Zero Trust concepts are designed to provide better protection against criminal hackers. Read what is crucial for the success of Zero Trust Networking.
Until now, the "castle and moat" approach, also known as perimeter security, was considered the most effective method against cyber threats. Companies protected their networks in this context primarily through firewalls, proxy servers, honeypots and other intrusion prevention tools. The principle of perimeter security is based on checking the entry and exit points of the network.
However, this approach assumes that the activities in the secured perimeter are safe and do not pose a threat. When most companies' data and applications were located in their own data centres, this was a legitimate strategy. But with the use of cloud services and the ability for employees to access applications from a variety of devices and locations, the threat scenario has changed - the threat from within has increased. It is not only malicious insider activity that needs to be considered. Developments in cybercrime have also dramatically increased the dangers for companies. Hackers break through firewalls, for example, by obtaining security information from employees through phishing emails.
Such attacks not only cause economic damage and possibly a loss of reputation. Violating the guidelines of the General Data Protection Regulation (GDPR) can also lead to enormous fines and cause lasting damage to a company's image. Against the backdrop of these problems, companies are forced to reassess and rethink the way they protect their networks, users and data.
Zero Trust Model: New Network Security, New Dangers
The zero trust model opens up new possibilities in cybersecurity. The basic idea of this approach is that everything that happens inside or outside the network is constantly controlled and checked. To this end, access to all applications is restricted as much as possible. Employees are only authorised to access data that they need for their daily work. The basic principles of the Zero Trust approach:
Networks must be designed to limit East-West traffic and access.
Incident detection and response should be facilitated and improved through comprehensive analytics and automation solutions. This requires centralised management and visibility of the network, data, workloads, users and devices in use.
Access to the network should be restricted as much as possible for all users.
In multi-vendor networks, all solutions should be seamlessly integrated and interlock to enable compliance and uniform protection. The solutions should also be easy to use so that additional complexity is avoided.
In the fight against cyber criminals, but also under aspects of data protection, the encryption of data traffic on the internet is becoming increasingly popular. According to Google's Transparency Report, more than 90 percent of data traffic is now encrypted with SSL or TLS connections. But encryption only increases security at first glance, because at the same time it creates gaps in network security. After all, most of the security devices used are not designed to decrypt and check data traffic. This also applies to the Zero Trust model, as transparency is a key element for successful implementation here. Without complete transparency of encrypted traffic, the model fails and introduces vulnerabilities that can be exploited by both insiders and hackers.
Zero Trust Environments: Decryption as a success factor
Therefore, if companies adopt a zero trust model, a centralised and dedicated decryption solution should be an essential component of the security strategy. While many providers claim that they are able to decrypt their own traffic because they operate independently of a centralised decryption solution. However, such distributed decryption can bring its own problems - such as poor performance or network bottlenecks. Fixing them then usually requires costly upgrades. In a security infrastructure with multiple vendors and devices, distributed decryption also forces companies to distribute their private keys across multiple locations. This creates an unnecessarily large attack surface on the network that could be exploited.
Therefore, it is essential to install a dedicated, centralised decryption solution to gain complete visibility into TLS/SSL traffic. The solution must also provide a layered security approach to be suitable for use in a zero-trust network:
Complete transparency of the data traffic: The security infrastructure must be able to check all data traffic in plain text and at high speed to ensure that no encrypted attacks are possible or data leaks occur.
Easy integration: A solution should be vendor-independent and easy to integrate with security devices already deployed in the network. This avoids additional costs and upgrades.
Multi-layered Security Services: These are additional security services, including URL filtering, application visibility and control, threat intelligence and threat investigation, that help strengthen security effectiveness across the network.
User access control: A TLS/SSL decryption solution should be able to enforce authentication and authorisation policies to restrict unnecessary access, log access information and provide the ability to apply different security policies based on user and group IDs.
Micro-segmentation: An appropriate solution should enable micro-segmentation through granular traffic control, traffic control based on user and group IDs, and support for multi-tenancy.
Securing cloud access: SaaS security is an important feature that is achieved by enforcing access control and transparency of user activities.
A centralised and dedicated TLS/SSL decryption solution should ultimately be a fundamental part of any zero-trust approach. This is the only way to achieve the overall goal of protecting networks, users and data from threats inside and outside the network. (hi/fm/computerwoche)