Zero Trust: Implementing A Path Forward

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Chaim Mazal of Gigamon helps pave the path forward for standardizing zero-trust architecture with these best practices to consider.

Zero trust has been making waves in the cybersecurity community for more than a decade, but there’s still so much ambiguity around the concept and how to achieve it.

The ultimate goal of implementing a zero-trust architecture is to remove any implicit trust in an organization’s network. Basically, the network should assume you are a malicious player unless you prove otherwise. This approach moves an organization’s security strategy away from perimeter-based controls to distributed controls across the network, including within your hybrid cloud environment.

Since the onset of this concept, it’s long been thought of as a distant priority or an idealistic end goal organizations would strive to achieve one day. There was little momentum in making a true zero-trust implementation a reality, so achieving this felt unattainable.

Until now.

Zero Trust: Implementing A Path Forward

What’s Next?

There’s been impressive momentum in recent months, likely stemming from the increasing ramifications of the threatscape coupled with a swift shift to the cloud. For example, both the Department of Defense (DOD) and the Cybersecurity and Infrastructure Security Agency (CISA) released frameworks for organizations to begin implementing zero-trust architectures. CISA’s Zero Trust Maturity Model provides a roadmap that includes a variety of concepts and ideas for organizations to follow; the DOD provides a more actionable approach in its Zero Trust Strategy.

With the DOD and other highly regarded entities pushing for stronger implementation, here’s what cybersecurity leaders need to consider and enact in order to bring their organizations closer to achieving this.

1. Simplify your systems and focus on the packets. Today’s CISOs and other cybersecurity leaders are dealing with hideous complexity. Cloud architecture drastically changed over the last few years, leading many organizations to revisit their traditional security strategies. Additionally, security leaders are expected to provide near-constant attention to messages from their Supervisory Control and Data Acquisition (SCADA) systems managing their Industrial Control Systems (ICS), BYOD (Bring Your Own Device) demands, and network performance. That said, there is one common thread connecting all of these demands — packets. The National Institute of Standards and Technology (NIST)’s Zero Trust Architecture agrees; packets can be a powerful source of truth and can simplify the environment, helping to provide clarity and get closer to achieving zero trust. Security leaders must keep their eyes on the packets and cut out the noise by simplifying their networks as best as possible. This is important in laying the foundation for zero trust.
2. Don’t do normal. Much of zero trust architecture hinges on artificial intelligence (AI) and machine learning (ML) anomaly detection. However, the challenge of making this run smoothly is feeding all of the logs, agent telemetry, and configuration service provider (CSP) telemetry into security orchestration, automation, and response (SOAR). Logging gap and normalization, however, will hamper the ability of the AI/ML environment to detect anomalies and coordinate activities in multiple environments, such as lateral movement from cloud to on-prem. Using Advanced Metering Infrastructure (AMI) offers an alternate approach to filtering data to the same schema. This not only drastically simplifies the environment, but it also complex data in the same schema. This is a massive accelerator for AI/ML, and will help security leaders bring their organizations one step closer to a zero trust environment.
3. Don’t overlook the small stuff when it comes to segmentation. As I mentioned before, there are plenty of standards and roadmaps for achieving zero trust, and almost all require micro and macro segmentation. It works, but it is hard to accomplish. In order to incorporate proper segmentation, CISOs and other security leaders should:

1. • Plan segmentation ahead of time and more thoroughly
   • Troubleshoot and modify the segmentation when necessary
   • Keep a broad perspective on all network activities once segmentation has been implemented
   • Increase random network discovery checkpoints to explore what users can speak to, ultimately drawing attention to any threat actors
   • Add endpoint tools. Cyber-criminals often turn these agents off, which will make them stick out like a sore thumb in your network

Final Thoughts

Zero trust should no longer be the unattainable goal on the horizon, but instead something every cybersecurity professional is working toward. I think it’s great that some of the most trusted entities are making a cognizant push toward enforcing zero trust. Though adopting zero trust comes with great responsibility, it also presents an even greater reward. Those in charge must do what they can to bring their organizations closer to achieving it. I truly believe it’s the only sensible path forward to combat the ever-evolving cyber threat landscape.