Zero Trust is a security concept based on the belief that organizations should not automatically trust anything – users, data, documents, etc. – inside or outside its perimeters. Therefore, organizations must constantly verify anything and everything trying to connect and pass through systems before granting access.
The Zero Trust security model assumes that a breach is inevitable or has already occurred, which constantly limits access only to what is being sought after and seeks out anomalous and/or malicious activity.
Zero Trust architecture requires organizations to continuously monitor and validate that a user and their device has the right privileges and posture. The organization must inventory all their service and privileged accounts and should establish controls about what and where they connect. One-time validation isn’t enough because threats and user attributes are all subject to change.
This framework is defined by various industry guidelines such as Forrester eXtended, Gartner’s CARTA, and more recently NIST 800-207, as an optimal way to address current security challenges for a cloud-first, work from anywhere world.
Zero Trust is one of the most effective ways for organizations to control access to their networks, applications, and data. It combines a wide range of preventative techniques including identity verification and behavioral analysis, microsegmentation, endpoint security and least privilege controls to deter would-be attackers and limit their access in the event of a breach.
It is not enough to establish firewall rules and block access by packet analysis – a compromised account that passes authentication protocols at a network perimeter device should still be evaluated for each subsequent session or endpoint it attempts to access. Having the technology to recognize ordinary versus anomalous behavior allows organizations to enhance authentication controls and policies rather than assume connection via VPN or SWG, meaning the connection is secure and trusted.
There are three guiding principles for Zero Trust:
Implementing Zero Trust is a continuous journey, as it cannot be implemented overnight. For many networks, existing infrastructure can be leveraged and integrated to incorporate Zero Trust concepts, but the transition to a mature Zero Trust architecture often requires additional capabilities to obtain the full benefits of a Zero Trust environment.
Embracing a Zero Trust security model, and re-engineering an existing security stack based on this model, is a strategic effort that will take time to achieve full benefits. It is not a tactical mitigation response to new adversary tools, tactics, and techniques.
A mature Zero Trust environment will afford cybersecurity defenders more opportunities to detect novel threat actors, and more response options that can be quickly deployed to address sophisticated threats. Adopting the mindset required to successfully operate a Zero Trust environment will further sensitize cybersecurity defenders to recognize ever more subtle threat indicators. Tactical responses will likely still be necessary even in a Zero Trust environment, but with the appropriate security model, mindset, and response tools, defenders can begin to react effectively to increasingly sophisticated threats.
How do I implement Zero Trust security?
As mentioned above, the path to achieving Zero Trust is an ongoing process. Often, Zero Trust is built upon your existing architecture and does not require you to rip and replace existing technology.
When assessing your organization to implement and maintain Zero Trust, there are five key points to keep in mind. With them, you can understand where you are in your implementation process and where to go next. These steps are:
Who uses the Zero Trust framework?
Ideally, all organizations should use the Zero Trust framework. Organizations that shift from traditional perimeter security to a zero-trust model increase their level of continuous verification capable of detecting threat actors faster and often stop them before damage occurs.
Is Zero Trust a viable long-term framework?
Yes, Zero Trust is a viable long-term solution so long as your organization practices and maintains good security hygiene. Zero Trust is a journey, not a destination, and will require tuning depending on the growing and shifting needs of your organization.
Are there downsides to Zero Trust?
Having a comprehensive approach to securing access across networks, applications, and environments is critical to detecting and stopping threats. Because Zero Trust is a long-term commitment that requires constant attention, the amount of time and cost necessary for implementation, configuration, and maintenance can be a deterrent. However, the value of up-to-date security practices and the safety that often follows is worthwhile in the long run.
The Cognito® platform from Vectra® continuously monitors the behaviors of accounts, hosts and services, and applies supervised and unsupervised AI models to score these behaviors for threat, certainty and prioritization of risk.
As a result, Vectra delivers a continuous real-time assessment of privilege. This empowers security teams with the right information to anticipate what assets will be targeted by attackers, and to rapidly act against the malicious use of privilege across cloud and hybrid environments.
By using AI to efficiently find and prioritize hidden attacks in real-time inside your cloud services like Microsoft Office 365, Azure AD, cloud, data center, IoT, and enterprise networks before attackers cause irreparable harm to the organization, the platform allows security teams to prevent attacks earlier in the kill chain, ensuring that applications essential to business continuity are available and accessible for the entire extended workforce.
Time to stop the noise, blindspots and endless updates and tuning. Detect and respond to real attacks with the Vectra NDR platform.
Learn why NDR moves beyond malware detection and signatures that can only catch known threats and helps prioritize incidents to avoid alert fatigue.
Learn why security teams are struggling with the burden of maintaining outdated IDPS deployments that adds little value to their security posture.
550 S. Winchester Blvd., Suite 200
San Jose, CA, USA 95128
© 2020 Vectra AI, Inc. All rights reserved.