“Zero trust (ZT) is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.” – NIST
I am now glad to share that this document has been finalized after external public review. It does a great job of summarizing the key components of ZTA and the problem it sets out to solve. NIST writes:
“Traditionally, agencies (and enterprise networks in general) have focused on perimeter defense and authenticated subjects are given authorized access to a broad collection of resources once on the internal network. As a result, unauthorized lateral movement within the environment has been one of the biggest challenges for federal agencies.”
Due to an increasingly mobile and remote workforce alongside the rapid expansion of cloud services, modern enterprises are undergoing massive changes. As a result, traditional network security tools that depend on visibility at endpoints of on-premises networks—like intrusion detection and prevention systems (IDPS)—are becoming obsolete.
In ZTA we trust
Adopting a Zero Trust security paradigm, one that focuses on protecting resources (assets, services, workflows, accounts) and not network segments, has become a more popular approach.
ZTA relies heavily on continuous and accurate monitoring of the interactions between these resources on the network to evaluate and control access based on their behaviors. In fact, as noted in the NIST report, “An enterprise implementing a ZTA should establish a continuous diagnostics and mitigation (CDM) or similar system.”
With a CDM, or network detection and response (NDR), security analysts can answer questions like:
The ability to address these questions underlines the importance of organizations to have visibility into all actors and components on their network so they can monitor and detect threats.
Vectra is the only U.S.-based FIPS-compliant NDR on the Department of Homeland Security CDM approved products list that uses artificial intelligence (AI). Our AI includes deep learning and neural networks to give visibility in large-scale infrastructures by continuously monitoring all network traffic, relevant logs, and cloud events.
The Cognito platform from Vectra can detect advanced attacks as they are happening in all traffic, from cloud/SaaS and data center workloads to user and IoT devices. We do this by extracting metadata from all packets and logs without requiring decryption — read more in our white paper here. Every IP-enabled device and account on the network is identified and tracked, extending visibility to servers, laptops, printers, BYOD, and IoT devices in addition to all operating systems and applications.
The Cognito platform scores all identities in the platform with the same criteria as hosts. This allows you to see the observed privileges in your system as opposed to the static assigned privilege.
We applaud NIST for highlighting the importance of an NDR solution as a key part of any ZTA. At Vectra, we’re proud to offer a turnkey NDR solution that empowers organizations on their journey to implement modern security architecture.
Marcus Hartwig is a senior product marketing manager at Vectra. Has been active in the areas of IAM, PKI and enterprise security for more than two decades. His past experience includes product marketing at Okta, co-funding a company in cybersecurity professional services, as well as managing a security product company – a combination that has left him passionate about all parts of product marketing, design and delivery.