Andrew Green

The National Institute of Standards and Technology (NIST) zero-trust security framework presents a new way of solving an age-old problem of securing networks and information, and organizations of all sizes are rethinking their security architecture, processes, and procedures to adopt zero-trust principles.

According to the NIST, “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location or based on asset ownership ... Zero trust focuses on protecting resources, not network segments, as the network location is no longer seen as the prime component to the security posture of the resource.”

The ZT model is easily visualized as a set of pillars representing security areas such as devices, applications, and users. But beneath all these pillars are the foundational aspects of the zero-trust model: visibility, analytics, automation, and governance.

Zero-Trust Pillars and Foundations: Device Trust, Data Trust, Network/Environment Trust, Application Trust, and User Trust

ZT adoption is an incremental and continual process of improvements and adaptations. As organizations begin and refine their ZTA, their solutions increase in reliance on comprehensive visibility and monitoring, automated processes and systems, and integrating more fully across pillars, becoming more dynamic in their policy enforcement decisions.

Implementing and developing the ZTA takes time, and the architecture itself will continue to evolve as policies, processes, and tooling are improved. But verification and ongoing auditing of the ZTA is critical to knowing and demonstrating that your security is indeed working.

In January 2022, the Executive Office of the President issued Memorandum M-22-09 to provide direction and impetus for implementing ZT principles to protect government resources. The strategies set forth are equally applicable in the private sector. The memo describes ZT tenets, pillars, and foundations and directly calls out the need for comprehensive visibility.

Requirements from the section on network visibility and attack surface include the following:

  • Monitoring: “Network monitoring against the risk of weak or compromised network inspection devices. Inspecting and analyzing logged network traffic is an important tenant of zero-trust architecture.”
  • Inspection: “In other places, deep traffic inspection may be more valuable and can create less of an increase of the attack surface.”
  • Analysis: “Network traffic that is not decrypted can and should still be analyzed using visibility or logged metadata, machine learning techniques, and other heuristics for detecting anomalous activity.” 

In traditional, non-ZT deployments, the monitoring and analytics foundation is gathering packets at the network perimeters and occasionally at particularly specific or sensitive areas of the internal network as well.

As the ZTA matures, perimeters blur or vanish altogether. East-west traffic now must be seen and controlled to detect and prevent lateral or deeper compromise. Therefore, monitoring visibility must be extended across the entire network, both physical and virtual. In a very mature stage of ZT, full visibility and advanced analytics and intelligence validate the correctness and enforcement of security policies.

How does NETSCOUT help with a ZTA? NETSCOUT provides the comprehensive visibility foundation with instrumentation focusing on threats and vulnerabilities, allowing for immediate detection as well as back-in-time investigations. Additionally, Omnis Cyber Intelligence (OCI) fills the visibility and data gaps left by other cybersecurity tools (e.g., security information and event management and endpoint detection), making those tools and existing cybersecurity staff more effective and reducing the number and cost of data breaches.

Smart Detection in Action: Reduction of Risk, Vulnerability Detection (Advanced Early Warning and Continuous Attack Surface Monitoring), Threat Detection (Contact Tracing and Back in Time Investigation), all supported by Visibility Without Borders - Unlimited Scale, NETSCOUT Smart Data, and Network Packets.

OCI achieves this by converting packets into Smart Data at scale, enabling visibility across the entire network (including hybrid/multicloud environments)—what we call Visibility Without Borders. OCI’s main featured areas include the following:

  • Advanced early warning
  • Continuous attack surface monitoring
  • Contact tracing
  • Back-in-time investigation
4 Ways to Ensure Cybersecurity with Omnis Cyber Intelligence

Watch this video to learn more.

From physical and virtual network probes in private and public clouds and enterprise data centers to threat detection; packet aggregation; and advanced packet-capturing features such as continuous, real-time creation of layer 2–7 metadata, indexing, compression, and deduplication, no aspect of visibility or threat detection is unseen.

Whether your ZT initiative is still in the planning phase or already very mature, NETSCOUT has the experience and tooling to provide all aspects of the security visibility and analytics foundation you need for the life of your organization.

Read more about how to increase security via a zero-trust architecture.

Subscribe to Our Blog