Zero Trust... What you need to know
Updated: Apr 22, 2022
Cybersecurity is full of buzzwords like XDR, MDR, and EDR. A new buzzword has been stealing the scene: secure access service edge (SASE). Gartner is the leader in trends, and the company that coined the word XDR and MDR has stated, “By 2024, 30% of enterprises will adopt cloud-delivered SWG, CASB, ZTNA and branch office firewall as a service (FWaaS) capabilities from the same vendor, up from less than 5% in 2020.” (Andrew Lerner, 2021) SASE incorporates security technology to protect cloud-based apps (CASB), enforce zero Trust (ZNTA), FireWall as a Service (FWaaS), and secure internet access (SWG).
Traditional IT network security revolves around the idea of a castle and moat concept. Where security is hardened on the outside permitter but very little is done to stop malicious activity on the inside. Once an attacker is inside the network, it is relatively easy for the attacker to move laterally, privilege escalate, and gain access to information.
SASE to the Rescue!
SASE is going to be great. With SASE, companies will be able to simplify policies and security. If you’re a company with sensitive information that resides in a prem-based data center and is accessed remotely or sensitive information hosted in the cloud or has 3rd parties access information. SASE is the perfect framework for your company.
What is SASE?
SASE stands for secure access service edge. It is a solution to modern security challenges. SASE groups critical network security services with network capabilities to create a framework for secure access. There are four main concepts:
Zero Trust Network Access (ZTNA)
Cloud Access Security Broker (CASB)
Secure Web Gateway (SWG)
Firewall as a Service (FWaaS)
Zero Trust Network
The Zero Trust network framework assumes an attacker is on the outside of the network and inside the network. No one user or endpoint is trusted. Zero Trust will require the users to verify who they are and device identity and security.
Zero Trust network framework enables least privilege access, and users will only be able to access as much as they need. Least privilege access is excellent because it minimizes the risk associated with 3rd party contractors and insider threats. Along with least privilege access, micro-segmentation can be leveraged, and Accessing only certain zones within a server will also limit the risk.
With Zero Trust, lateral movement is hard to achieve by an attacker. The design of Zero Trust will contain the attacker so the attacker cannot move laterally as easily. Zero Trust access is segmented, and the user will have to reestablish authentication periodically. When an attacker’s presence is detected, that established connection can be severed and removed in real-time.
Zero Trust leverages Multi-factor authentication (MFA). It is a core value of Zero Trust. Multi-factor means that the user must have more than one token to authenticate. With MFA, the user must submit a password and a code given on another device, like a mobile phone or tablet.
How ZTNA Works
The user authenticates to the control plane. The control plane verifies the user’s identity based on several factors like MFA, MAC address, IP, and location. (An idP provider can be leveraged for this)
After the authentication is successful, the user is presented with a portal that shows which apps the user has access to use.
The user clicks the app, and the request goes through the gateway that controls the portal.
The user is presented again with authorization; if the authorization fails, the request is blocked.
Benefits to ZTNA
Reduces the attack surface of your company
Improved and easier user experience
Very easy to scale
Complete visibility of user activity
Real-time enforcement policies
Zero Trust Network is the future of IT security networking. Zero Trust will reduce your companies’ attack surface and reduce the risk of a breach. Zero Trust will allow real-time monitoring and be able to cut off an attacker in real-time. It will give companies visibility of user activity and provide the users with a better experience. Companies that adopt this framework will be building toward the future.
We can help!
Are you looking for ongoing advisory services to assist in identifying vulnerabilities and security policies that should be in place and help improve your security posture? The team at Inception Security™ has been leveraged to enhance the security posture of fortune 100 companies, small and medium-sized businesses. Our team has a depth of knowledge in the cybersecurity industry and will be able to provide value to your business right away.
Contact Inception Security if your company is looking for advisory services.