Skip to main content

Establishing A Zero-Trust Infrastructure

September 04, 2014

When looking at a security posture, the main concern is usually about blocking a potential attacker who sits outside our network from getting inside our network. This is often referred to as perimeter defense. While this is a very important security issue to be concerned with, it is not the only one.  There is a new paradigm to be concerned with and this is protecting your sensitive data from a potential breach from the inside.  This new paradigm is the ability to create a ‘zero trust’ infrastructure.  This means that there is no default trust for any entity on the network. This includes users, devices and applications. By establishing ‘zero-trust’ boundaries, you are in essence compartmentalizing segments of your network. This compartmentalization allows you to positively control who has access to critical resources. It also can allow you to control the user access, applications being used and scanning for any potential threats as the user accesses the resources you are allowing them access to.  This is just another step in reducing the exposure of vulnerable systems, and prevent the lateral movement of malware throughout your network.

Some of the concepts around a ‘zero-trust’ networks are the ability to provide secure access to the network, this means via a remote VPN session or having to authenticate to access the network. Another piece of the ‘zero-trust’ network is the ability to inspect all traffic. This inspection should be done at the application level so that we don’t run into issues such as application port hopping. The goal here is to provide the designated users with only the required access to perform their job function. One of the most important pieces to a ‘zero-trust’ network is the ability to perform advanced threat protection. This allows us to perform another layer of defense for things like malware spread. Possibly the most important piece in building a ‘zero-trust’ network is for the security device to have a very high performance level as to not become the bottleneck in the network.

Another concern is the ability to identify devices and guest users that access our wireless networks. The ideal solution would allow us to identify the user and their device as they attached to the wireless network and have the authentication device update your security platform with this information so that we can track and log this guest user activity.

Once this ‘zero-trust’ network is established, you can prevent things like the exfiltration of sensitive data by someone who possibly should not have access to this sensitive data.  Also the ability to contain the spread of Malware throughout the network. This ‘zero-trust’ network may also help in meeting specific compliance recommendations.

Related Blogs

February 28, 2017

What is a Hyper-Converged Infrastructure... and why use it?

Back in the day, cloud was the big buzzword. Are you in the cloud? Have your started to use the cloud? Every company, big or small, was offering some ...

See Details

June 22, 2017

What Changes will EO 13800 Bring to Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure?

Anyone who has held the position of CIO or CISO in a government agency or bureau can tell you implementing an effective information risk management pr...

See Details

October 30, 2017

Critical Infrastructure Security

The United States Department of Homeland Security identifies 16 critical infrastructure sectors whose assets, systems and networks—whether physical or...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.