest.  These can include the credit reporting agencies, and even background check companies.

Using a “Trusted Source” does have some key advantages and disadvantages.  Here is a sampling of them:

The Advantages:

Ø  It can statistically reduce the chances of fraudulent activity happening down the road.  This is especially useful for cross-referencing any information and data that you have on a particular individual.

 

Ø  It can help to make sure that whatever information you use in your company actually comes from a reputable source.  The prime example of this is once again Generative AI.  As I have written about in the past, a good model needs tons of data in order to keep it robust.  It’s like all of the fluids that go into your car, from the gas to the oil to the brake stuff.  All of this needs to be filled up by a “Trusted Source”, such as a mechanic that you know can do the job well.  For the Generative AI model, you also need to make sure that the datasets you collect to feed it also come from a very reputable source.  If not, not only will your results (the outputs) be highly skewed, but if you are using this model to drive parts of your business, it can even create horribly wrong outputs that will only tarnish your brand reputation.

The Disadvantages:

Ø  The privacy that is involved.  Even if you collect datasets that from a “Trusted Source” that you find to be highly reliable, you will be ultimately responsible for the safekeeping them.  Meaning, you need to make sure that you have the right controls in place in order to mitigate the risks of any kind of Data Exfiltration Attacks from  happening. 

 

Ø  Although it may sound like an oxymoron, you actually have to trust the “Trusted Sources” themselves.  For instance, if you are using a state ID to confirm the identity of an individual, you have to make sure that is genuinely authentic, not a fake one.  Also, if you decide to use a third party to provide you with “Trusted Data”, you need to make sure that you trust them first.  This can of course take time to develop, but as a rule of thumb, the best place to get started on this is to have an exhaustive vetting process in place before you select one.

My Thoughts On This:

Another strategic benefit of using a “Trusted Source” is that it can also help create a baseline from which to follow.  For example, you may procure your network security tools from a vendor that you inherently trust. 

As a result, you will also trust the log files that they output.  And from here, you can then create a baseline to determine what is actually deemed to be normal network activity.  Of course, anything outside of this should be deemed as abnormal patterns of activity. 

In a way, the above example is like building a “Chain Of Trust”.  The term “Trust” will always be around in Cybersecurity, but the important thing to remember is that you do not get caught up in all of technojargon that is out there. 

As long as you have faith in whatever “Trusted Source(s)” you make use of, that is all you have to be worried about.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...