SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
AI
#
Cybersecurity

There is no zero trust without network visibility

Fri, 3rd May 2024
By Simon Howe, Area Vice President for Australia and New Zealand, ExtraHop

One of the fundamental principles of cybersecurity is that you can’t protect what you can’t see. For organisations, that means knowing at any given time who and what is on your network, how data is flowing across it, and the health of your endpoints. 

This isn’t a static picture: endpoints, data flows, and users are dynamic. To protect the network and get the highest level of performance from it, organisations need to understand how all these different factors work together and shift over time. That granular understanding of the network is even more important for organisations implementing a zero trust architecture. 

The rising trend of zero trust implementation is a direct reaction to increasingly sophisticated cyberattacks. Zero-trust principles foster more effective threat detection because they reject the notion that security happens at the perimeter and that all network traffic is legitimate traffic. Instead, zero trust presumes that attackers are already inside the network. It follows then that network visibility is a key and foundational piece of a zero trust architecture.

However, even though zero trust security calls for network visibility, many organisations have historically ignored their internal networks as avenues for cyberattacks. Cybercriminals have taken advantage of this lack of security awareness to prowl and camp out inside corporate networks.

The result of this oversight can be disastrous. When attackers can move freely and undetected on the network, they can gain access to privileged systems, install ransomware or other malware, and exfiltrate data.

For these reasons, network detection and response (NDR) has emerged as a foundational building block in many leading organisations’ zero trust journeys. 

NDR solutions track and stop attacks before they can do major damage to a company. Importantly, NDR should also provide granularity over what users, applications, and other entities are doing on the network. 

This is important intelligence that can help organisations decide how to control workflows and the flow of data, and to enforce policies like microsegmentation, which are key to achieving the architectural vision for zero trust.

A boost from application modernisation

Building on the utilisation of network visibility, a specific focus on application management can also be beneficial for organisations moving down the zero trust route.

There is a connection between zero trust, visibility, and application management. Applications are at the heart of most business operations that run across the modern network today, so application management is also considered key to visibility, zero trust, and understanding where and how data is being used. Some modernisation (read: consolidation) of the application estate may be necessary to achieve or fast-track zero trust outcomes. 

Over time, many organisations amass sprawling application estates. The large number of applications in these estates may or may not be documented and kept up-to-date for a variety of reasons, such as the internal use case not being supported by newer versions of the software or, the software reaching its end-of-life or being out of vendor support.

This presents an issue for zero-trust adherents because, under certain conditions, anything on the network has the potential to be vulnerable and, therefore, needs to be protected. Organisations need to get rid of applications on the network that are under-utilised or no longer being used because, otherwise, time and energy must be spent protecting and monitoring them. 

Visibility can help in identifying these applications via their traffic patterns across the network. By understanding applications that are of limited value or whose continued presence on the network poses an unacceptable risk, organisations are then able to understand where they should target modernisation efforts and investment in order to simplify the environment.

The less complicated the network is, the easier it is to create a holistic picture, secure and manage it, and implement effective zero trust-based controls. 

A role for AI in zero trust

One other emerging technology that may have a role to play in the move to zero trust architectures is artificial intelligence (AI). While much has been made of the threats posed by AI in a cybersecurity context, there is starting to be recognition that AI can also make zero trust successful and make additional layers of network visibility attainable. 

While security practitioners are advised to embrace AI, as in other sectors there should be a degree of caution exercised. 

AI is a tool, like a calculator, that can help direct the valuable time and intellectual energy of security professionals towards tasks that make better use of their skills. Much like a calculator, AI’s outputs are only as good as the data fed into it. 

Security analysts relying on an AI tool to monitor their network need to understand how that tool generates alerts so they can respond to them intelligently. Used correctly, AI can help security teams respond to threats more quickly and accurately, getting them closer to their zero trust goals.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cybercriminals use legitimate software for attacks increasing
Gartner report criticises SOAR systems, Acora defends approach
Cequence Security announces strategic partnership with Netskope
HackerOne launches PartnerOne to expand global cybersecurity access
Veeam launches enhanced backup solution for Microsoft 365
Top stories
Forescout's 2024 H1 Threat Review reveals surge in cyber threats
Andre Schindler promoted to SVP at NinjaOne amid growth
Absolute Security acquires Syxsense to boost resilience platform
Navigating the evolving world of Artificial Intelligence
Action1 enters Australian market with local data centre