It’s an unassailable reality for today’s enterprise organizations: security and network teams must continue to do more to address the rapidly growing mass of devices that are being connected to their networks. And they absolutely must keep up with this increased device scale without the benefit of analogous scale to their resources, neither human nor capital. This undeniable trend is not new, but in our interactions with enterprise teams we continue to see an increased push towards a Zero Trust network topography. This comes up more frequently in meetings that our teams are having, so I wanted to share some background, common themes and best practices we are seeing around this topic. And away we go.
To start, we need to establish a clear definition. I will spare you from the endless pages of search results [and vendor-specific opinions and positions] that googling ‘Zero Trust Architectures’ will produce. I like this one from CSO Online…it’s concise and straightforward; from it you will learn that the Zero Trust concept was created by John Kindervag in 2010, and is growing in popularity.
I think that this line sums it up best:
Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
Sounds great, let’s do that. Let’s get the CISO to implement this and report her progress during the next Board of Directors meeting.
Let’s be honest, it’s not that simple. What isn’t stated, but rings from the words in the statement above, is that you simply cannot build a trust model for ANYTHING inside or outside your network, without complete visibility of the devices in your environment. Not just mac and IP address visibility, but contextual visibility of all of the assets coming in and out of the environment. You have to know your environment and devices completely, to even start. Oh, and that isn’t a onetime visibility, it is going to have to be continuous since the environment is constantly changing and systems, devices, people are attaching to and detaching from your network at a head-spinning rate.
But simply knowing isn’t enough. The second piece of this puzzle is the verifying exactly what every device and system is before you give it access. Behavior is key. You can’t trust something about which you don’t have complete understanding. Which means it’s imperative to add behavioral context – and dynamic and continual adjustment of that context – on top of the already important continuous visibility. You have to know exactly with what devices inside and outside of your network each device communicates. More importantly, you have to know with what devices – internal and external – each device SHOULD communicate. You have to be able to do this across the campus, data center, remote offices/branches and you have to be able to do it across traditional IT, OT, IoT, medical…you name it.
So now I see the device, I understand the behavior of the device, I am always watching, learning, seeing communications, placement on the network…..etc. Now I know what I have, what it’s doing, with whom it’s doing it, and whether or not it’s operating in the way I want it to operate.
Next step – Enforce/Regulate/Control/Take Action….whatever you call it, this is the implement and control phase. This is where the rubber meets the road. This is where we don’t necessarily worry about trusting the device, this is where we basically make sure the device only does what you want it to do. That it only does what you allow it to do, no trust needed.
The good news is you probably already have the infrastructure in place to achieve this. Most organizations have invested in enterprise switch infrastructure, next generation Firewall technology, Network Access Control systems, etc. With intelligent and dynamic policy generation, Ordr gives you the power to utilize your existing infrastructure for enforcement; this is truly proactive protection for the hyper-connected enterprise.
Want to see this in action? We would love to show you.
Darrell is VP Sales at Ordr. He joined Ordr as one of the original Account Executives in October of 2018 to help launch the field organization. In his prior role as Ordr’s Director of Healthcare Sales, Darrell drove significant growth in healthcare sales and helped position Ordr as the leader in connected device security. Darrell has had over 20+ years of Sales Leadership, Account Management, and Field Engineering experience supporting customers and partners while with leading security and networking organizations – ForeScout Technologies, FireEye, Mandiant, F5 Networks, and Secure Computing Corporation. Darrell earned a Bachelor of Science in Electrical and Computer Engineering from the University of Minnesota, Duluth.
Follow by Author