Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT discussed, with tahawultech.com’s Deputy Editor Daniel Shepherd, in detail the specifics of Zero-Trust architecture.
- What is Zero trust architecture?
According to the NIST, Zero Trust (ZT) is a developing set of cybersecurity paradigms that shift defenses away from static, network-based perimeters and toward users, assets, and resources. Zero trust architecture (ZTA) plans industrial and enterprise infrastructure and workflows using zero trust concepts. Zero Trust assumes that assets or user accounts are not given implicit Trust based only on their physical or network location or asset ownership. Zero Trust focuses on protecting resources rather than network segments because the network location is no longer considered the primary component of the resource’s security posture.
- What are the foundational pillars of the zero-trust model?
Device trust, data trust, network/environment trust, application trust, and user trust are the pillars of the ZT model. However, the core features of the zero-trust approach underlie all of these pillars: visibility, analytics, automation, and governance.
ZT adoption is a gradual and ongoing process of enhancements and modifications. Organisations’ solutions become more reliant on complete visibility and monitoring, automated processes and systems, and integrating more thoroughly across pillars as they establish and refine their ZTA, becoming more dynamic in their policy enforcement decisions.
- How do organisations benefit through the adoption of zero-trust architecture?
The benefits for organisations are significant as the adoption of Zero Trust Architecture will increase organisational efficiency. The reason being is that Zero Trust reduces the threat surface by maximising the use and authority of authentication and increasing visibility into all user behaviour.
Zero Trust Architecture also allows you to dynamically grant access on a use case basis, limiting the potential of an attacker to move laterally within your business. As a result, the risk of data exfiltration is reduced, and both internal and external threats are protected.
As a result, Zero Trust Architecture improves overall security posture both on-premises and in the cloud.
- How does NETSCOUT help with a ZTA?
No matter what level of ZTA you may have in place, “verifying” its working as intended is a ongoing requirement. As the ZTA matures, network perimeters blur or vanish altogether. East-west traffic now must be seen and controlled to detect and prevent lateral or deeper compromise. Therefore, monitoring visibility must be extended across the entire network, both physical and virtual. In a very mature stage of ZT, full visibility and advanced analytics and intelligence validate the correctness and enforcement of Zero Trust security policies. NETSCOUT combines a comprehensive visibility foundation with threat and vulnerability-focused instrumentation, enabling instant detection and back-in-time investigations. Furthermore, Omnis Cyber Intelligence (OCI) fills the visibility and data gaps left by other cybersecurity tools (such as security information and event management, and endpoint detection), making those tools more effective and enhancing the responsiveness of cybersecurity teams, in turn, lowering the number and cost of data breaches. NETSCOUT Omnis Security solution can be used to “verify” that your ZTA is working as designed. The NETSCOUT Omnis Security portfolio of products can be enable this and more:
- NETSCOUT network taps are used to mirror traffic from the wire
- NETSCOUT Packet Flow Switches are used to replicate and distribute packets to existing cybersecurity monitoring tools, including
- NETSCOUT Omnis CyberStream sensors, which using Adaptive Service Intelligence (ASI) technology, convert raw packets into a robust source of layer-3-7 metadata (aka Smart Data)
- NETSCOUT Omnis Cyber Intelligence (OCI) analyses that data in real-time and historically to detect and investigate threats. With comprehensive visibility, OCI can detect threats, trace interconnected devices, view historical usage, and assist in orchestrating mitigation through API. Additionally, OCI can utilise protection groups to classify networks, servers, and services based on risk, allowing for very rapid and concise verification of zero-trust adoption.
Whether a ZT initiative is still in the planning phase or already very mature, NETSCOUT has the experience and tooling to provide all aspects of the security visibility and analytics foundation required for the life of any organisation.