Discover and triage legacy apps
Overview
Implementation Effort: High – Requires collaboration between IT, network, security, and application teams to inventory and assess legacy applications, but can be streamlined using available tools. User Impact: Low – The discovery and triage process is conducted by administrators without direct user involvement or disruption.
Create an inventory of applications and resources in the environment that use legacy protocols (Windows Integrated Authentication, NTLM, etc.). As part of a zero trust strategy, this inventory is important for planning, triage and strategize the approach and controls to align to zero trust principles (as much as possible/feasible per the technical constraints specific applications) This process involves discovering the applications (potentially through scanning network activity), cataloging these applications, assessing their authentication mechanisms, and determining their compatibility with modern identity solutions.
In the context of Zero Trust, this activity aligns with the principle of Verify explicitly by ensuring all applications are known and can be subjected to appropriate authentication and authorization policies. It also supports Assume breach by identifying applications that may be vulnerable due to outdated authentication methods, thereby reducing the attack surface.
Failure to perform thorough discovery and triage can result in unmanaged applications that bypass security controls, use weak or legacy authentication methods, or have excessive permissions, increasing the risk of data breaches and unauthorized access.