There is no zero trust without network visibility
One of the fundamental principles of cybersecurity is that you can't protect what you can't see. For organisations, that means knowing at any given time who and what is on your network, how data is flowing across it, and the health of your endpoints.
This isn't a static picture: endpoints, data flows, and users are dynamic. To protect the network and get the highest level of performance from it, organisations need to understand how all these different factors work together and shift over time. That granular understanding of the network is even more important for organisations implementing a zero trust architecture.
The rising trend of zero trust implementation is a direct reaction to increasingly sophisticated cyberattacks. Zero-trust principles foster more effective threat detection because they reject the notion that security happens at the perimeter and that all network traffic is legitimate traffic. Instead, zero trust presumes that attackers are already inside the network. It follows then that network visibility is a key and foundational piece of a zero trust architecture.
However, even though zero trust security calls for network visibility, many organisations have historically ignored their internal networks as avenues for cyberattacks. Cybercriminals have taken advantage of this lack of security awareness to prowl and camp out inside corporate networks.
The result of this oversight can be disastrous. When attackers can move freely and undetected on the network, they can gain access to privileged systems, install ransomware or other malware, and exfiltrate data.
For these reasons, network detection and response (NDR) has emerged as a foundational building block in many leading organisations' zero trust journeys.
NDR solutions track and stop attacks before they can do major damage to a company. Importantly, NDR should also provide granularity over what users, applications, and other entities are doing on the network.
This is important intelligence that can help organisations decide how to control workflows and the flow of data, and to enforce policies like microsegmentation, which are key to achieving the architectural vision for zero trust.
A boost from application modernisation
Building on the utilisation of network visibility, a specific focus on application management can also be beneficial for organisations moving down the zero trust route.
There is a connection between zero trust, visibility, and application management. Applications are at the heart of most business operations that run across the modern network today, so application management is also considered key to visibility, zero trust, and understanding where and how data is being used. Some modernisation (read: consolidation) of the application estate may be necessary to achieve or fast-track zero trust outcomes.
Over time, many organisations amass sprawling application estates. The large number of applications in these estates may or may not be documented and kept up-to-date for a variety of reasons, such as the internal use case not being supported by newer versions of the software or, the software reaching its end-of-life or being out of vendor support.
This presents an issue for zero-trust adherents because, under certain conditions, anything on the network has the potential to be vulnerable and, therefore, needs to be protected. Organisations need to get rid of applications on the network that are under-utilised or no longer being used because, otherwise, time and energy must be spent protecting and monitoring them.
Visibility can help in identifying these applications via their traffic patterns across the network. By understanding applications that are of limited value or whose continued presence on the network poses an unacceptable risk, organisations are then able to understand where they should target modernisation efforts and investment in order to simplify the environment.
The less complicated the network is, the easier it is to create a holistic picture, secure and manage it, and implement effective zero trust-based controls.
A role for AI in zero trust
One other emerging technology that may have a role to play in the move to zero trust architectures is artificial intelligence (AI). While much has been made of the threats posed by AI in a cybersecurity context, there is starting to be recognition that AI can also make zero trust successful and make additional layers of network visibility attainable.
While security practitioners are advised to embrace AI, as in other sectors there should be a degree of caution exercised.
AI is a tool, like a calculator, that can help direct the valuable time and intellectual energy of security professionals towards tasks that make better use of their skills. Much like a calculator, AI's outputs are only as good as the data fed into it.
Security analysts relying on an AI tool to monitor their network need to understand how that tool generates alerts so they can respond to them intelligently. Used correctly, AI can help security teams respond to threats more quickly and accurately, getting them closer to their zero trust goals.