One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1796395 |
| Date de publication | 2020-07-08 08:15:00 (vue: 2020-07-08 09:13:07) |
| Titre | Zero Trust security model explained: what is Zero Trust? |
| Texte | This blog was written by a third party author What is Zero Trust? Zero Trust is a cybersecurity model with a tenet that any endpoint connecting to a network should not be trusted by default. With Zero Trust, everything and everyone— including users, devices, endpoints —must be properly verified before access to the network is allowed. The protocols for a Zero Trust network ensure very specific rules are in place to govern the amount of access granted, and are based upon the type of user, location, and other variables. If the security status of any connecting endpoint or user cannot be resolved, the Zero Trust network will deny the connection by default. If the connection can be verified, it will be subject to a restrictive policy for the duration of its network access. Zero Trust networks operate under the least-privilege principle, in which all programs, processes, devices or users are limited to the minimum privileges required to carry out their functions. Access rights don’t need to be too restrictive; privileges can range from full access to no rights at all, depending on the circumstances. Think of it like the government or military’s “need-to-know” policy. It’s essential to make the distinction that Zero Trust is not a technology and more of a holistic approach to network security. However, achieving ZTA in today’s threat landscape does require some form of automation, especially in support of a dynamic policy, authorization and authentication. Automated technology is an essential tool for obtaining access, scanning and assessing threats, adapting to behavior changes, and continually re-evaluating confidence in communications. Where did Zero Trust begin? The concept of Zero Trust is largely credited to Forrester Research analyst John Kindervag, who published a paper outlining the framework in 2010. Shortly after the paper’s publishing, Google began adopting the process, and soon, the tech world caught on. Why is Zero Trust so important today? As the work from home (WFH) model is adopted by more organizations to meet the demand of a reshaped economy, scores of endpoints are originating from outside of the protected corporate perimeter. The challenge of managing these connections is increasing dramatically — and protecting personal, financial, and customer data is paramount. The network and workplace of the future, where more remote connections are the norm rather than the exception, has arrived faster than anyone imagined. Architectures like Zero Trust are a critical component for enabling secure, adaptable, and agile networks and systems. What are the core principles of Zero Trust? One of the primary strategies necessary for successful zero trust implementation is network segmentation. Separating your network into smaller networks ensures devices, servers, and services containing sensitive data are isolated from the rest of the network. This process keeps a potential attacker contained within the network segment they’ve accessed. Further, micro-segmentation is crucial, as it adds another preventative layer in reducing lateral network movement. Much like network segmentation, the foundations of Zero Trust include other facets of robust security hygiene: Application of authentication and encryption for all communications independent of location, performed at the application layer closest to the asset in the network Following comprehensive vulnerability and patch management procedures Continuous monitoring of device and application state to identify and address security vulnerabilities as needed, or act on their access privileges accordingly Controlling and monitoring all traffic as access is provided — to improve security posture and create, adjust and enforce policy How do I implement the Zero Trust model? |
| Envoyé | Oui |
| Condensat | “need —must automated having if once what 2010 about access accessed accordingly achieve achieving act activity adaptable adapting address adds adjust adjusting adopted adopting after agile algorithm all allocation allow allowed already amount analyst analytics another answer any anyone application approach architecting architecture architectures are arrived assess assessing asset assets at&t attacker authentication author authored authorization authorizations automation awareness balance based before began begin begins behavior blog budgets build business can cannot care carry caught challenge change changes circumstances closest communications component comprehensive concept concepts confidence connecting connection connections consisting consulting contained containing continually continuous controlling core corporate create credited critical crown crucial currently customer cyber cybersecurity data deeper default define defined demand demystify deny departments depending derrick design designed designing determine develop developing device devices did director distinction dive does don’t dramatically duration dynamic dynamically economy effective elements enabling encryption endpoint endpoints enforce ensure ensures environment especially essential established evaluating everyone— everything exception explained: facets fact faster feeding finally financial first following following: form formulate forrester foundations framework from full functions further future goals going google govern governed government granted handling has have help here high holistic home how however hygiene: identify identity imagined implement implementation implemented implementing important improve include including incorporate increasing independent infrastructure initiative involve isolated it’s its jewels john johnson journey keeps key kindervag kinks know” landscape largely lateral layer learn least lengthy level lies like limited location looks made maintain make management managing map means meet micro military’s minimum mitigate model monitor monitoring more movement much must national necessary need needed needs network networks next norm not obtaining once one operate organization organization’s organizational organizations originating other out outlines outside overall overlooked paper outlining paper’s paramount part party patch people performed perhaps perimeter perimeters personal pilot piloting place planning play policy posture potential practice preventative primary principle principles privilege privileges procedures process processes program programs proper properly protect protected protecting protection protocols provided publishing questions: range rather readiness realize reducing regular remote require required research reshaped resolved resource rest restrictive restrictive; right rights risk roadmap robust role rules same scanning score scores secure security segment segmentation self sensitive separating servers services shortly should simplify simply smaller software some something soon specific start state status step stored strategies strategy subject successful support systems target tech technology tenet tenets than these they’ve think third threat threats three time today today’s too tool traffic trust trusted turn type under understanding upon user users variables verified versus very vulnerabilities vulnerability want wfh what where which who who published why will within work workplace world written you’ve your zero zta |
| Tags | Tool Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.