Trust No-One: The Hard Truths about Zero Trust

It’s time to attack your customers’ networks. Repeatedly.

 -    Chris Phelan and Peter Bahas, Keysight Technologies 

Credit: Chris Phelan, Keysight Technologies

Credit: Peter Bahas, Keysight Technologies

Perimeter security feels good, right? Your customers want it because it’s that line of defence at the outer edge of their systems, infrastructure and data stores that blocks, firewalls and detects intrusions. They need it, and you need to make sure they’ve got the latest and greatest they can afford. But, as their trusted adviser, here’s a first hard truth you may already have delivered to them: it’s not enough.

Whether Australian businesses, government agencies and start-ups are officially jumping on the Zero Trust trend or not, most are asking technology partners to help them shore up defences against ransomware, strengthen cyber security capabilities, and embed robust security strategies. They need your help to do it, and often with limited budgets.

The modern enterprise or public sector network is complex and increasingly challenging to secure thanks to technology advances like IIoT, increasing network speeds, edge deployments and evolving hybrid cloud environments. If you modernise perimeter security without addressing customers’ internal networks, cybersecurity is at risk.

Truth: Zero Trust is an Approach not a Technology Product

The thing is, there isn’t one single Zero Trust solution. The architecture is composed of numerous components that, when used together, support a new approach to address the cyberthreats of today and tomorrow.

This approach dictates that all devices and users that try to access the organisation’s network, data, applications and digital services must be verified each and every time. No device is to be trusted by default, even if it is used by an employee or was previously verified.

It’s quite the task from an integrator’s perspective, but the good news is that you can leverage cybersecurity tools your customers already own to establish their Zero Trust frameworks, such as next-generation firewalls (NGFW), security information and event management (SIEM), and asset discovery tools.

A critical component will be a modernised network with intelligent network visibility, necessary to eliminate blind spots and ensure the network is delivering only the necessary data that security tools require to detect threats (i.e.. not a bunch of duplicated, unstructured data).

Truth: Security tools are being overloaded with data

Throwing all available data at security tools might seem like a great way to ensure nothing gets missed, but it’s inefficient and adds both processing time and cost. Did you know that, on average, it takes about nine months to detect and contain a data breach? If it’s the result of a malicious attack, that increases to around ten and a half months^[1]. You don’t want to add unnecessary data analysis time to the process.

Intelligent visibility provides security and monitoring tools with fast, easy access to all required traffic from a hybrid IT environment — networks, the edge, data centers, and private and public clouds. A well-constructed visibility solution uses network and virtual taps to capture and send traffic to a network packet broker (NPB) where it is aggregated and filtered. The NPB then intelligently distributes the traffic so all the security and monitoring solutions within a Zero Trust or other security architecture can cost effectively analyse the relevant data they need from anywhere in the network.

Truth: You Must Venture into the Dark Web

If your customers’ overarching approach to cybersecurity solutions doesn’t also include effective and regular Breach and Attack simulations complete with dark web attacks, you’ve got work to do.

Criminals are too good at finding the gaps in this complex world of connected devices, remote work and rapid digital transformation, whether they be network vulnerabilities or human vulnerabilities. You need to regularly test your customers’ security frameworks with attacks that pre-empt real cyber-attacks.

Truth: Modern networks are changeable beasts, difficult to secure

IT environments are evolving. Along with advances in technology come new blind spots and gaps to identify and fortify.

Speed - Networks are increasing from 10G to 40/100G, which can overwhelm security tool capacity.

Encryption - Over 85% of traffic is encrypted. That’s positive, but many security tools are unable to inspect and analyse SSL/TLS encrypted traffic, creating blind spots.

Hybrid cloud - Deployments that cross multiple public clouds and on-premise data centres are increasingly common. However, many security tools ingest network traffic (packet data) as their primary data source to detect and prevent threats. Accessing packets across multiple cloud platforms, without dropping or compromising critical data, is a significant challenge.

Virtualisation - Thanks to widespread adoption of Bring Your Own Device (BYOD) policies, a high percentage of attacks and breaches occur and spread internally, never having been seen by perimeter security. As part of a Zero Trust architecture, internal (lateral or “East-West”) traffic must be monitored to detect and block threats that have breached the perimeter. East-West traffic between virtual machines (VMs) in a private cloud often never leaves the server on which it is hosted, which makes it more difficult to inspect.

A whopping 80% of typical enterprise traffic is East-West. The myriad networks strung together to make up Australia’s public sector compound the issue with a complex web of East-West, inter-departmental traffic. This includes traffic from many remote workers using devices at home. None of this traffic should be set to trust as a default.

Truth: Effective cyber security requires maintenance

Here’s one final truth for today: building and testing a robust security infrastructure is not a one-time event. The threat landscape is ever-changing and dynamic.

Whether you are focused on cybersecurity as a niche, or expected to help secure public and private sector customers as part of the over-arching IT environments you’re designing, deploying, managing and maintaining, network security and network fortification represent opportunities to provide significant value over time.

Your security related services must include a continuous validation process of ‘checks and balances’ to ensure the effectiveness of your implementations and the policies built within them otherwise your customers are at a disadvantage against their cyber adversaries.

A fortified network with intelligent visibility and continuous validation is critical to support a heightened cyber security strategy – whether that be Zero Trust or somewhere on the path towards it.

—-----

Chris Phelan, Regional Sales Manager and Peter Bahas, Technical Services Manager are from the Network Applications and Security team at Keysight Technologies. Keysight delivers advanced design and validation solutions that help accelerate innovation to connect and secure the world - including network performance optimisation and visibility in enterprise, public sector, service provider and cloud environments. Visit www.keysight.com or CONTACT US for more info.

^[1] Ponemon Institute for IBM, 2021