Zero Trust

Zero Trust -There is no default trust for any entity regardless of what it is -Requires verification that authorized entities are always doing only what they are allowed to do Benefits of Zero Trust Network -Improved mitigation of data loss with visibility and safe enablement of apps -Better at achieving and maintaining compliance with security and privacy mandates -Lower total cost of ownership Core Zero Trust Principles -All resources must be accessed securely, regardless of location -Adopt a least privilege strategy and enforce access control -Inspect and log all traffic All resources must be accessed securely, regardless of location -Multiple trust boundaries with increased use of secure access for communication to or from resources -Ensure all devices allowed access to the network have correct status and setting, approved VPN client and proper passcodes, not running malware Adopt a least privilege strategy and enforce access control -Minimize allowed access to resources in order to reduce the avenues available for malware and attackers to gain access Inspect and log all traffic -Always verify if a device has the proper credentials for that data it is using Protect Surface -The network's most critical and valuable data, assets, apps, and services (DAAS) Zero Trust Segmentation Platform -Network segmentation gateway -Used to define internal trust boundaries and provides the majority of the security functionality of Zero Trust Trust Zones -Micro core and perimeter (MCAP) -Distinct pocket of infrastructure where the member resources operate at the same trust levels and share similar functionality Management Infrastructure -Centralized management capabilities are crucial to allowing efficient administration and monitoring of traffic Zero Trust Criteria/Capabilities -Secure access -Inspection of All traffic -Least privileges access control -Cyberthreat protection -Coverage for all security domains Secure Access -Consistent secure IPsec and SSL VPN connectivity is provided for all employees, partners, customers, and guests -Policies to determine which users and devices can access sensitive apps and data are defined base on app, user, content, device, and device state Inspection of All Traffic -App identification accurately ids and classifies all traffic and evasive tactics such as port hopping or encryption -eliminates methods that malware may use to hide Least Privileges Access Control -Combination of app, user, and content ID delivers a positive control model -Allows orgs to control interactions with resources based on business relevant attributes Cyberthreat Protection -Combination of anti-malware, intrusive prevention, and cyberthreat prevention technologies -provide protection against known and unknown threats Coverage for all security Domains -Virtual and hardware appliances establish consistent, cost effective trust boundaries in an orgs entire network Implementation of Zero Trust Platform -First you can configure Zero Trust Platform in listen-only mode that obtains detailed view of traffic flows within the network -Next define trust zones and establish corresponding trust boundaries -next progressively establish trust zones and boundaries for other segments of the computing environment