Last week we kicked off a blog series on Zero Trust by demystifying the connection between Zero Trust and microsegmentation. This week we begin working through one of the tent poles of Zero Trust: visibility. Much of our work on Zero Trust is rooted in a recent report from Forrester Research on the Zero Trust eXtended Ecosystem.
While AWS is only one (large) component of the security landscape, it was interesting to be at the AWS re:Invent conference in late 2017. The No. 1 thing we consistently heard? It was about visibility. Everyone was seemingly concerned about visibility. The clouds you Instagram from the plane window are beautiful, but imagine being in one of those — it’s less light and fluffy than we think, and more murky and hard to see through. (Not to mention, you’d probably be in free fall.)
The same applies to clouds in our world: at AWS re:Invent, we consistently heard that organizations couldn’t see all their security controls. They lacked visibility. How could secure could they be without visibility?
How can you achieve compliance if you can’t see what’s what?
And without a clear picture of what’s happening, how can Zero Trust even be a possibility?
What Forrester says you need for Zero Trust
This would be a three-pronged context:
- Open APIs
- Scalable Data Ingest
- Customizable Reporting
Let’s take those one-by-one.
Open APIs: Forrester believes any platform suited for Zero Trust will have robust APIs and integrations across multiple systems and devices, noting “any vendor or technology worth their salt will have advanced API integration…If your selected technology doesn’t have solid APIs to use, find a vendor that does.” The necessity of open APIs comes from a need to extract valuable information network-wide.
Does FireMon have Open APIs? As Marge Gunderson might say: “You betcha.” We have a full suite, and customers use it to reel in data from across their entire network.
Scalable Data Ingest: If you’re bringing in petabytes of data — and many organizations are — that massive scale shouldn’t choke the network. If that happens, what use is the API library? Scaled data ingest simply means a data fabric that can support high-throughput: surges, network segments, platform shifts (cloud, virtual, containers) and traffic. Without the ability to support this throughput, the data ceases to become real-time; when the data isn’t real-time, visibility is significantly reduced.
Does FireMon have Scalable Data Ingest? We actually have a built-in Elastic backend. This is a unique feature that allows for zero latency, zero questions left unanswered and — wait for it — Zero Trust to be a reality.
Customizable Reporting: One major flaw across business in general right now is the assumption that simply having data — the process/act of pulling it in — is going to elevate your company somehow. It’s unfortunately not. Now apply this all to Zero Trust. If you’re trying to achieve visibility in a Zero Trust network, you need to (a) pull that data in — see above — and then (b) assess said data in customizable, sub-second reports. Enterprise networks are like snowflakes: they are composed of the same materials but in particular arrangements. This truism is exaggerated in Zero Trust. When every partition of the network is a tiny splinter of organization-specific resources, workloads, devices and people, you’ll need to see the network with unique views into the data.
Does FireMon have Customizable Reporting? Of course. It’s also configurable to your specific needs. And it’s real-time, which is relatively rare in the hybrid security space. Everything you need, though, you’ll be able to assess — and quickly.
What’s the next step going to be?
Well, now you’ve got some visibility into your network. That’s the first, most essential step for Zero Trust. Next up you need to analyze that network, and we’ll be covering that in the next post.