Why Modern Cyber Security and Ransomware Threats Mean It’s Time to Move Beyond Least Privilege to Least Functionality

Least Functionality

John Walsh, SVP Business Development and Strategy at BedRock Systems Inc. 

The SolarWinds cyberattack went undetected for over a year before it was publicized last winter, following in the footsteps of many preceding cyberattacks. Unfortunately, many cyber threats remain undetected for long periods of time – most go undetected for 45-100 days and required another 60-70 days for remediation. And threats are increasing in severity and frequency, especially in operational technology – OT arena (i.e. recent Pipeline and Industrial Infrastructure attacks). 

As the world becomes increasingly interconnected, threat monitoring and detection methods have not been able to innovate to keep up with this change. Our response currently is to add more layers of abstraction for implementing new sensing technologies and algorithms to detect the threats. However, the amount of data organizations must sort through to find that needle in the data haystack continues to increase.  Organizations continue to unsuccessfully look for the “known unknowns,” in this massive amount of data which leaves them cleaning up after cyberattacks rather than preventing them in the first place.

Least Privilege and Least Functionality

The industry wants a software solution, but most software is buggy and has vulnerabilities – even the software that is supposed to help secure systems. Whether we like it or not, a new approach is required to effectively monitor and detect modern cyber threats. Yes, organizations should consolidate abstraction layers and reduce complexity, but even more than that, they should also consider implementing solutions that offer least privilege and least functionality.

Zero Trust, which relies on traditional identity and least privilege methods provides a secure foundation of trust. However, it’s time to move beyond least privilege to least functionality. Least functionality is a normal extension of the least privilege, defined by a zero level of trust. Least functionality enables organizations to intercept threats by securing their systems from the ground up. 

Instead of searching through the haystack of information for the “known unknown” cyber threats, organizations implementing a least functionality approach can model the applications based on activities they should be performing and deny the activities they should not be performing. Organizations can prevent the execution of instructions at very fine grain (binary) level that aren’t compliant with least functionality authorization by implementing a deny-listing or allow-listing of application functions that attempt to act beyond their designated level of privilege.

Active Security is the Future

This new approach transforms an organization’s passive security posture to an active one, limiting applications capability to perform only required and authorized functions and using a virtual secure foundation to isolate functionality in a trusted environment. This new approach is more effective compared to the traditional network monitoring and detection that has proven ineffective against zero day attacks – the most effective way to stop a zero day is with least privilege and least functionality.

Cyber-attacks on critical infrastructure are putting nations and people at risk every day, with businesses and governments devoting an ever-increasing number of resources to mitigate emerging cyber threats. It is time to move beyond traditional monitoring and detection, and implement a zero trust approach with least functionality for prevention. Take Sandworm, the Russian hacker group that hit Western Ukraine with a cyberattack and caused a blackout, turning off the lights for more than a quarter million Ukrainians. In critical infrastructure, where assets typically have a 15-20 year lifecycle, causing equipment failure can have serious consequences. In the case of Sandworm, it took months to restore the grid as teams determined what had failed and how to replace the damaged equipment. 

BedRock Systems provides critical infrastructure systems the security capability that requires minimal changes to policy and performance. The BedRock Hypervisor creates a secure layer between hardware and software/operating system to minimize the surface that threat actors can attack keeping people and industries safe and secure. With this virtualization layer, BedRock can monitor all processes in real-time and limit access to system resources an application requests to access. So, instead of passively searching for the needle in an ever growing data haystack, organizations that implement the solutions of least privilege and least functionality will be better prepared for the next generation of cyber threats.

Learn more about how BedRock provides a Trusted Computing Base with a minimal attack surface to transform the software foundation from edge devices to the cloud.

Share This Post