Zero Trust | January 10, 2023
By Keith Bromley : Sr. Manager, Product Marketing
As you have probably seen, there are lots of different components and tactics that you can include as part of your zero trust architecture.
At the same time, there are probably some things that you don’t want to include.
And then there’s other things that should be avoided altogether.
So, I decided to put together a short list of four items that you might want to watch out for. Note, if you want more details on the items below then refer to this whitepaper — 4 Common Pitfalls of Zero Trust Solutions.
When designing and implementing your Zero Trust security architecture, there are some common factors (pitfalls actually) that can get overlooked or dismissed.
Here are four of them:
– Did you include a visibility architecture?
– Do you have packet-level visibility?
– How do you plan to validate your architecture and change management policies?
– Did you include self-healing security opponents as well?
Don’t Forget About a Visibility Architecture
For any network security project, network visibility is the keystone. This is because the visibility architecture captures key pieces of data that help secure the network. To expose security threats, the first place to start is to create a visibility architecture that consists of taps (for data collection), a network packet broker (for data manipulation), and purpose-built security tools, like intrusion detection systems (IDS), to examine the data. By integrating this visibility technology into your security architecture, you can clearly see what is (and what is not) happening on your network and implement proper adjustments as needed.
You Need Packet Visibility
Packet data will be critical to your security architecture as it can provide a single source of detailed truth. Don’t misunderstand. While flow data is good, it only provides general trend information, not actionable details if you want to perform any type of threat hunting. Log data is also useful, but it can be corrupted or even erased by malware. Only packet data gives you all of the details that you need, like: who, what, where, when, and how. The devil truly is in the details. Metadata can never tell the whole story whereas packet data holds the absolute truth.
Make Sure to Validate Your Security Architecture
While it may seem obvious to thoroughly test your architecture, many engineers shortcut the process because it either takes too much time, costs too much money, or “just isn’t necessary.” Unfortunately, security operations center (SOC) teams end up finding out that this reasoning is flawed. The last thing you want is to discover a flaw in your design when your company or agency network is attacked. All organizations should consider using test and modeling tools to help them validate the completion of their goals.
In addition, validation isn’t just required at initial deployment, it’s needed all the time. Every change to your network (hardware updates, software updates, minor configuration change to a firewall or intrusion prevention system (IPS), or SIEM, whatever), can affect your network in hidden ways.
It’s Not Just About Prevention — You Also Need to Respond Quickly
Zero Trust isn’t just about defensive security. Businesses and government agencies should be especially concerned about security breaches and ransomware in the current geopolitical climate. Attacks could come at any time. Therefore, you need to implement offensive components as well. This means implementing both threat hunting capabilities to actively look for threats on the network and cyber resilience mechanisms to quickly mitigate and remediate the effects of a successful attack. If you want more information on these topics above, read this whitepaper.
More resources are located on the Zero Trust Resource page.