How well do you sleep at night? Odds are you would sleep better if you could wake up to Zero Trust Architecture (ZTA).
A true ZTA network makes incident response wake-up calls far less likely by shutting down data breaches, ransomware threats or any kind of unauthorised network access. It would also save your organisation at least £500,000 over a four-year period, making your security efforts much easier to advocate for. That’s the dream anyway.
Unfortunately, for 99% of companies, ZTA like this is out of reach. Despite record spending on Zero Trust technologies and consultants and sustained interest from boards everywhere, achieving ZTA in the real world remains a massive challenge.
So what’s going wrong?
Threat actors typically have three core goals: stealing your data, destroying your data or using access to your network to attack other data and infrastructure.
The key word here is data.
Zero Trust Architecture brings the perimeter to sensitive data. It separates communication flows for controlling and configuring from application communication flows used to perform the organisation’s actual work. One part of the network is used to figure out who should get access to what data (control plane), and another part (access plane) makes that access possible.
For a comprehensive technical exploration of ZTA, see NIST 800-207.
The traditional way of stopping attackers was to focus on defending systems and networks. But these are either not the problem (i.e., a compromised device with no sensitive data and no method for escalation is not a major threat) or, in the case of networks, have grown so complex that they are not easily defensible.
Zero Trust moves your network from something like a university library where you have to verify your identity going in the door but can then go pretty much anywhere, into a museum where getting in is easy, but all the important exhibits are stored securely or monitored by security guards.
This happens through access control, continuous monitoring, micro-segmentation and traffic monitoring (particularly outbound traffic). ZTA assumes the network is hostile and all assets are internet-facing – a mind-shift change that makes illicit network access less of a problem because you presume the intruders are already inside.
“I like firewalls but just not as protective devices.” This is one of the ways that Randy Marchany, veteran CISO and SANS Institute expert, describes his journey to Zero Trust.
His point is that firewalls are great detection devices for logging network packets but poor protection devices because, ultimately, they have to let some things through.
Indeed, firewalled networks have so many access pathways (like port tunnelling and compromised Bluetooth devices) and unknown assets (69% of companies were compromised by an asset they didn’t know about, according to a 2022 ESG report) that perimeter defence is now almost impossible.
Firewalls log packets going in and out of a network but don’t help you identify complex threats like network insiders.
It’s also the case that many of the services used in any organisation are outside the perimeter anyway. Many devices are mobile, but so are servers. Everyone is using a cloud provider (like Amazon AWS) for a server function that once upon a time used to be provided from inside your network.
ZTA responds to these challenges by moving security closer to users and the data itself.
These three myths about ZTA need to go away:
Learn more about some of the other things Zero Trust vendors should tell you
ZTA can’t be achieved through technology alone, but security solutions play a significant role in ZTA’s success. Almost 1 in 2 CISOs state that companies working with legacy technologies that do not “support” Zero Trust is a central challenge.
ZTA breaks the traditional flat, perimeter-based network into a series of subnets (separated by firewalls), which, theoretically, do not have a perimeter with the outside web. Security relies on access control and least privilege access management.
This environment forces security solutions to:
Because ZTA security depends on understanding network traffic (inbound and outbound), ZTA tools need to establish at a granular level which apps and users are connecting to a resource and whether their behaviour, along with the posture of their device, aligns with their permissions or indicates a cyberattack.
With ZTA, your security tool stack needs to be able to spot links between users and network behaviour that are otherwise invisible.
This means going beyond the traditional tool stacks of endpoint detection and response (EDR), network detection and response (NDR), user entity and behaviour analytics (UEBA), etc., and combining security events and analysis into a single data flow.
Learn how SenseOn is helping companies implement ZTA in real-world environments.