Solution Briefs

Re-Thinking Enterprise Security – Zero Trust Security Principles for a Safer, More Secure Environment

NETSCOUT Solution Briefs

Issue link:

Contents of this Issue


Page 0 of 1

1 l SOLUTION BRIEF l S E C U R I T Y ZERO TRUST MATURITY – HOW DOES NETSCOUT HELP? First and foremost, comprehensive visibility of the entire network is a requirement to achieve any level of Zero Trust maturity. NETSCOUT ® Omnis ® Security portfolio of products can enable this and more: • NETSCOUT network taps are used to mirror traffic from the wire • NETSCOUT Packet Flow Switches are used to replicate and distribute packets to existing cybersecurity monitoring tools, including • NETSCOUT ® Omnis CyberStream sensors, which using Adaptive Service Intelligence ® (ASI) technology, convert raw packets into a robust source of layer-3-7 metadata (aka Smart Data) and • NETSCOUT Omnis ® Cyber Intelligence (OCI) which analyzes that data in real-time and historically to detect and investigate threats With comprehensive visibility, OCI can detect threats, trace interconnected devices, view historical usage, and assist in orchestrating mitigation through API. Additionally, OCI can utilize protection groups to classify networks, servers, and services based on risk, allowing for very rapid and concise verification of zero- trust adoption. The old security architecture of a strong external perimeter being the best (and often only) defense against compromise is becoming less and less adequate as the sophistication of attackers improves, the vectors of attack shift or expand, and the threat surface grows. From direct attacks such as the recent log4j vulnerability, indirect attacks such as phishing with malware, and internal lateral movement, traditional perimeter-based network access control has proven insufficient in detecting, much less preventing compromise. Prevention at the edge has been the savior side of the arms race but has always, and will always, place second. To make matters worse, the implicit security assumption has been that everything inside an organization's network should be trusted. This almost always means that once on the network, anyone can move laterally within the network – including attackers seeking further compromise. The zero-trust model was designed to re-think the security paradigm to enable services which drive digital transformation while also improving the security posture. Zero Trust According to NIST "Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location or based on asset ownership … Zero trust focuses on protecting resources, not network segments, as the network location is no longer seen as the prime component to the security posture of the resource." Zero-trust architecture (ZTA) is an enterprise's cybersecurity plan which utilizes zero-trust principles and encompasses component relationships, workflow planning, and access policies. Therefore, a zero-trust enterprise is the network infrastructure (physical and virtual), services, and operational policies that are in place as a product of a zero-trust architecture plan. However, establishing a ZTA is an ongoing process of refinements for any business as all existing networks, resources, processes, and security capabilities are reshaped to the ZT model. Detection and validation of these ZT designs and policies need to be done continually to ensure both adherence to the ZTA as well as alerting when ZT enforcement boundaries are attempted to be crossed. Comprehensive visibility is essential to the verification and maintenance of the ZT enterprise. Zero Trust Maturity – Establishing and Maintaining ZT is an Ongoing Process with a Fundamental Requirement of Comprehensive Network Visibility & Analytics CISA's Zero Trust Maturity Model represents a gradient of implementation across five distinct pillars, where minor advancements can be made over time toward optimization. The pillars include Identity, Device, Network, Application Workload, and Data. Each pillar also includes general details regarding Visibility and Analytics, Automation and Orchestration, and Governance. Re-Thinking Enterprise Security – Zero Trust Security Principles for a Safer, More Secure Environment Comprehensive Network Visibility and Analytics Are a Requirement to Achieve Any Level of Zero Trust Maturity

Articles in this issue

Links on this page

view archives of Solution Briefs - Re-Thinking Enterprise Security – Zero Trust Security Principles for a Safer, More Secure Environment