What is Zero Trust?
Zero Trust is a new model of cybersecurity designed to better address changing security requirements for modern organizations. Zero Trust frameworks improve security posture, prevent data breaches, and limit lateral movement on the network.
Zero Trust Explained
Zero Trust is a security model in which no device, user, or network segment is inherently trustworthy and thus should be treated as a potential threat.
- Security threats can be inside or outside your network.
- Every device and person accessing resources on your network must be authenticated and authorized.
- By default, no person or device is trusted.
How does Zero Trust work?
To enhance security in modern enterprises where users and devices are remote and threats are bypassing traditional perimeter defenses, it’s critical to have a rigorous security model that performs checks on a continuous basis. Before accessing the network, all devices and users should be identified and authenticated and given the least amount of access required, and then continuously monitored
What are the three main concepts of Zero Trust?
- Comprehensive visibility – Active and passive discovery provides full visibility of all users and devices on your network, which can help you implement controls.
- Least access micro segmentation and control – Access control policies grant access to resources that are absolutely necessary for a device or user and segment them from other resources that are not required.
- Continuous monitoring and enforcement – Ongoing monitoring of users and devices on the network greatly reduces risks related to threats and malware.
Aruba ESP enables Zero Trust best practices to provide a comprehensive set of capabilities that span visibility, control, and enforcement to address the requirements of a decentralized, IoT-driven network infrastructure.
Why is Zero Trust important?
Network security is increasingly challenging because of mobility, IoT, and telecommuting environments. Zero Trust allows you to increase visibility, control, and enforcement to address the security requirements of a decentralized, IoT-driven network infrastructure.
What are the benefits of Zero Trust?
Zero Trust helps ensure network security for today’s era of mobility, IoT, and work from home environments.
- Limits exposure to security risks related to vulnerable IoT devices.
- Helps reduce the risk of advanced threats that bypass traditional perimeter security controls.
- Limits damage related to lateral movement by attackers and infected devices.
- Takes a more holistic approach to security regardless of who or what is connecting and from where.
- Applies best practices such as micro-segmentation for a “Least Access” approach.
Aruba Zero Trust Architecture
Where do I start with Zero Trust?
Zero Trust network architectures focus on authentication, authorization, and continual risk management. Here’s how to get started:
- Eliminate network blind spots by discovering and profiling all devices connected to the network.
- Verify identity before allowing access using 802.1X-based authentication techniques, as well as emerging solutions for IoT devices.
- Compare endpoint configuration to compliance baselines and remediate as needed.
- Establish least-privilege access to IT resources by segmenting traffic based on identity-based policies.
- Continuously monitor the security state of the user and device, and bi-directionally communicate with other elements in the security ecosystem. Establish policies to revoke a user or device’s access rights in cases of compromise or attack.
How do I build a Zero Trust architecture?
|Zero Trust Architecture
|Aruba ESP Solution
|1. Know what’s on the network
|An organization protects resources by defining what resources it has
|2. Authenticate all users and devices
|Create, store, and manage enterprise user accounts and identity records
|3. Ensure configuration and compliance guidelines are followed
|Gather information about the enterprise asset’s current state and apply updates to configuration and software components
|4. Assign and enforce access policies in the network
|All resource authentication and authorization are dynamic and strictly enforced before access is allowed via coordination between a policy engine and a policy enforcement point
|Dynamic Segmentation enabled by:
|5. Communicate bi-directionally with the security ecosystem and respond to attacks
|Provide real-time (or near real-time) feedback on the security posture of enterprise information systems; integrate with security information and event management systems