Global Independent Study of 500 Senior Level Respondents Provides Clear Picture for the Future of Network Security
This is part 3 of a 6-part series addressing The Future of Network Security findings. Read Part 1 here.
If traditional network defenses are visualized as castles and moats, Zero Trust Architectures (ZTAs) can be visualized more like a museum. Anyone can enter. They can sit on the benches and use the water fountains, but the treasures are individually secured with their own alarms and protective barriers. Employees have access only to the resources they need to do their jobs. There is no implicit trust. Instead, there is least privileged access. The person in charge of dinosaur bones can’t handle the gold chalices, and the person in charge of chalices can’t get close to the bones.
While Zero Trust Architectures (ZTAs) won’t replace traditional defenses overnight, their focus on restricting access and protecting individual resources is resonating with IT security leaders. In The Future of Network Security, an independent study sponsored by FireMon, 17% of the 500 IT leaders who responded said they have begun implementing ZTAs as part of their network security strategy. Another 69% plan to implement ZTA by 2023.
69% plan to implement ZTA by 2023
5 Top Drivers of Zero Trust Architecture
Zero Trust Architecture was rapidly being adopted before COVID-19, and interest only accelerated as the pandemic raged. Suddenly, the need to provide secure remote access at scale was critical, especially as hackers leaped into the void and the frequency of data breaches and ransomware attacks shot up.
|5 Top Drivers for Zero Trust Architecture|
|Greater need for secure remote access due to COVID-19||26%|
|Reduce cybersecurity risk||25%|
|Streamline trusted user access to corporate applications||18%|
|Support transition to cloud architectures||18%|
|Manage risk from third-party software, BYOD, and shadow IT||14%|
Zero Trust Architecture mitigates one of the greatest cybersecurity challenges businesses face today – the challenge of preventing lateral movement by unauthorized users.
The most common method attackers use to gain access to a network is through the use of stolen credentials, typically acquired through some sort of social engineering, such as a phishing attack or a malicious website. Once access has been achieved, an attacker will work to gain increased privileges, and then use those privileges to search for valuable assets, install back doors, and gain knowledge about the network that can be used to plot a future attack.
Stolen credentials gained through social engineering will always be the Achilles heel of a security strategy because human error is evergreen – so since unauthorized access can’t be completely stopped, it must be mitigated. ZTA addresses that reality by protecting the assets inside the network individually by setting policies at a granular level, using context to detect anomalous activity, and preventing compromised accounts from accessing resources.
|Measuring Your Zero Trust Level|
|Zero Trust Contributors||Zero Trust Inhibitors|
Defining Zero Trust
A Deeper Dive into Zero Trust Architecture
- Secures East-West traffic
- Creates boundaries within East-West traffic
Next Generation Firewalls (NGFW) and Firewalls as a Service (FWaas)
- Firewall interfaces are configured into connect network segments into security zones
- Each zone is secured with a unique set of rules that only grant access to users, devices, and services that are authorized to access the zone
- SD-WAN connects to cloud providers and newer types of endpoints
- SD-WAN handles encryption well but isn’t as good at authentication
Zero Trust Network Access (ZTNA)
- The most widely-recognized architecture in ZTA
- Creates an identity- and context-based boundary around a resource
- Removes visibility of assets from unauthorized actors
- Creates an identity- and context-based boundary around a resource
Secure Web Gateway (SWG)
- Filters unsecured traffic and enforces policy compliance
- Zero Trust
- Discovers cloud services and assesses readiness according to policies
Network Security Policy Management
- Visibility across heterogenous infrastructure
- Policy orchestration to adapt to change and respond to threats without manual intervention
- Ensure continuous compliance with zero trust policy
Zero Trust Architecture is not a product. Rather, it is a concept built on people, workloads, devices, networks, and data.
Zero Trust ensures that only authorized users gain access to the right apps and services.
Privileged user management
Browser isolation technology
Zero Trust identifies and categorizes workloads and to subjects them to the appropriate security controls.
cloud workload security
container security configuration
VM security configuration
runtime container security
web application firewalls
cloud security gateways
workload asset management
Zero Trust monitors endpoints to ensure their identities are trusted and the correct security policies are applied to them.
