What is Zero Trust?

Zero trust is a cyber security paradigm designed for data and resource security amidst the growth of the remote workforce and cloud-based data storage. A zero-trust model implies no digital activity should be trusted and that all access and digital activity need to be continuously validated through authentication measures. The goal of zero trust is to protect data and services from unauthorized access. Consequently, a zero-trust architecture is the process by which organizations strategically plan and design a zero-trust security infrastructure.

In other words, a zero-trust security framework requires all users to be authenticated before being granted access to a network which contains information confidential to employees or members of an organization.  

The United States’ National Institute of Standards and Technology writes, “Zero Trust (ZT) provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.” ‍- NIST Zero Trust Architecture

‍

Legacy security tools were designed for a “castle and moat” security architecture. This means that a given device itself was trusted and had access to data by nature of being a recognized device. However, contemporary enterprises have digital landscapes that are everchanging and can no longer fit that ‘trust the device’ philosophy.  

Zero trust is a security philosophy responding to trends in enterprise networks. These include enabling the workforce for remote work and dealing with cloud-based environments. Similarly, home Wi-Fi solutions, situations where people bring their own devices (“BYODs”), and unapproved virtual private networks (VPNs) have created new gaps in company risk profiles. By replacing the implicit trust of the legacy device model with a dynamic and more cautious approach, zero trust models assume breaches will occur and verify user access intelligently. Under a zero-trust mindset, a user must verify their identity before a device has access to any company data.

Zero trust architecture (ZTA) refers to the design, strategy, and implementation which organizations take to developing a zero-trust security model. A zero-trust architecture involves organizations’ conducting network segmentation, identity/access management, continuous monitoring, privileged access management.  

The eight pillars of ZTA according to the U.S. General Services Administration are:

User: Monitoring user identification, authentication and access control policies verifying user connections to the network.

Device: Performs “system of record” validation of user-controlled and autonomous devices to determine acceptable cyber security posture and trustworthiness.  

Network: Isolates sensitive resources from being accessed by unauthorized people or things by dynamically defining network access, deploying micro-segmentation techniques, and controlling network flows while encrypting end-to-end traffic.  

Infrastructure: Ensures systems and services within a workload are protected against unintended and unauthorized access and potential vulnerabilities.  

Application: Integrates user, device, and data components to secure access at the application layer.

Data: Involves focus on securing and enforcing access to data based on the data’s categorization and classification to isolate the data from everyone except those that need access.  

Visibility and analytics: Provides insight into user and system behavior analytics by observing real-time communications between all zero trust components.  

Orchestration and automation: Automates security and network operational processes across the ZTA by orchestrating functions between similar and disparate security systems and applications.  

Identity-based segmentation: This is a micro-segmentation technique that segments a network based on user accounts. Micro-segmentation is the process of allowing specific accounts in an organization to have varying levels of access to applications and other information unique to each individual user.  

Network segmentation: This involves dividing the network into smaller segments to limit access to sensitive information.

Least privilege principle: This requires service accounts to have limited capabilities. This entails that a service account maintains the minimum affordances required for the account to fulfill its necessary task. For example, an account that manages purchase orders should be limited to only access the required information and permissions related to purchase orders. This stops attackers from laterally moving through a network if they gain access to this account.  

The key tenants of zero trust are simplified below according to the NIST SP 800-207 on zero-trust architecture:  

• All data sources and computing services are considered resources
• All communication is secured regardless of network location.
• Access to individual enterprise resources is granted on a per-session basis
• Access to resources is determined by dynamic policy—including the observable state of client identity, application/service, and the requesting asset—and may include other behavioral and environmental attributes
• The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
• All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
• The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture.

‍

Zero trust is typically implemented in the form of security policies, via micro segmentation, web gateways, or least-privilege access control. It is often associated with the Secure Access Service Edge (SASE), SD-WAN, and other security and networking services designed to accommodate the new shape of digital business.  

Zero-trust technologies enforce guardrails for organizations with rules and policies designed to reduce risk exposure by eliminating unnecessary access and privileges across critical IT systems.  

There will never be a true state of zero trust and therefore there never will be a state of zero risk in the enterprise. Zero trust isn’t a status that can be achieved – rather, it’s a philosophy that organizations adopt.

People, processes, and technologies are constantly changing so risk management efforts will be constantly underway. Zero-trust technology should be dynamic by nature as the risk it intends to mitigate is as well. Darktrace AI constantly and dynamically analyzes your entire infrastructure, whether it is in the cloud, on premise, or even in software applications.  

‍

AI-based threat detection, like Darktrace, aligns with the core tenant of zero trust: assume the risk of a breach. Darktrace indiscriminately inspects asset activity (data, apps, devices) for suspicious behavior without contrasting it against a list of approved activity. As it looks at patterns of usual activity rather than white/blacklisting, Darktrace by default never has a trusted source. Its real-time monitoring analysis continuously looks for attack symptoms and suspicious events even within authenticated or authorized paths.  

Darktrace delivers unified and adaptive protection across heterogenous, hybrid, and service-based micro segmented architectures, including email, cloud, and application environments as well as remote endpoints, IoT, ICS, and the corporate network.  

Darktrace delivers deep visibility into all user and machine activity down to the packet layer, enabling a full assessment of the data environment and architecture to autonomously discover resident threats or malicious activities flowing over legitimate paths.  

‍