 back to blog

Why NDR is a Required Component of NIST Zero Trust Architecture

Jonathan Barrett
Consulting Analyst
October 22, 2020
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

NIST's publication about Zero Trust Architecture goes live

Zero trust (ZT) is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.”

     – NIST

Last year, I wrote about the National Institute for Standards and Technology (NIST) draft publication for the Zero Trust Architecture (NIST SP 800-207), or ZTA.

I am now glad to share that this document has been finalized after external public review. It does a great job of summarizing the key components of ZTA and the problem it sets out to solve. NIST writes:

“Traditionally, agencies (and enterprise networks in general) have focused on perimeter defense and authenticated subjects are given authorized access to a broad collection of resources once on the internal network. As a result, unauthorized lateral movement within the environment has been one of the biggest challenges for federal agencies.”

Due to an increasingly mobile and remote workforce alongside the rapid expansion of cloud services, modern enterprises are undergoing massive changes. As a result, traditional network security tools that depend on visibility at endpoints of on-premises networks—like intrusion detection and prevention systems (IDPS)—are becoming obsolete.

In Zero Trust Architecture we trust

Adopting a Zero Trust security paradigm, one that focuses on protecting resources (assets, services, workflows, accounts) and not network segments, has become a more popular approach.

ZTA relies heavily on continuous and accurate monitoring of the interactions between these resources on the network to evaluate and control access based on their behaviors. In fact, as noted in the NIST report, “An enterprise implementing a ZTA should establish a continuous diagnostics and mitigation (CDM) or similar system.”

With a CDM, or network detection and response (NDR), security analysts can answer questions like:

  • What devices, applications and services are connected to the network and being used by the network?
  • What users and accounts, including service accounts, are accessing the network?
  • What traffic patterns and messages are exchanged over the network?

The ability to address these questions underlines the importance of organizations to have visibility into all actors and components on their network so they can monitor and detect threats.

Vectra's compliance in NIST's Zero Trust Architecture model

Vectra is the only U.S.-based FIPS-compliant NDR on the Department of Homeland Security CDM approved products list that uses artificial intelligence (AI). Our AI includes deep learning and neural networks to give visibility in large-scale infrastructures by continuously monitoring all network traffic, relevant logs, and cloud events.

The Cognito Platform can detect advanced attacks as they are happening in all traffic, from cloud/SaaS and data center workloads to user and IoT devices. We do this by extracting metadata from all packets and logs without requiring decryption—read more in our white paper. Every IP-enabled device and account on the network is identified and tracked, extending visibility to servers, laptops, printers, BYOD, and IoT devices in addition to all operating systems and applications.

The Cognito Platform scores all identities in the platform with the same criteria as hosts. This allows you to see the observed privileges in your system as opposed to the static assigned privilege.

We applaud NIST for highlighting the importance of an NDR solution as a key part of any ZTA. At Vectra, we’re proud to offer a turnkey NDR solution that empowers organizations on their journey to implement modern security architecture.

To learn more, check out our interactive demo or explore our product page.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch