What size Zero Trust would you like?
Zero Trust Architecture (ZTA), and cybersecurity in general, would be easier if you could walk into a Zero Trust shop instead of navigating a human and technological minefield featuring confused executives, reluctant employees, and a buzzword-heavy Zero Trust vendor landscape.
The fact that “humans don’t work in a Zero Trust manner” will not change anytime soon, but technology is something in your control.
Indeed, when surveys ask security teams what holds back their ZTA maturity, technology always comes back as one of the biggest problems. Legacy solutions either cannot function within segmented networks or become useless when isolating network workloads and services. Nowhere is this more true than with Zero Trust security solutions.
To help you figure out what you need to implement ZTA, here’s what the Zero Trust vendors trying to sell you security solutions should tell you.
Zero Trust is a continual practice that involves creating security architecture, processes, and policies. Solutions can support and enable ZTA, but they can’t create it.
However, as you develop enhanced identity governance, policy-based access, and micro-segmentation, deploying ZTA-ready solutions becomes important. This is both to enable ZTA processes to happen and to monitor user and network traffic within an environment that is likely a lot different than before.
ZTA changes a network environment from a flat network where data flows unchallenged once a device is verified at the perimeter into a segmented environment where access to network resources is granted per session (as per NIST SP 800-207).
For a Zero Trust security solution to work in this, it needs to bridge gaps between different point solutions across network segments. This includes talking to your security information and event management (SIEM) as well as Microsoft 365, Azure, AWS, etc. Ideally, this should happen at the API level.
The best response to this challenge is using a security solution that collects unified data from across devices, endpoints, and servers and integrates information by default.
Learn more: How to Implement Zero Trust with SenseOn
Micro-segmentation, a fundamental part of ZTA, breaks up east-west traffic flow and theoretically helps reduce the risk of lateral movement inside a network. This shift in network architecture creates a major challenge for traditional network detection and response (NDR) solutions.
Traditional NDR solutions are not designed to handle the complexity of micro-segmentation. They also don’t focus on east-west traffic. NDR solutions tend to rely on monitoring traffic at the network perimeter and cannot get enough telemetry in a ZTA environment to function correctly.
One solution to understand network traffic in this situation is to do deep packet inspection at the source on the endpoint before any network encryption happens. Getting telemetry in this way bypasses the visibility challenges that segmentation creates.
Learn more: Why EDR and NDR Tools Are Not Zero Trust Security Solutions & What to Use Instead
With ZTA, the focus for threat detection and response must move towards user and device identity and context. Looking at data from point solutions in isolation is not enough. Security solutions need to continuously monitor users and determine trust based on context.
For example, a solution needs to understand whether a device connection is safe based on what its user is allowed to do when located in a particular place. A connection might come from a trusted device, but the fact that the connection comes from the US when that user’s job role is in the UK should raise a red flag.
The information needed to understand this kind of context is typically not hard to get, but the real challenge lies in pulling data from different devices and access monitoring solutions together.
Learn more: Why Traditional Security Solutions Don’t Fit Zero-Trust Architecture
Most solutions are typically focused on a particular isolated process, such as monitoring endpoint activity, rather than looking at that activity in the context of who is using the device and what they are allowed to do.
SenseOn is a cloud-native security platform that addresses the challenges traditional endpoint detection and response (EDR) and NDR solutions face when deploying a ZTA. SenseOn’s approach is based on the following fundamental principles:
➤ Continuous visibility. SenseOn’s Universal Sensor collects and analyses telemetry data from all devices and applications in the network, providing constant visibility into user and device behaviour. This data is used to identify anomalies and potential threats, even in a micro-segmented environment.
➤ User and device context. SenseOn uses machine learning to understand the context of user and device behaviour, such as the user’s login time, usual programs run, and network resources being accessed. This context is used to make more informed decisions about the nature of the monitored activity.
Contact us to learn more.