Zero Trust
Lock down sensitive data with Zero Trust
What Is
Zero Trust?
Zero Trust architectures have become a compelling means for modern enterprise and government institutions to secure sensitive data in the face of digital transformation and the loss of the traditional network perimeter.
Nearly a decade ago, Forrester Research introduced the concept of Zero Trust. One of its leading analysts, John Kindervag, is credited with designing the original Zero Trust framework. 1 Zero Trust posits that the concept of a trusted internal network zone and an untrusted external network zone should be eliminated. In essence, no data traffic can be trusted. As data flows through your network, it is essential that all parties involved undergo restriction, reauthentication and validation at every point.
“Security professionals must stop trusting packets as if they were people.”
John Kindervag, Forrester Research 1
Five basic tenets
of Zero Trust
Benefits of Zero Trust
Attackers will successfully and regularly penetrate your networks. A Zero Trust architecture enables you to minimize their reconnaissance of your network and their access to your protected data and intellectual property. It also helps you slow their progress and detect their presence early in the execution of their cyber kill chain. When you can identify and stop them before they can exfiltrate targeted data and/or funds, your cyberdefense strategy will have prevailed. Zero Trust can reduce your risk, lower expenses through reduced risk of loss and more efficient use of your personnel and improve the overall effectiveness of your security architecture.
Foundational security using DNS and Zero Trust
The Domain Name System (DNS) is a central component of your current information technology and network architecture. During the rapid deployment of the changes necessary to support digital transformation, many enterprises have failed to include DNS controls, administration and management within their cybersecurity strategy. Often these capabilities have defaulted to a mix of ISPs, on- and off-premises local hardware and multiple, disparate cloud-based capabilities. These diverse and separate DNS capabilities generally have no integration with modern cybersecurity threat intelligence, web filtering or other important defensive capabilities. Most of these capabilities have no integrated support for the most common cyberthreats or for distributed denial of service (DDoS) attacks. They also lack the centralized visibility essential to making DNS and foundational security cornerstones of Zero Trust for their enterprise.
These foundational security services, including DNS, DHCP and IP address management (DDI), are essential to all IP-based communications. Foundational security using DNS further offers an ideal opportunity to gain centralized visibility and control over all of your computing resources, following the tenets of Zero Trust. DNS can be a source of telemetry, helping to detect anomalous behavior (e.g., a device going to a server it usually doesn’t go to) and to analyze east-west traffic. DNS can also continuously check for, detect and block C&C connections. For every cloud and on-premises data center that your enterprise uses, DNS can be a centralized point of visibility and risk reduction.
How to get started with Zero Trust
Download our white paper on Zero Trust to learn more. It describes a Zero Trust architecture’s essential components, its core capabilities and some important use cases that support the framework. In addition, it explains the critical roles that DNS and foundational security can play in your deployment of Zero Trust architectures.
Related Products
BloxOne®
Threat Defense
Quickly deploy on-premises, cloud or hybrid DNS-layer security everywhere
BloxOne® Threat Defense
Quickly deploy on-premises, cloud or hybrid DNS-layer security everywhere
Cybersecurity
Ecosystem
Automate SecOps response and efficiency with advanced integrations
Cybersecurity Ecosystem
Automate SecOps response and efficiency with advanced integrations
Advanced
DNS Protection
Protect enterprise DNS infrastructure to ensure maximum uptime
Advanced DNS Protection
Protect enterprise DNS infrastructure to ensure maximum uptime
Threat Intelligence
Leverage DNS and multi-sourced threat intel to improve effectiveness of your total security stack
Threat Intelligence
Leverage DNS and multi-sourced threat intel to improve effectiveness of your total security stack