With the growing sophistication of hackers and malware, as well as a new era of connected mobile users, billions of IoT devices and public cloud applications being used everywhere, the Zero Trust Architecture is a new reality for many organizations. Zero Trust means no trusted perimeter. Everything is primarily untrusted and a device or user only receives the least privileged access. Even after authentication or authorization in some cases. A zero trust architecture is used to stop potential security breaches.
What is Zero-Trust architecture?
In many ways, a zero trust architecture is exactly that - an architecture based on the principle that nothing can be trusted. Under this philosophy, no device, user or application attempting to interact with your architecture can be considered to be secure. Quite the opposite in fact, as your starting position is to see everything as a potential threat requiring verification.
‘Zero trust’ as a concept was first introduced by Forrester Research and is generally considered by organisations who want a high level of assurance when protecting sensitive data and responding to modern cyber threats.
The “never trust, always verify” principle
Security models conventionally operate on the assumption that all internal network activities can be trusted. However, traditional methods have done little to stem the flow of cyber attacks and insider threats, which means that a fresh approach is required. One such measure is to increase visibility into internal traffic and apply user context.
This can be achieved by using a next-generation firewall with decryption capabilities.
Security models are traditionally designed to protect the perimeter, leaving threats that enter the network uninspected, invisible and free to morph and move wherever they choose, often extracting valuable and sensitive business data.
Lateral movement security
The purpose of a zero trust architecture is to address lateral threat movement within a network by leveraging micro-segmentation and granular perimeters enforcement, based on data, user and location. This is also known as the “never trust, always verify” principle, determining zero trust.
The lateral movement represents the different techniques that attackers use to navigate through a network when searching for valuable assets and data. With traditional perimeter-based security, sub-perimeters are defined within networks by using a specific combination of rules. As an example, these rules may use the application traffic direction and context around a user to identify anomalies. When an anomaly occurs, the movement of a user or traffic direction is blocked. The spread of an attack within an organization is identified by the sub-perimeters.
The point of infiltration is most often not the target location of an attacker. This is why stopping lateral movement is a priority. Attackers that infiltrate an endpoint for example, often need to move laterally throughout the networking environment, in search of the data centre housing the targeted content.
How you define movement or access depends on the user and its defined appropriate or logical interactions and behaviour. Users from the marketing department for example, often have no access to sensitive financial files about the organisation, but would have access to CRM systems, marketing assets and content. Users from finance do have access to finance-related data sources, but not necessarily information from the human resources department or marketing department. This is why identifying who users are and whether their actions during a session are considered appropriate is so important, Which applications do they use or try to access? Are these sensible actions that fit with the user’s role and capabilities?
When these inspection points or junctions are not in place, it is close to impossible to identify and prevent unsanctioned access.
Developing a zero trust architecture
- Gain visibility and context for all traffic – across user, device, location and application – by using zero trust in conjunction with zoning capabilities for visibility into internal traffic.
- Gain traffic visibility and context. Traffic needs to run through a next-generation firewall that has decryption capabilities. Next-Generation firewall protection acts as the ‘border control’ within your organisation and enables micro-segmentation of perimeters.
- Have the ability to monitor and verify traffic as it crosses between the different functions inside the network.
- Add Multi-Factor Authentication (MFA) or other verification methods such as biometric verification, that increase the ability to verify users.
- Implement a zero trust approach. This helps to identify business processes, data flows, users, data, and associated risks. It also helps to set policy rules which can be automatically updated based on associated risks, during every iteration.
Related solutions
Understanding the basics of cybersecurity
Get your copy of this 70+ pages whitepaper, to learn more about cybersecurity and to feel comfortable in a security conversation. Or get in touch with us directly if you find this topic of interest.
Latest updates
Network segmentation Network security
Prevent lateral compromise with micro-segmentation
Why network micro-segmentation matters for network security and how it helps mitigate the spread of lateral compromise.
Herwig Mertens
AI-driven enterprise
From technology to transformation: The impact of AI on today's enterprises
An AI-driven enterprise leverages automation, data-driven insights, and enhanced engagement to fundamentally transform its operations and stay ahead of the curve.
Cybersecurity
Secure your future: Top cybersecurity trends for 2024
We’re on the brink of a new year again. Time to learn all about the most important and interesting cybersecurity trends for 2024.
Mohamed El Haddouchi