Why NDR is a Required Component of NIST Zero Trust Architecture

Why NDR is a Required Component of NIST Zero Trust Architecture

Why NDR is a Required Component of NIST Zero Trust Architecture

Why NDR is a Required Component

of NIST Zero Trust Architecture

Why NDR is a Required Component

of NIST Zero Trust Architecture

By:
投稿者:
Marcus Hartwig
October 22, 2020

“Zero trust (ZT) is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.” – NIST

Last year, I wrote about the National Institute for Standards and Technology (NIST) draft publication for the Zero Trust Architecture (NIST SP 800-207), or ZTA.

I am now glad to share that this document has been finalized after external public review. It does a great job of summarizing the key components of ZTA and the problem it sets out to solve. NIST writes:

“Traditionally, agencies (and enterprise networks in general) have focused on perimeter defense and authenticated subjects are given authorized access to a broad collection of resources once on the internal network. As a result, unauthorized lateral movement within the environment has been one of the biggest challenges for federal agencies.”

Due to an increasingly mobile and remote workforce alongside the rapid expansion of cloud services, modern enterprises are undergoing massive changes. As a result, traditional network security tools that depend on visibility at endpoints of on-premises networks—like intrusion detection and prevention systems (IDPS)—are becoming obsolete.

In ZTA we trust

Adopting a Zero Trust security paradigm, one that focuses on protecting resources (assets, services, workflows, accounts) and not network segments, has become a more popular approach.

ZTA relies heavily on continuous and accurate monitoring of the interactions between these resources on the network to evaluate and control access based on their behaviors. In fact, as noted in the NIST report, “An enterprise implementing a ZTA should establish a continuous diagnostics and mitigation (CDM) or similar system.”

With a CDM, or network detection and response (NDR), security analysts can answer questions like:

  • What devices, applications and services are connected to the network and being used by the network?
  • What users and accounts, including service accounts, are accessing the network?
  • What traffic patterns and messages are exchanged over the network?

The ability to address these questions underlines the importance of organizations to have visibility into all actors and components on their network so they can monitor and detect threats.

Vectra is the only U.S.-based FIPS-compliant NDR on the Department of Homeland Security CDM approved products list that uses artificial intelligence (AI). Our AI includes deep learning and neural networks to give visibility in large-scale infrastructures by continuously monitoring all network traffic, relevant logs, and cloud events.

The Cognito platform from Vectra can detect advanced attacks as they are happening in all traffic, from cloud/SaaS and data center workloads to user and IoT devices. We do this by extracting metadata from all packets and logs without requiring decryption — read more in our white paper here. Every IP-enabled device and account on the network is identified and tracked, extending visibility to servers, laptops, printers, BYOD, and IoT devices in addition to all operating systems and applications.

The Cognito platform scores all identities in the platform with the same criteria as hosts. This allows you to see the observed privileges in your system as opposed to the static assigned privilege.

We applaud NIST for highlighting the importance of an NDR solution as a key part of any ZTA. At Vectra, we’re proud to offer a turnkey NDR solution that empowers organizations on their journey to implement modern security architecture.

To learn more, check out our interactive demo or explore our product page.

About the author

Marcus Hartwig

Marcus Hartwig is a director of product marketing manager at Vectra. Has been active in the areas of IAM, PKI and enterprise security for more than two decades. His past experience includes product marketing at Okta, co-funding a company in cybersecurity professional services, as well as managing a security product company – a combination that has left him passionate about all parts of product marketing, design and delivery.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

Moving from Prevention to Detection with the SOC Visibility Triad

February 24, 2020
Read blog post
Security operations

Vectra and Microsoft Join Forces to Fulfill the SOC Triad

June 9, 2020
Read blog post
Breach

MFA is Not Enough - Malicious OAuth Apps in Office 365 are Here to Stay

June 24, 2020
Read blog post