Zero Trust

Lock down sensitive data with Zero Trust

What Is
Zero Trust?

Zero Trust architectures have become a compelling means for modern enterprise and government institutions to secure sensitive data in the face of digital transformation and the loss of the traditional network perimeter.

Nearly a decade ago, Forrester Research introduced the concept of Zero Trust. One of its leading analysts, John Kindervag, is credited with designing the original Zero Trust framework. ¹ Zero Trust posits that the concept of a trusted internal network zone and an untrusted external network zone should be eliminated. In essence, no data traffic can be trusted. As data flows through your network, it is essential that all parties involved undergo restriction, reauthentication and validation at every point.

Learn more

¹ http://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf

“Security professionals must stop trusting packets as if they were people.”

John Kindervag, Forrester Research ¹

Five basic tenets
of Zero Trust

Data is the central element that must be protected. You need to continually and carefully revalidate access to this data, at all times.

To best protect your data, you must understand how it flows, both to be able to validate it later and to build out what Kindervag called micro-networks.

With an understanding of the critical data that must be protected, you can then create the micro-networks that map best to the data’s flow.

Visibility and monitoring are key. You must have visibility into all activity within your network, log it and be able to analyze it comprehensively to determine if any malicious behavior is present.

You should wrap Zero Trust best practices into your security automation strategies and use orchestration tools to support your efforts.

Benefits of Zero Trust

Attackers will successfully and regularly penetrate your networks. A Zero Trust architecture enables you to minimize their reconnaissance of your network and their access to your protected data and intellectual property. It also helps you slow their progress and detect their presence early in the execution of their cyber kill chain. When you can identify and stop them before they can exfiltrate targeted data and/or funds, your cyberdefense strategy will have prevailed. Zero Trust can reduce your risk, lower expenses through reduced risk of loss and more efficient use of your personnel and improve the overall effectiveness of your security architecture.

Foundational security using DNS and Zero Trust

The Domain Name System (DNS) is a central component of your current information technology and network architecture. During the rapid deployment of the changes necessary to support digital transformation, many enterprises have failed to include DNS controls, administration and management within their cybersecurity strategy. Often these capabilities have defaulted to a mix of ISPs, on- and off-premises local hardware and multiple, disparate cloud-based capabilities. These diverse and separate DNS capabilities generally have no integration with modern cybersecurity threat intelligence, web filtering or other important defensive capabilities. Most of these capabilities have no integrated support for the most common cyberthreats or for distributed denial of service (DDoS) attacks. They also lack the centralized visibility essential to making DNS and foundational security cornerstones of Zero Trust for their enterprise.

These foundational security services, including DNS, DHCP and IP address management (DDI), are essential to all IP-based communications. Foundational security using DNS further offers an ideal opportunity to gain centralized visibility and control over all of your computing resources, following the tenets of Zero Trust. DNS can be a source of telemetry, helping to detect anomalous behavior (e.g., a device going to a server it usually doesn’t go to) and to analyze east-west traffic. DNS can also continuously check for, detect and block C&C connections. For every cloud and on-premises data center that your enterprise uses, DNS can be a centralized point of visibility and risk reduction.

How to get started with Zero Trust

Download our white paper on Zero Trust to learn more. It describes a Zero Trust architecture’s essential components, its core capabilities and some important use cases that support the framework. In addition, it explains the critical roles that DNS and foundational security can play in your deployment of Zero Trust architectures.

Read whitepaper