Increasingly dangerous cyber threats require new countermeasures even in the defence sector. Patria is developing Zero Trust in close cooperation with companies in other NATO countries.
The fight against hackers attacking the networks of companies and organisations has long been an area of data security. But traditional firewalls and antivirus protection alone are no longer enough to stop more sophisticated cyberattacks.
It requires a new approach, called Zero Trust by IT professionals. As the name suggests, its underlying principle is "never trust, always verify".
– In the traditional model, authentication and granting access to data processing is done once, while in the Zero Trust model, checking is done all the time, compares Harri Valkonen-Moisei, Chief Architect in charge of Patria’s analytics.
Zero Trust assumes that there is no trusted user, device or network
Zero Trust assumes that there is no trusted user, device or network, but every login and use of data must be verified, authorised and protected.
According to Valkonen-Moisei, traditional security thinking has assumed that firewalls and other protection methods will keep an organisation's data on its own internal network safe from outsiders.
– In traditional thinking, bad actors are kept outside one's own network, while there are hardly any security controls inside the network. This used to work against hackers, but not in the current security environment and against new threats.
New threats require new countermeasures
In the security sector, increasingly dangerous threats are referred to as APT (advanced persistent threat). This means well-resourced and capable actors, often backed by state actors.
– Without extremely effective countermeasures, APT actors can break into the systems of large companies and states in a completely different way than ordinary hackers, Valkonen-Moisei points out.
A cyber attacker who has gained extensive access can install their own source code on information systems, which may be used only months later for criminal purposes.
– An intruder that goes deep into the systems is often difficult to detect, says Valkonen-Moisei.
A change in the approach to ensuring security is also necessary because the IT infrastructures of organisations are increasingly based on cloud services. In addition, employees work on different terminals, regardless of location.
In the Zero Trust security model, applications using artificial intelligence and advanced analytics vigilantly monitor online activity. This detects possible anomalies, for example in data transfer or abnormal user behaviour.
Zero-day vulnerabilities a big challenge
Valkonen-Moisei says that the traditional security thinking continues to work against amateur hackers who exploit known vulnerabilities. Naturally, this requires that devices and software are kept updated.
Instead, APT groups exploit zero-day vulnerabilities, the existence of which is previously known only to the attackers.
Relying on traditional prevention methods can, at worst, lead to a false feeling of security
This means that developers do not have ready-made patches to address these vulnerabilities. They have virtually zero days to develop and implement a fix once attackers start actively exploiting the vulnerability.
– It is essential to understand that traditional vulnerability scanners and antivirus software are based on prior knowledge of the vulnerability. But because there is no prior knowledge of a zero-day vulnerability, the principle behind traditional antivirus software cannot function.
According to Valkonen-Moisei, relying on traditional prevention methods can, at worst, lead to a false feeling of security. Security matters seem to be in order at the company, when reality is completely different.
Patria’s state-of-the-art products are based on Zero Trust
Ensuring data security is essential in all sectors, but it is especially important in sectors that are critical to safety and security of supply. In addition to defence, these include electricity and communication networks.
Patria has long followed the development of the Zero Trust model and has continuously added security-enhancing elements to its own systems and products. An example of this is Patria Analytics, an analytics platform over which Patria has built leading-edge management, monitoring and intelligence systems.
Patria’s CRAWLR cyber intelligence software is such a state-of-the-art product — it collects targeted and accurate information from sources such as websites, social media and dark web pages.
Patria has continuously added security-enhancing elements to its own systems and products
The Zero Trust security model is also used by Patria DOME, a geographic and conditions information system developed for military use.
NATO cooperation boosts development work
According to Valkonen-Moisei, ensuring security requires constant vigilance and close monitoring of sectoral developments. A new forum is provided by the cooperation of defence actors in NATO. Patria is involved, among others, in a research project of the NATO Industrial Advisory Group (NIAG), which outlines development trends related to Zero Trust.
NIAG serves as NATO’s adviser on technology and industry issues.
Patria is involved in a research project of the NATO Industrial Advisory Group (NIAG)
Twenty companies from different NATO countries participate in the data security project. In addition to the defence sector, companies such as providers of cloud services are involved.
Two data security experts from Patria participate in the project. Valkonen-Moisei is responsible for a working group whose task is to investigate one aspect of research.
– At meetings, data security experts share what has been done in each company in different aspects of Zero Trust. Everyone benefits from sharing good practices.
