Zero to hero: How zero trust security can save your network

laurent-bouchoucha-150x160
12월 06, 2021

For companies and organisations, zero trust is your best bet to ensure your IT hardware and connected devices are secure, and employees are protected.

Zero trust is not a new concept. However, the pandemic and the transformation toward a more digital society are highlighting issues that haven’t previously been on the radar making zero trust security a hot topic.

Today there are more connected Internet of Things (IoT) devices in use than ever. These equipments are designed to provide a single service, and unfortunately, security is not the device’s priority. The lack of in-built security makes IoT devices vulnerable to attacks, as well, it creates a potential route into an organisation’s entire network.

As companies embark on their digital transformation journey it is imperative that their network infrastructure is secure. Network segmentation, a principle of zero trust security, makes it possible to prevent attacks. As soon as a compromise is reported, the potential for an attack can be reduced and lateral movements on the network can be limited, so as not to affect other connected systems.

Zero trust at-a-glance

In business computing and enterprise environments, network segmentation has two approaches depending on the existing degree of trust. Traditionally, the boundary of trust has been physical and implicit, so the computer network was protected by a firewall. What that means in the simplest of terms is — what’s inside is protected from the outside. However, this approach has had to evolve as threat risks have increased.

In the zero trust world, trust is dynamic and adaptable and no longer assumed, even within the network. The guiding principle is ‘never trust – always verify’, that means acting as if there are already attackers present in the system. With this principle in mind, the first step is Network Access Control (NAC), the identification of objects, and authentication of connected users. Based on these factors, macro-segmentation is set up using firewalls to filter traffic between different classes of objects and users. For example, you can isolate surveillance cameras and building management sensors. Then, based on identification, a second level of filtering within a segment makes it possible to refine and achieve micro-segmentation. In this second step, the goal is to prevent the surveillance cameras from communicating with each other within the same network segment.

Zero trust network in healthcare IT networks blog image 540x380

Why zero trust is so important now

Over the past 18 months cyberattacks have been on the rise, and the costs to businesses have been significant. In addition, hackers are executing increasingly sophisticated and malicious attacks. Because zero trust requires the identification and authentication of each device and user before allowing access to the network, it is possible to contain, and even avoid attacks. This is due to network segmentation which restricts the range of access and reduces the spread of attack.

With an intelligent mix of macro- and micro-segmentation the zero trust approach provides a restricted and mobile security perimeter around each user and object. Organisations manage network access controls, define authorisations (for example access by job role), and are able to secure and contain threats, as the network continually searches for inappropriate or suspicious behaviour.

New network functionalities enable zero trust, which is proportionately increasing the level of defence against expanded and sophisticated cyberattacks.

Five steps to your zero trust network

While it is pretty easy to build a zero trust secure network from scratch (for example, new premises, new structure), however, most companies already have an existing network in place. The challenge for these organisations is to harmonise approaches to meet the needs of the organisation, while securing it from attacks. Following are five steps to zero trust:

Zero-Trust journey in 5 steps

1. Monitor: Identify all equipment, peripherals, connected devices and authenticate all the people that have access to the network. An object inventory is created and populated automatically.

2. Validate: Control all the connected devices and invalidate those not justified for the activity, as they increase the possibility of attack. Apply the principle of least privilege which grants the minimum permissions required to perform a task. If the network identifies non-compliant equipment, it will be necessary to implement a restoration or remediation plan.

3. Plan: Know all the users' equipment, as well as their workflow and the traffic generated to transform this data into a security policy that intelligently combines macro-segmentation (input/output control) and micro-segmentation (fine-grained security rules).

4. Simulate: Apply in parallel identification, authentication, and security policy in "fail open" mode: All equipment will be authorised and network behaviour logged and indexed, in order to set up authorisation schemes and an adapted network security policy. This critical step will refine the security policy while ensuring that normal activity is not impacted.

5. Enforce: In the final step the "fail open" becomes "fail close":  Authentication failures are no longer tolerated, all unreferenced users or devices are refused, all illegitimate flows are stopped. Network monitoring is immediate to verify that all devices are identified, users are authenticated to be authorised on the network or possibly quarantined while security checks take place.

In a nutshell

The zero trust approach makes it possible to identify traffic, automatically store objects in an inventory, create scheduled rules for the network, and share user and IoT profiles according to rules. It also makes it possible to determine the central IDS or switches’ DoS attacks, and optionally apply quarantine for suspicious flows in a restricted and dynamic perimeter.

Zero trust provides an authentication strategy and a consistent security policy across your network infrastructure, implemented in-line with the needs of users and connected technologies. The intelligent combination of macro-segmentation and micro-segmentation, with quarantine in the event of a breach of security rules, ensures the highest degree of security for your network infrastructure. In an increasingly volatile, uncertain, complex, and ambiguous world, the zero trust approach is your best bet to ensure your network and business assets security.

Download our zero trust e-book to learn how you can improve your network security.

laurent-bouchoucha-150x160

Laurent Bouchoucha

VP Business Development, Network Division

Proudly leading a team of experts in the areas of: solutions marketing, business program management, solutions architecture, pre-sales and business development. Driving and supporting execution of our aggressive growth strategy on campus and data center networking.

저자에 대해

최신 블로그

교육

랜섬웨어 시대 캠퍼스 사이버 보안에 맞서다

캠퍼스 사이버 보안 위협을 줄이기 위한 전략을 사용하면 악의적인 사용자 액세스를 제한하고 노출을 줄이는 데 도움이 될 수 있습니다. 

blog-pageheader-1200x299
Autonomous Network

Wi-Fi 6란 무엇이며 왜 관심을 가져야 할까요?

802.11 ax는 차세대 무선 네트워크 표준인 Wi-Fi 6입니다. 이 표준의 이점에 대해 읽어보고 팟캐스트에서 전문가들의 의견을 들어보세요.

blog-pageheader-1200x299
WLAN

비즈니스 운영과 직원의 안전을 동시에 유지하는 법

위기의 시대에 간단하고 안전한 원격 네트워킹 솔루션으로 끈김없는 비즈니스 운영과 직원의 안전을 동시에 실현할 수 있습니다.

solid-public-page-headers-1200x299-en
IoT

강력한 공용 Wi-Fi 네트워크를 구축하는 방법

모바일 및 IoT 연결의 보편화가 도시의 Wi-Fi 환경에 부담을 가중하고 있습니다.  아래에서 강력한 공용 Wi-Fi 네트워크를 구축하는 방법에 대해 알아보세요.

Tags - IoT, 보안

Chat