“Zero trust (ZT) is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.” – NIST
Last year, I wrote about the National Institute for Standards and Technology (NIST) draft publication for the Zero Trust Architecture (NIST SP 800-207) or ZTA. We’ve also recently covered the reasons why network detection and response (NDR) is an essential component of NIST ZTA.
With the wide adoption of encrypted traffic and software as a service (SaaS) apps and non-enterprise-owned assets (e.g. contracted services that use the enterprise infrastructure to access the Internet), monitoring solutions that rely on deep packet inspection (DPI) will struggle to assess a possible attacker on the network.
But as NIST notes, “That does not mean that the enterprise is unable to analyze encrypted traffic that it sees on the network. The enterprise can collect metadata about the encrypted traffic and use that to detect an active attacker or possible malware communicating on the network. Machine learning techniques…can be used to analyze traffic that cannot be decrypted and examined.”
We’ve written that you don’t have to rely on decryption to detect threats, and why decrypting to inspect traffic is an ill-advised approach. In fact, we have been encouraging our customers to encrypt everything for a long time.
It fundamentally comes down to a few key points:
Encrypting all traffic on the network is fundamentally good. Therefore, successful implementation of ZTA requires a modern NDR solution that can collect metadata about encrypted traffic and use machine learning to detect malicious communications from malware or attackers in the network—without relying on the overhead of agents.
Vectra is the only U.S.-based FIPS-compliant NDR on the Department of Homeland Security CDM approved products list that uses artificial intelligence. Our AI includes deep learning and neural networks to provide visibility in large-scale infrastructures by continuously monitoring all network traffic, accounts, identities, relevant logs, and cloud events.
Every IP-enabled device on the network is identified and tracked, extending visibility to servers, laptops, printers, bring your own device (BYOD), and IoT devices as well as all operating systems and applications.
The Cognito platform from Vectra can detect advanced attacks as they are happening in all traffic, from cloud/SaaS and data centers workloads to user and IoT devices. We do this by extracting metadata from all packets and logs, without requiring decryption—read more in our white paper here.
The Cognito platform scores all identities in the platform on the same criteria as hosts. This allows you to see the observed privileges in your system as opposed to the static assigned privilege.
We applaud NIST for highlighting the importance of an NDR solution as a key part of any ZTA. At Vectra, we’re proud to offer a turnkey NDR solution to organizations on their journey to implementing a modern security architecture.
To find out how both NDR and Zero Trust will help organizations achieve these goals, schedule a demo today.
Marcus Hartwig is a director of product marketing manager at Vectra. Has been active in the areas of IAM, PKI and enterprise security for more than two decades. His past experience includes product marketing at Okta, co-funding a company in cybersecurity professional services, as well as managing a security product company – a combination that has left him passionate about all parts of product marketing, design and delivery.