Device asset management
Endpoint security suites
Device posture checking
Endpoint detection and response
Mobile security suites
Zero Trust applies strict access controls to networks through the use of network asset visibility.
Network transmissions protocol security
Network device configuration management
Network security policy management
Network segmentation, virtual and physical
Zero Trust protects data at rest, in transit, or in use through the application of consistent data security policies.
Data asset classification
Data leakage prevention
File integrity monitoring
The Fundamentals of Zero Trust: Visibility and Orchestration
The ZTA system needs visibility in order to apply policies and control access properly. To acquire this visibility, three capabilities are necessary: open APIs, scalable data ingest, and customizable reporting.
|3 Essential Capabilities for ZTA Success|
|Open APIs||Scalable Data Ingest||Customizable Reporting|
|The use of open APIs will enable the organization to extract data from the entire network. This supports visibility by providing a way to capture insights from any connected system.||As systems are connected via APIs, the volume of data entering the network balloons. Scalable data ingest allows data ingestion in real-time, which is another pillar of visibility.||With so much data, there needs to be a way to understand it. And while all networks are unique, ZTA networks are especially so — every partition is a micro-network with its own workloads, devices, users, and resources. Customizable reports enable you to make fast assessments.|
Orchestrate the Management of Zero Trust Architecture
Traditional change management approaches won’t work with ZTA. There are too many contingencies to handle –and that means too many unintended consequences to account for. Instead, orchestration is used to automatically tell enforcement points how to behave.
That behavior isn’t really about following rules. It’s more about intent. Intent can be managed with a network security policy management solution that orchestrates activities between people, workloads, devices, networks, and data. These activities enrich an analytics loop that in turn helps the orchestration perform better as more intelligence is acquired.
Security teams can set a single global policy that applies to all network resources, no matter what the composition of the network is at any given moment. Intent-based security maps the overall security goal to specific rules, checks the design against all possible contingencies, scores the risk, and pushes it to the enforcement point. The results of the policy are monitored, ideally in real-time, and the network is commanded to adapt to changes.
The entire rule lifecycle must be automated for ZTA to be effective. Organizations already recognize the need for automation in the security policy management process – 98 report they’ve already automated their security policy management to some degree, and almost 80% plan to implement security orchestration and automation within two years.
NSPM is a strategic investment
90% of organizations say NPSM helps them improve speed and responsiveness. More than half intend to invest in NSPM in 2021.
When the Network is Everywhere, So are the Policies
Zero Trust Architecture creates so many endpoints that it would be impossible to manage them all manually. Rule sprawl and complexity are a natural consequence of Zero Trust Architecture, but they can be controlled with network security policy management. NSPM automates and orchestrates the processes that support visibility, analytics, and policy enforcement in a Zero Trust environment.
|The Value of Zero Trust|
|Visibility||Orchestration||Integration Analytics||Compliance||Risk Analysis|
|Unified visibility across a heterogeneous infrastructure||Leverage existing IT infrastructure, PEPs, and workflows. Flexible APIs will simplify integration||Query policy across heterogeneous infrastructure, leverage access path analysis to pinpoint risky connections||Ensure continuous compliance, conduct pre-change assessments, and notify security and compliance teams when violations occur||Provides insights into risk across the environment and provides recommended remediations|
3 Principals for Implementing Zero Trust
- Leverage existing infrastructures and processes that support Zero Trust, such as CASB, SD-WAN, NGFWs, FWaaS, and SWGs.
- Policy is the heart of a Zero Trust Architecture, so acquire the ability to visualize, normalize, manage, and monitor rules across the entire network, including all endpoints.
- Use a network security policy management solution to gain visibility, integration, orchestration, compliance, analytics, and risk analysis.
Zero Trust is now essential
Since 2018, FireMon has been recognized by Forrester as a Zero Trust platform.
According to Forrester, to be a Zero Trust platform, vendors must:
- Offer market-leading capabilities in at least three Zero Trust components
- Create unique technical advantages to solution integration
- Develop and support robust APIs and a partner ecosystem
FireMon delivers the necessary scalability, and real-time visibility to support Zero Trust – all driven by robust APIs and airtight integrations.