Exploring the Components of a Zero-Trust Architecture
Once the protect surface is defined, we can identify the traffic patterns representing normal usage. Defining users, applications and access methods is critical to building the network policies that create “microperimeters” around the protect surface.
To control access and prevent sensitive data exfiltration, it is also critical to use next-generation firewalls, especially when implementing granular Layer 7 policies.
Finally, adaptive monitoring is crucial for identifying new protect surfaces and refining policies over time.
MORE ON EDTECH: Establish a long-term security plan for remote staff and faculty.
Key Networking Capabilities Needed for Building a Zero-Trust Network
All in all, executing a zero-trust architecture requires some key networking capabilities. Here’s a summary of those capabilities and their functions:
- Enhanced identity governance. You must be able to define users and their roles. According to the principle of least privilege, any entity that requests access to a network (or segment) should only have the minimum rights needed to achieve that entity’s work goals.
- Microsegmentation. This method allows fine-grained policies to apply to each component of the protect surface.
- Device agents or gateways. Device agents enforce policies on individual endpoints, as well as on collections of endpoints.
- Resource portals. These can act as proxies for an individual resource or a secure enclave of related resources.
- Device application sandboxing. Protect applications running on the host by testing potentially malicious code in virtual machines or containers that are in an isolated environment. This helps to prevent host-specific attacks.
- Endpoint protection. This approach is a critical part of zero-trust deployment. Devices should be scanned for vulnerable or compromised software before being permitted to access protected resources.
DIVE DEEPER: Ransomware — to pay or not to pay?
Trusted Platform Modules and Ransomware Prevention
To prevent ransomware, enabling Trusted Platform Module (TPM) capabilities can further protect devices. This ensures that appropriate security features such as data execution prevention and disk encryption are in use. With TPM 2.0 and Windows 10 or later, it’s possible to use a mobile device management service to query device health — and use that information in the decision to grant or deny access to a protected resource.
Once assembled, a zero-trust architecture works to ensure that users, devices and network traffic are all verified and subjected to least-privilege rules when accessing trusted resources.
This way, compromised assets are limited in their scope and an attacker is prevented from moving laterally across the network. Zero-trust architectures, coupled with appropriate endpoint security and a rigorous backup and recovery discipline, can greatly mitigate ransomware and other risks.