Skip to main content

Live off the land: The fundamental rethink for Zero Trust SecOps

By Matt Wilson
Sr. Director Product Management

Interest in Zero Trust has been building for a few years, but the May 12, 2021, Executive Order elevated it to an imperative for federal government agencies and many private sector companies are prioritizing it as well. New research finds that 78% of enterprises plan to bolster Zero Trust security operations in 2022, yet implementation challenges often stand in the way—largely stemming from the fact that is not a technology, but a concept based on the premise that you are not going to trust any particular network. 

We no longer have anything resembling a DMZ or a trusted LAN. In today’s Atomized Network, the edge as we knew it doesn’t exist anymore. Applications and data are scattered across a complex and fluid environment consisting of multi-cloud, on-premise, and legacy infrastructure, being accessed by mobile and remote workers. As a security operator, you must assume that any piece of the network may be subject to being intercepted, or any host can get compromised. The culmination of these factors requires you take the approach that you can’t inherently trust any single device, connection, or account. So, there are a number of things you do to limit access and protect data, including:

  • Operate on the principle of least privilege and force authentication between everything – accounts, connections, and devices.  
  • Require two-factor or multi-factor authentication, instead of just a simple password. 
  • Use the highest level of encryption at all connections—not just Internet-facing hosts—to secure data at rest and in transport.

This is where practices like Zero Trust network access (ZTNA) come into play. ZTNA extends your level of security and authentication to all the cloud applications that are part your modern corporate environment. Instead of users logging in once to a specific network to get wherever they need to go, ZTNA requires extra validation every time access to any resource is requested. It also uses encryption to secure all connections, regardless of where they reside in the infrastructure. ZTNA is great for security in one aspect, providing greater control over movement and access as the Atomized Network continues to grow and applications and people are everywhere. But it is creating massive issues in another aspect of security because we are rapidly losing network visibility.  

As the network goes dark due to encryption and you have a highly distributed network with no defined perimeter and no central point where you can insert appliances for deep packet inspection of network traffic, you need a way to see what is going on so you can detect and protect against threats. Your traditional network detection and response (NDR) models aren’t going to work or, if they do, they are more expensive, complicated, and introduce additional concerns. Decrypting packets becomes incredibly expensive and hard to manage because you have to place appliances everywhere. Scalability issues arise because decryption consumes overhead and hampers performance. You also face compliance complications because decryption exposes data to risk. 

So, while you are rethinking access control with ZTNA, you need to rethink your technologies for network visibility and control across your Atomized Network.  

It turns out, you don’t have to see payload to view and monitor network traffic for detection and response. Netography’s “live off the land” methodology collects and stores metadata in the form of flow data that is already available for free across your network infrastructure. This fundamentally different model is all you need for complete network visibility and control, and it also eliminates network compliance issues, scale issues, and cost issues.

As the industry changes and moves to a Zero Trust architecture, all the technologies associated with this advancement in security need to change as well. Development and corporate IT have taken the first steps by adopting more robust permission-based technologies and encrypting all connections. Corporate security and infosec must adapt and change their technologies alongside. Using network metadata is a fundamental rethink of the way we do security operations to better protect ever-expanding enterprise networks as encryption blinds traditional tools. And it is how enterprises can address one of their highest security priorities this year and move to Zero Trust with confidence.