One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1631969 |
| Date de publication | 2020-04-01 12:00:00 (vue: 2020-04-01 13:01:49) |
| Titre | The foundation of a Zero Trust architecture |
| Texte | Part 1 of a 3 blog series Organizations have placed a lot of time, effort and capital spend on security initiatives in an effort to prevent security breaches and data loss. Even the most advanced “next generation” application layer firewalls filtering malicious traffic at the network perimeter has only revealed equal if not greater threats within. To help counter this internal threat, organizations have invested heavily in internal monitoring and other advanced security controls that inspect traffic at all layers of the OSI stack to identify malicious activity, and stop it before it reaches the destination, or to alert on the activity alone. While these initiatives have been helpful, they rely on a connection first being malicious or a trigger on a pre-established set of criteria before any bells and whistles sound or prevention techniques are applied. By throwing more technology and controls at the problem, networks have become a chaotic mess of watchers, gatekeepers and agents as more and more technologies and controls are thrown into it, with legitimate business traffic trying to navigate its way to through it all. Yet breaches are still occurring at an alarming rate leaving organizations looking to a different approach. Zero Trust is gaining momentum as a different lens to data and network security. It casts aside complete reliance on a decades-old and easily neglected least privilege / whitelisting model by eliminating trust from every communication packet on the network, whether it originated from inside the organization or outside, and looks to gain confidence that the packet is legitimate. In short, rather than the traditional “trust but verify” approach, it never trusts and always verifies all traffic. Zero Trust is built on a set of foundational principles or tenets: All Network flows are authenticated before being processed and access is determined by dynamic policy. In a Zero Trust Network (ZTN), confidence must be gained in a requestor of access before access can be granted, and that confidence does not traverse the network. Authentication may involve an evaluation of attributes in identity or other artifacts, asset state, requestor state, behavioral attributes, and others. The transaction requiring authentication is evaluated against an ever-changing policy based on that transaction’s behavior over time. All transaction flows are cataloged in order to enforce access. Understanding what you’re trying to protect is just as important as where it is going. Assets (basically, anything with an IP address as well as data sources) must have value. Classification of data as well as its location must be known if it is to be protected. Mapping and cataloging network flows to assets will help build access policies and understand expected and unexpected traffic patterns. Security (authentication and encryption) is applied to all communications independent of location and must be performed at the application layer closest to the asset in the network. Communications must be secured and access requests from systems located within the enterprise network must meet the same requirements as external systems. Application layer security applied as close to the asset as possible eliminates upstream threats. Comprehensive vulnerability and patch management procedures must be followed. Device security issues will persist and, as such, a comprehensive vulnerability and patch management program will keep enterprise owned devices in their most protected and functioning state. Continuous monitoring of device and application state is required to identify and address security vulnerabilities as needed, or act on their access privileges accordingly. Technology is utilized for automation in support |
| Envoyé | Oui |
| Condensat | “next “trust above access accordingly act activity actual adapting address adjust advanced against agents alarming alert aligned all alone also always analytics any anything application applied applies approach appropriated architecture are artifacts aside assessing asset assets attributes authenticated authentication authorization automated automatically automation based basically become been before behavior behavioral being bells blog breaches build built business but can capital case casts cataloged cataloging changes changing chaotic classification close closest communication communications complete components comprehensive concept confidence conjunction connection continually continuous controlled controls counter create criteria data decades decisions defenses defined depending destination determined developing device devices different does dynamic each easily effective effort eliminates eliminating encryption enforce enhanced enterprise equal especially established evaluated evaluating evaluation even ever every expected external filtering firewalls first flows followed foundation foundational from functioning gain gained gaining gatekeepers general generation” going granted greater guidance has have heavily help helpful identify identity implement implemented important improve incidents independent initiatives inside inspect interconnected internal invested involve involves involving issues its just keep known layer layers least leaving legitimate lens located location looking looks loss lot malicious management mapping may meet mess micro model momentum monitored monitoring more most must navigate needed neglected network networks never not obtaining occur occurring old only operational order organization organization’s organizations originated osi other others outside over owned packet part patch patterns performed perimeter perimeters persist placed policies policy possible posture pre prevent prevention principles privilege privileges problem procedures processed profile program protect protected provide provided rate rather reaches reliance rely requestor requests required requirements requires requiring revealed risk same scanning secured security segmentation series serves set short should software sound sources spend stack state stop such support systems techniques technologies technology tenets tenets: than these threat threats through throwing thrown time tools traditional traffic transaction transaction’s traverse trigger trust trusts trying understand understanding unexpected upstream use used user user/asset utilized value various verifies verify” vulnerabilities vulnerability watchers way ways well what where whether whistles whitelisting will within working yet you’re zero zta ztn |
| Tags | Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.