Why NDR is a Required Component of NIST Zero Trust Architecture

October 22, 2020
Jonathan Barrett
MXDR Security Analyst
Why NDR is a Required Component of NIST Zero Trust Architecture

NIST's publication about Zero Trust Architecture goes live

Zero trust (ZT) is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.”

     – NIST

Last year, I wrote about the National Institute for Standards and Technology (NIST) draft publication for the Zero Trust Architecture (NIST SP 800-207), or ZTA.

I am now glad to share that this document has been finalized after external public review. It does a great job of summarizing the key components of ZTA and the problem it sets out to solve. NIST writes:

“Traditionally, agencies (and enterprise networks in general) have focused on perimeter defense and authenticated subjects are given authorized access to a broad collection of resources once on the internal network. As a result, unauthorized lateral movement within the environment has been one of the biggest challenges for federal agencies.”

Due to an increasingly mobile and remote workforce alongside the rapid expansion of cloud services, modern enterprises are undergoing massive changes. As a result, traditional network security tools that depend on visibility at endpoints of on-premises networks—like intrusion detection and prevention systems (IDPS)—are becoming obsolete.

In Zero Trust Architecture we trust

Adopting a Zero Trust security paradigm, one that focuses on protecting resources (assets, services, workflows, accounts) and not network segments, has become a more popular approach.

ZTA relies heavily on continuous and accurate monitoring of the interactions between these resources on the network to evaluate and control access based on their behaviors. In fact, as noted in the NIST report, “An enterprise implementing a ZTA should establish a continuous diagnostics and mitigation (CDM) or similar system.”

With a CDM, or network detection and response (NDR), security analysts can answer questions like:

  • What devices, applications and services are connected to the network and being used by the network?
  • What users and accounts, including service accounts, are accessing the network?
  • What traffic patterns and messages are exchanged over the network?

The ability to address these questions underlines the importance of organizations to have visibility into all actors and components on their network so they can monitor and detect threats.

Vectra's compliance in NIST's Zero Trust Architecture model

Vectra is the only U.S.-based FIPS-compliant NDR on the Department of Homeland Security CDM approved products list that uses artificial intelligence (AI). Our AI includes deep learning and neural networks to give visibility in large-scale infrastructures by continuously monitoring all network traffic, relevant logs, and cloud events.

The Cognito Platform can detect advanced attacks as they are happening in all traffic, from cloud/SaaS and data center workloads to user and IoT devices. We do this by extracting metadata from all packets and logs without requiring decryption—read more in our white paper. Every IP-enabled device and account on the network is identified and tracked, extending visibility to servers, laptops, printers, BYOD, and IoT devices in addition to all operating systems and applications.

The Cognito Platform scores all identities in the platform with the same criteria as hosts. This allows you to see the observed privileges in your system as opposed to the static assigned privilege.

We applaud NIST for highlighting the importance of an NDR solution as a key part of any ZTA. At Vectra, we’re proud to offer a turnkey NDR solution that empowers organizations on their journey to implement modern security architecture.

To learn more, check out our interactive demo or explore our product page.