Understanding
Understanding
Zero Confusion for
Zero Trust Terminology
Cybersecurity vendors across the industry have latched on to marketing buzzwords like “machine learning” and “AI” to captivate their target audience. Their latest buzzword: Zero Trust.
With the needs of today’s modern organizations, it’s no surprise that Zero Trust has become deceptively complex. Use this guide as a means to decipher Zero Trust terminology, and understand what Zero Trust is, and just as important, what Zero Trust isn’t.
Zero Trust within your organization using the 5-step methodology
Zero Trust
Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating trust from your organization. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to prevent lateral movement. No matter which technology or vendor you use to deploy Zero Trust, the strategy remains the same.
Zero Trust Environment
A Zero Trust environment is the end-state of your Zero Trust architecture, consisting of a protect surface containing a single DAAS element. In most cases, given the state of cybersecurity technology, the protect surface will be protected by a micro-perimeter enforced at Layer 7 with Kipling Method policy by a segmentation gateway. This could be deployed across your enterprise – in your data center, public cloud, private cloud, branch office, etc.
Zero Trust Architecture
Your Zero Trust architecture is the compilation of the tools and technologies used to deploy and build your Zero Trust environment. This technology set will vary depending on the differing needs of your business and the different use cases in which you choose to extend Zero Trust, such as to the cloud or endpoints. The architecture is completely bespoke, not derived from a single universal design. Instead, the architecture is constructed around the protect surface. Ultimately, your Zero Trust architecture should leverage network segmentation, prevent lateral movement, provide Layer 7 threat prevention and simplify granular user access control.
Zero Trust Design Principles
There are four design principles of Zero Trust:
- Define business outcomes: Focus on what the business is trying to accomplish. By focusing on business outcomes, security can be seen as an enabler rather than an inhibitor.
- Design from the inside out: Understand what you need to protect, focus on that and design outward from there.
- Determine who/what needs access: Once you understand what needs to be protected and is most critical to the business, you can determine who or what should have access and build appropriate policy.
- Inspect and log all traffic: Inspect all traffic for malicious content and unauthorized activity, and log through Layer 7, both inside and outside, across the network and cloud environments.
Data, Assets, Applications
& Services (DAAS)
The data, assets, applications and services, or DAAS for short, are all the things that either traverse or users access from within your organization. Each of these must be considered when defining a protect surface. Examples of DAAS elements include:
- Data: payment card information (PCI), protected health information (PHI), personally identifiable information (PII), intellectual property (IP)
- Assets: SCADA controls, point-of-sale terminals, medical equipment, manufacturing assets, internet of things (IoT) devices
- Applications: off-the-shelf or custom software
- Services: DNS, DHCP, Active Directory®
Protect Surface
A protect surface contains a single DAAS element. The DAAS element in your protect surface is highly sensitive and critical to your business. You will have multiple DAAS elements that are critical to your business, resulting in multiple protect surfaces. The protect surface is orders of magnitude smaller than the attack surface and, because it is a single area of focus, is always knowable.
Segmentation Gateway
A segmentation gateway, more commonly known as a next-generation firewall, provides granular visibility into traffic and enforces additional layers of inspection and access control with granular Layer 7 policy that takes into account who the user is and whether or not they should have access to a particular resource. When used in Zero Trust, a segmentation gateway creates a microperimeter around the protect surface to monitor traffic, stop threats and enforce granular access control across north-south and east-west traffic within your on-premises data center and multi-cloud environments.
Microperimeter
A microperimeter is what is generated around a protect surface in policy. This creates a point of control that ensures only known allowed traffic and legitimate applications have access to the protect surface. A microperimeter should be placed as close to the protect surface as possible and move with it.
Microsegmentation
Microsegmentation is the act of creating a microperimeter by enabling granular access control, whereby users, applications, workloads and devices are segmented based on logical, not physical, attributes.
Asserted Identity
The asserted identity is the validated and authenticated “who” that should be accessing a resource.
Least-privilege Access
Most users are given too much access to too much data that is not essential to their job function. Least-privileged access is the principle in which users, systems, applications, processes and devices are given only enough access to perform their required jobs for their respective roles or functions.
Granular Access Control
Granular access control is the explicit defining of who can have access to what part of a network, or system resource, and what they can do with that access in policy.
Trust Levels
Trust is binary. In the context of Zero Trust, when determining what should and should not have access to a protect surface, you consider whether something is “trusted” or “untrusted.” There are varying levels of trust. To say something is trusted less is essentially saying that it is untrusted
Data Toxicity
The concept of data toxicity refers to sensitive data that is “toxic” to your organization and has a negative impact on the business if exfiltrated, such as actions from legal and regulatory entities. Every organization has both toxic and non-toxic data. Examples include intellectual property, personally identifiable information (PII), patient health information (PHI) and credit card holder data (PCI).
The 5 Steps to Implementing Zero Trust
Zero Trust Policy (Kipling Method)
Zero Trust policy determines who can transit the microperimeter at any point in time, preventing access from unauthorized users to your protect surface, and prevents the exfiltration of sensitive data. True Zero Trust can only be done at Layer 7. The Kipling Method of creating Zero Trust policy enables Layer 7 policy for granular enforcement so that only known allowed traffic or legitimate application communication is allowed. This method reduces the attack surface while also significantly reducing the number of port-based firewall rules. With the Kipling Method, you can easily write Zero Trust policy by answering:
-
What application is the asserted identity of the packet used to access a resource inside the protect surface?
-
When is the asserted identity trying to access the resource?
-
Where is the packet destination? A packet’s destination is often automatically pulled from other systems that manage assets in an environment, such as from a load-balanced server via a virtual IP.
-
Why is this packet trying to access this resource within the protect surface? This relates to data classification, where metadata automatically ingested from data classification tools helps make your policy more granular.
-
How is the asserted identity of a packet accessing the protect surface via a specific application?
Zero Trust Maturity Model
As with any strategic initiative, it’s important to benchmark where you are as you begin your Zero Trust journey and measure your maturity as time goes on and as improvements are made to your Zero Trust environment. Designed using the Capability Maturity Model, the Zero Trust Maturity Model mirrors the 5-step methodology for implementing Zero Trust and should be used to measure the maturity of a single protect surface.
1. Define The Protect Surface
2. Map the transaction flows
3. Architect a Zero Trust environment
4. Create Zero Trust policy
5. Monitor and maintain
Software Defined Perimeter (SDP)
A software-defined perimeter secures all connections to services running on a network infrastructure at all layers, based on the level of security you define and establish. Devices and identity are given access on a need-to-know basis and must be verified before access is granted.
SDPs are commonly associated with the BeyondCorp model. Zero Trust and BeyondCorp are not one and the same. The fundamental difference between Zero Trust and BeyondCorp is that BeyondCorp views trust as the goal, whereas Zero Trust views the absence of trust as the goal. BeyondCorp focuses on authentication of the user and device identity as well as enforcement through APIs. Once authenticated, users are given access to move anywhere within the system. Identity is consumed within Zero Trust but is not equivalent to Zero Trust. Another notable difference between the two frameworks is that controls for BeyondCorp are at Layer 3, whereas Zero Trust operates at Layer 7.
Continuous Adaptive Risk and
Trust Assessment (CARTA)
CARTA is a Gartner methodology that is broken up into two areas of focus: adaptive attack protection and adaptive access protection. It leverages similar concepts of Zero Trust but with different methodology. With the CARTA methodology, once a user has been granted access, the risk and trust levels are continuously monitored throughout the entirety of an interaction or session. Should the risk or trust levels change, the controls are adapted accordingly.
All rights reserved.