What is Zero Trust?

Zero trust is a cybersecurity paradigm designed for data and resource security amidst the growth of the remote workforce and cloud-based data storage. A zero trust model or zero trust networks implies no digital activity should be trusted and that all access and digital activity need to be continuously validated through authentication measures. The goal of zero trust is to protect data and services from unauthorized access. Consequently, a zero trust architecture is the process by which organizations strategically plan and design a zero-trust security infrastructure.

In other words, a zero trust security framework requires all users to be authenticated before being granted access to a network which contains information confidential to employees or members of an organization.  

The United States’ National Institute of Standards and Technology writes, “Zero Trust (ZT) provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.” - NIST Zero Trust Architecture

‍

Under a zero-trust mindset, a user must verify their identity before a device has access to any company data while legacy security tools were designed for a “castle and moat” security architecture. This means that a given device itself was trusted and had access to data by nature of being a recognized device. However, contemporary enterprises have digital landscapes that are everchanging and can no longer fit that ‘trust the device’ philosophy.  

Zero trust is a security philosophy responding to trends in enterprise networks. These include enabling the workforce for remote work and dealing with cloud-based environments. Similarly, home Wi-Fi solutions, situations where people bring their own devices (“BYODs”), and unapproved virtual private networks (VPNs) have created new gaps in company risk profiles. By replacing the implicit trust of the legacy device model with a dynamic and more cautious approach, zero trust models assume breaches will occur and verify user access intelligently.

Zero trust architecture (ZTA) refers to the design, strategy, and implementation which organizations take to develop a zero-trust security model. A zero-trust architecture involves organizations’ conducting network segmentation, identity/access management, continuous monitoring, and privileged access management.  

The eight pillars of ZTA according to the U.S. General Services Administration are:

• ‍User: Monitoring user identification, authentication and access control policies verifying user connections to the network. ‍
• Device: Performs “system of record” validation of user-controlled and autonomous devices to determine acceptable cybersecurity posture and trustworthiness.  ‍
• Network: Isolates sensitive resources from being accessed by unauthorized people or things by dynamically defining network access, deploying micro-segmentation techniques, and controlling network flows while encrypting end-to-end traffic.  ‍
• Infrastructure: Ensures systems and services within a workload are protected against unintended and unauthorized access and potential vulnerabilities.  ‍
• Application: Integrates user, device, and data components to secure access at the application layer. ‍
• Data: Involves focus on securing and enforcing access to data based on the data’s categorization and classification to isolate the data from everyone except those that need access.  ‍
• Visibility and analytics: Provides insight into user and system behavior analytics by observing real-time communications between all zero trust components.  ‍
• Orchestration and automation: Automates security and network operational processes across the ZTA by orchestrating functions between similar and disparate security systems and applications.  

By focusing on eight pillars—user, device, network, infrastructure, application, data, visibility and analytics, and orchestration and automation—organizations can better protect their networks and resources. Although implementing ZTA can be challenging, its benefits of reduced risk and improved security are invaluable in today's cyber threat landscape.

The key tenants of zero trust security are simplified below according to the NIST SP 800-207 on zero-trust architecture. NIST SP 800-207, titled "Zero Trust Architecture," is a publication from the National Institute of Standards and Technology (NIST) that provides guidelines for implementing a Zero Trust security model. This document outlines the principles and components of Zero Trust Architecture (ZTA) and offers a framework for organizations to enhance their security access policies by assuming that no user or device, inside or outside the network, can be trusted by default:  

• All data sources and computing services are considered resources
• All communication is secured regardless of network location.
• Access to individual enterprise resources is granted on a per-session basis
• Access to resources is determined by dynamic policy—including the observable state of client identity, application/service, and the requesting asset—and may include other behavioral and environmental attributes
• The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
• All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
• The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture.

Additional principles include:

• ‍Identity-based segmentation: This is a micro-segmentation technique that segments a network based on user accounts. Micro-segmentation is the process of allowing specific accounts in an organization to have varying levels of access to applications and other information unique to each individual user.  ‍
• Network segmentation: This involves dividing the network into smaller segments to limit access to sensitive information. ‍
• Least privilege principle: This requires service accounts to have limited capabilities. This entails that a service account maintains the minimum affordances required for the account to fulfill its necessary task. For example, an account that manages purchase orders should be limited to only access the required information and permissions related to purchase orders. This stops attackers from laterally moving through a network if they gain access to this account.  

Zero trust is typically implemented in the form of security policies, via micro segmentation, web gateways, or least-privilege access control. It is often associated with the Secure Access Service Edge (SASE), SD-WAN, and other security and networking services designed to accommodate the new shape of digital business.  

Zero-trust technologies enforce guardrails for organizations with rules and policies designed to reduce risk exposure by eliminating unnecessary access and privileges across critical IT systems.  

There will never be a true state of zero trust and therefore there never will be a state of zero risk in the enterprise. Zero trust isn’t a status that can be achieved – rather, it’s a philosophy that organizations adopt.

People, processes, and technologies are constantly changing so risk management efforts will be constantly underway. Zero-trust technology should be dynamic by nature as the risk it intends to mitigate is as well. Darktrace AI constantly and dynamically analyzes your entire infrastructure, whether it is in the cloud, on premise, or even in software applications.  

‍

AI-based threat detection, like Darktrace, aligns with the core tenant of zero trust: assume the risk of a breach. Darktrace indiscriminately inspects asset activity (data, apps, devices) for suspicious behavior without contrasting it against a list of approved activity. As it looks at patterns of usual activity rather than white/blacklisting, Darktrace by default never has a trusted source. Its real-time monitoring analysis continuously looks for attack symptoms and suspicious events even within authenticated or authorized paths.  

Darktrace delivers unified and adaptive protection across heterogenous, hybrid, and service-based micro segmented architectures, including email, cloud, and application environments as well as remote endpoints, IoT, ICS, and the corporate network.  

Darktrace provides deep visibility into all user and machine activity down to the packet layer, enabling a full assessment of the data environment and architecture to autonomously discover resident threats or malicious activities flowing over legitimate paths.  

‍

Zero Trust Network Access (ZTNA) security is a modern approach to network security that provides secure, granular access to applications and data based on defined access control policies. Unlike traditional network security models, ZTNA operates on the principle that no user or device, inside or outside the network, should be trusted by default. Instead, access is granted based on continuous verification of user identity, device health, and other contextual factors.

For example, with ZTNA solutions, an employee working remotely can access a company's internal applications only after their identity has been authenticated, their device has been checked for compliance with security policies, and the context of their request has been evaluated. If any of these checks fail, access is denied or limited. This ensures that only authorized users with secure devices can access sensitive resources.

ZTNA differs from the broader zero trust technology framework in that it specifically focuses on securing access to applications and data at the network level. While zero trust encompasses a wide range of security practices and technologies, ZTNA narrows down to controlling how users and devices connect to the network, ensuring secure access and reducing the attack surface.

To protect your organization with the latest in zero trust technology, explore our comprehensive ZTNA solutions and see how we can help you achieve a robust security posture.