For organizations, it’s crucial to have a granular level of visibility in terms of network security. Read on to know ZTA helps organizations to achieve a much more granular level of visibility.
Although Zero Trust Architecture (ZTA) is not a new notion, many in the networking industry have begun to wonder how network visibility analytics fits into the equation after several organizations have adopted the ZTA. Before getting into the answer, let’s get to know about the basics of what is ZTA all about.
By removing implicit trust from an organization’s IT infrastructure, a zero trust security architecture is designed to reduce cybersecurity risk. Access to corporate resources is granted or denied in a zero trust security model based on the access and permissions assigned to a particular user based on their role within the organization.
The security risks associated with a perimeter-based security model is eliminated with a zero trust security model. Access requests are granted on a case-by-case basis rather than simply trusting everyone within the perimeter. These decisions are based on role-based access controls, which infer a user’s or application’s permissions from their role and responsibilities inside the organization.
NIST and ZTA
While we have several vendors defining ZTA in their own terms, let’s explore its impact on network visibility and the requirements.
According to the National Institute of Standards and Technology (NIST) in the U.S, “zero trust is the term for an evolving set of cybersecurity paradigms that moves defenses from static, network-based perimeters to focus on the users, assets and resources. ZTA uses zero trust principles to plan industrial and enterprise infrastructure and workflows.”
The main principles of NIST on the ZTA approach include that the overall private network of an enterprise is not considered an implicit trust zone. The enterprise may not own or configure the devices on the network.
There is no resource that is inherently trustworthy. Not all resources of the enterprise are hosted on enterprise-owned infrastructure. The local network connection of remote enterprise subjects and assets cannot be trusted completely.
Security policies and postures for assets and workflows moving between enterprise and non-enterprise infrastructure should be consistent.
Relevance of ZTA to Network Visibility
There are three NIST architecture approaches for ZTA that have implications for network visibility. The first is to use enhanced identity governance, which entails leveraging a user’s identity to only enable access to specific resources after it has been verified. The second method is to use micro-segmentation, such as when dividing cloud or data centre assets or workloads and segmenting that traffic from others in order to contain but also prevent lateral movement. Finally, network infrastructure and software defined perimeters, such as Zero Trust Network Access, which allows remote workers to connect to only specific resources, are used.
Monitoring of ZTA deployments are also described by NIST. It’s worth noting that network performance monitoring will necessitate security capabilities for visibility. This includes asset logs, network traffic, and resource access actions, all of which should be inspected and logged on the network and analysed to identify and respond to any potential threats.
NIST is also concerned about the inability to access all relevant and encrypted traffic, which could originate from non-enterprise-owned assets such as contracted services that use the enterprise infrastructure to access the internet or applications and/or services that are resistant to passive monitoring. Organizations who are unable to perform deep packet inspection or examine encrypted information must rely on alternative approaches to assess a potential attacker on the network.