“Just make us Zero Trust.” Hands up if you’ve ever heard some version of this statement.
Gather ten cybersecurity pros in a room, and you’ll have ten frustrated people trying to implement Zero Trust Security Architecture (ZTA).
Although boards and non-security executives often understand the ZTA security model at a high level and love the idea of an inherently secure network, security teams keep running into walls during implementation.
In this article, we explain why traditional NDR and EDR solutions cannot keep up and how SenseOn meets the challenges of ZTA.
Any organisation trying to build out ZTA will fundamentally change how their network functions. They will also find that as they do, the traditional security solutions they use (even those sold as “Zero Trust”) will be unable to keep up.
Here’s what ZTA does and why it can make security solutions struggle.
In a mature ZTA environment, default deny is the norm and user access is based on access policies, role permissions, and user identity.
This access is strictly enforced and continuously monitored through allow listing. The network perimeter eventually dissolves, and what comes in and out is less interesting.
➤ A ZTA environment reduces visibility. Traditional NDR solutions rely on monitoring traffic as it interacts with firewalls along the network perimeter. ZTA reduces the network perimeter’s significance, and network monitoring traffic inside the network becomes essential. Few NDR solutions can look at internal (east-west) network traffic with the level of granularity needed to compensate.
➤ SenseOn provides organisations with a comprehensive view of user and device behaviour. By collecting and analysing telemetry data from all devices and applications in the network, SenseOn collects enough data to identify anomalies and potential threats, even in a micro-segmented environment.
Access control is at the core of ZTA and extends to data flows. To limit the potential for unauthorised lateral movement, a ZTA network is divided into smaller segments in a process called micro-segmentation. This network segmentation means that applications are only allowed to talk to the system resources they need in order to function.
➤ Micro-segmentation disrupts the data flows that NDR solutions rely on. Traditional NDR and EDR solutions are not designed to handle the decentralised data that is often found in a ZTA environment. Traditional solutions are typically focused on monitoring data stored in centralised locations rather than data stored in multiple locations, with NDR relying on physical probes being deployed.
➤ SenseOn’s continuous visibility capabilities address the challenges of reduced visibility in a ZTA environment. By collecting and analysing telemetry data from all devices and apps in the network, SenseOn provides organisations with a comprehensive view of user and device behaviour. This data can be used to identify anomalies and potential threats against Zero Trust Network Access (ZTNA) in on-prem and cloud services environments.
Although ZTA is primarily about policies and procedures, organisations must continuously monitor their network for anomalies. The reason why is that achieving a perfect Zero Trust environment is impossible, and as your attack surface expands, an effective security solution becomes more important.
➤ Traditional EDR solutions are not designed to track and analyse user actions across different devices and applications. EDR solutions are typically focused on monitoring endpoint activity rather than user behaviour. This means they cannot spot the insider threats that Zero Trust environments are vulnerable to.
➤ SenseOn’s user and device context capabilities thrive in segmented networks. By understanding the context of user and device behaviour, SenseOn can make informed decisions about access requests in real time. This helps to reduce the risk of lateral movement in a micro-segmented environment.
In ZTA, access is everything, and the ability to access something in a network is a dynamic permission. Whether a user or machine can access a network asset depends on various factors, including user behaviour, device health, location, and the sensitivity of the resource being accessed.
➤ Traditional EDR solutions struggle with device-related security assessments. Assessing the holistic picture of security (i.e., what is going on at the application, endpoint and user level) continuously is important for ZTA. However, EDR solutions are typically focused on detecting threats on endpoints rather than assessing the security posture of devices. This makes them a poor fit for ZTA operations.
➤ SenseOn can make informed decisions about access requests. SenseOn is able to understand the health and context of devices through its universal sensor. This helps to reduce the risk of unauthorised access to devices that have been compromised.
In a ZTA environment, sensitive data is encrypted both in transit and at rest to ensure its confidentiality and integrity. Only the intended recipient of data should be able to read it in an unencrypted form.
➤ Encrypted data can confuse NDR solutions because it hides the content and context of network traffic. This limits the ability of traditional solutions to perform deep packet inspection and content analysis, which are crucial for threat detection. The decryption overhead and secure key management required to access encrypted data can also introduce resource-intensive processes and potential vulnerabilities if not properly managed.
➤ SenseOn does deep packet inspection at the source. This happens on the endpoint prior to any network encryption, providing a deeper level of visibility than a traditional NDR can achieve.
SenseOn is a cloud-native security platform that addresses the challenges faced by security teams taking a Zero Trust approach to their network security.
SenseOn’s next-generation cybersecurity platform collects data in a unified format, uses automation and protects remote access, on-premises and hybrid multi-cloud Zero Trust environments.
With no impact on end-user experience, SenseOn can mitigate risk and enable secure access as your organisation moves towards a Zero Trust security model.
SenseOn thrives in environments where traditional security controls like EDR and NDR struggle.
Contact us to learn more.