With growing sophistication of hackers and malware, as well as a new era of connected mobile users, billions of IoT devices and public cloud applications being used everywhere, the Zero Trust Architecture is a new reality for many organizations. Zero Trust means no trusted perimeter. Everything is primarily untrusted and a device or user only receives least privileged access. Even after authentication or authorization in some cases. A Zero Trust Architecture is used to stop potential security breaches.
What is a Zero Trust Architecture?
In many ways a Zero Trust Architecture is exactly that - an architecture based on the principle that nothing can be trusted. Under this philosophy, no device, user or application attempting to interact with your architecture can be considered to be secure. Quite the opposite in fact, as your starting position is to see everything as a potential threat requiring verification.
‘Zero Trust’ as a concept was first introduced by Forrester Research, and is generally considered by organisations who want a high level of assurance when protecting sensitive data and responding to modern cyber threats.
The “never trust, always verify” principle
Security models conventionally operate on the assumption that all internal network activities can be trusted. However, traditional methods have done little to stem the flow of cyber attacks and insider threats, which means that a fresh approach is required. One such measure is to increase visibility into internal traffic and apply user ocntext.
This can be achieved by using a next-generation firewall with decryption capabilities.
Security models are traditionally designed to protect the perimeter, leaving threats that enter the network uninspected, invisible and free to morph and move wherever they choose, often extracting valuable and sensitive business data.
Lateral movement security
The purpose of a Zero Trust Architecture is to address lateral threat movement within a network by leveraging micro-segmentation and granular perimeters enforcement, based on data, user and location. This is also known as the “never trust, always verify” principle, determining Zero Trust.
Lateral movement represents the different techniques that attackers use to navigate through a network when searching for valuable assets and data. With traditional perimeter-based security, sub-perimeters are defined within networks by using a specific combination of rules. As an example, these rules may use the application traffic direction and context around a user to identify anomalies. When an anomaly occurs, the movement of a user or traffic direction is blocked. The spread of an attack within an organization is identified by the sub-perimeters.
The point of infiltration is most often not the target location of an attacker. This is why stopping lateral movement is a priority. Attackers that infiltrate an endpoint for example, often need to move laterally throughout the networking environment, in search of the data centre housing the targeted content.
How you define movement or access depends on the user and its defined appropriate or logical interactions and behaviour. Users from the marketing department for example, often have no access to sensitive financial files about the organisation, but would have access to CRM systems, marketing assets and content. Users from finance do have access to finance-related data sources, but not necessarily information from the human resources department or marketing department. This is why identifying who users are and whether their actions during a session are considered appropriate is so important, Which applications do they use or try to access? Are these sensible actions that fit with the user’s role and capabilities?
When these inspection points or junctions are not in place, it is close to impossible to identify and prevent unsanctioned access.
Developing a Zero Trust Architecture
Gain visibility and context for all traffic – across user, device, location and application – by using Zero Trust in conjunction with zoning capabilities for visibility into internal traffic.
- Gain traffic visibility and context. Traffic needs to run through a next-generation firewall that has decryption capabilities. Next Generation firewall protection acts as the ‘border control’ within your organisation and enable micro-segmentation of perimeters.
- Have the ability to monitor and verify traffic as it crosses between the different functions inside the network.
- Add Two Factor Authentication (2FA) or other verification methods such as biometric verification, that increase the ability to verify users.
- Implement a Zero Trust approach. This helps to identify business processes, data flows, users, data, and the associated risks. It also helps to set policy rules which can be automatically updated based on associated risks, during every iteration.
Network Security & Cyber attack protection
Connect and Protect with Industry-Leading Efficiency, Availability and Security.
Next Generation firewall protection
Protection From sophisticated Threats and Unwanted Content.
Advanced DDoS Protection & Mitigation.
Infradata is a recognised leader and authority in DDoS protection solutions for high performance Networks.
Discover Infradata's holistic approach to DNS security with solutions built on technology from the world´s most innovative and leading vendors.