Enabling Continuous Zero Trust in Multi-Cloud Environments with Netography Fusion
by Patrick Bedwell
The concept of a Zero Trust Architecture (ZTA) is pretty simple – trust no one, verify everyone. No user or device should be trusted automatically, even if they are connected to a permissioned environment or were previously verified. But modern multi-cloud networks are continuously evolving collections of users, applications, data, and workloads, which don’t lend themselves to ZTA.
Despite best efforts to comply with Zero Trust guidelines and other compliance requirements, the dynamic nature of multi-cloud environments prevents security teams from detecting malicious or anomalous activity.
We are seeing more of our customers with challenges related to enabling Zero Trust compliance in real-time and at scale. Their challenges fall into two general categories:
Pre-Deployment network mapping:
- Observe and measure network usage for segmentation planning: Inside and between VPC/VNets and regions, and between multiple cloud platforms
- Profile incoming and outgoing traffic flows in your environment, such as server and application flows (e.g., IPs, ports, and protocols)
- Identify previously unknown communication dependencies
Post-deployment ZTA verification and continuous monitoring:
- Verify trust boundary enforcement
- Map appropriate security policies in the new environment based on communications dependencies
- Detect trust boundary violations due to misconfigured access controls
- Identify unauthorized access to restricted assets, such as:
-
- Development assets communicating with production assets
- Out-of-scope assets communicating with in-scope assets in PCI DSS environments
- Unauthorized communication between OT and IT devices
- Detect internal systems bypassing traditional security controls, including firewalls and SSE/SASE providers.
Verify your Multi-Cloud Zero Trust security posture and other trust boundary controls with Netography Fusion®
The Netography Fusion® platform detects activity that should never happen anywhere in your modern network, in real-time. It is a security observability platform designed to deliver a very low number of high-fidelity, high-confidence alerts that your security, network, and cloud operations teams can act on.
The Fusion platform can help you take some of the pain out of your ZTA project, wherever you are on your ZTA journey:
- Before you start, map your current multi-cloud network activity to identify all communication dependencies (including those that no one knew about).
- Afterwards, validate that your new ZTA is correctly segmenting activity and enforcing controls across your multi-cloud network.
- Continuously visualize, verify, and correct network segmentation errors, in real-time, as your users, applications, data, and workloads continue to evolve
“We asked our application owners what network communication their applications required to operate so we could implement network segmentation during data center migrations, reducing the risk of lateral movement. We got blank stares. Netography is the shared source of truth between network, security, and application owners for application traffic flows, enabling us to work across the business to implement zero trust.”
-Lead Network Engineer, Fortune 250 technology manufacturer
The Fusion platform monitors your trust boundaries across a single region, multiple regions, or multiple cloud platforms, and dynamically updates the trust boundary rules when you add new segments or modify existing segments. It provides your SecOps, NetOps, and CloudOps groups with the ability to detect ZTA (and other policy) violations in real-time.
The Power of Context-Enriched Metadata
The Fusion platform ingests and analyzes VPC and VNet cloud flow logs from your cloud platforms. It does this without the use of sensors, agents, taps, or port mirroring.
However, analyzing raw metadata can consume your teams’ precious time as they try to understand the significance of the tables of IP addresses, ports, and protocols.
To address the lack of context in the cloud flow logs, Fusion enriches the metadata with context already contained in applications and services in your existing tech stack. This context-enriched metadata provides high-fidelity, context-rich descriptions of the network activity. This eliminates the need for the time-consuming investigations your teams often need to perform to collect the essential context they need to understand the significance of any activity they observe.
Consolidate disparate traffic views into a single unified view
Netography Fusion eliminates the siloed views that each cloud provider delivers that prevent the quick understanding of all of your network activity, including anomalous and malicious activity.
With Fusion, your teams no longer have to:
- Deploy multiple proprietary tools for aggregating cloud flow logs, monitoring, detecting, and investigating network activity from each platform vendor.
- Deploy third-party tools that rely on outdated data collection techniques such as capture agents installed on each instance, virtual network taps, or traffic mirroring.
- Manually stitch together data from these disparate approaches to attempt to identify cross-platform activity.
With built-in governance dashboards and the ability to create custom dashboards to match any internal requirements, your security teams can streamline Zero Trust audits and quickly show proof of policy enforcement to auditors, regulators, or Board committees.
Take a self-guided tour today or contact us to learn more about Netography Fusion, and how we can help you simplify your Zero Trust journey.