What You Don’t Know You Don’t Know About Your Zero Trust Architecture

What You Don’t Know You Don’t Know About Your Zero Trust Architecture

By Patrick Bedwell 

“It was a dark and stormy night…” Wait, sorry, wrong story. This story is about Zero Trust, how it works great until it doesn’t, and what you don’t know you don’t know. 

If you’ve been around network and/or security operations for any length of time, chances are you have planned or implemented one or more Zero Trust Architecture (ZTA) projects. ZTA, for those who have been on an extended vacation to a salt mine, generally consists of the following components:

• Encryption
• Identity & Access Management (IAM)
• Microsegmentation
• Multi-factor Authentication (MFA)
• Real-time monitoring

Core technologies like IAM & MFA work great until they get subverted, compromised, or misconfigured.

For example, Cisco’s Talos research team found that MFA was involved in nearly half of all security incidents, with two primary underlying causes: 

1. Users accepting fraudulent MFA push notifications. 
2. Lack of proper MFA implementation. 

Yet, enterprises often don’t invest enough in ZTA monitoring technology to alert them when critical ZTA components are not enforcing policies. Instead, they rely on different tools in their stack (such as SIEMs) to detect ZT enforcement failure.

How to Know When Your ZTA Is Not Working

So, how do you know if your ZTA isn’t doing its job? It’s a trick question–you don’t.

After investing months or years to upgrade your network, monitoring network activity for policy enforcement is the only way to know if your ZTA is functioning as intended. ZTA implementation is costly and can take years, presenting many challenges that create opportunities for Zero Trust blind spots, including: 

• Complexity: Reconfiguring existing network architectures, adding microsegmentation, and redefining access policies (as well as investing in new security technologies).
• Retrofitting: Updating older systems to align with zero trust principles.
• Integration: Ensuring compatibility between existing security tools (such as firewalls, NDRs, and SIEMs) and new ZTA technologies. 
• Evolution: Adapting requirements as networks evolve due to changes in services, devices, applications, roles, locations, and cloud providers over the project’s life.

Without post-implementation monitoring, you won’t see the anomalous or malicious activity your ZTA should detect or prevent, such as trust zone violations, lateral movement from ransomware, or communication with C2 IP addresses. 

Overcome Your ZTA Blind Spots with Netography Fusion

The Netography Fusion^® platform addresses these challenges with real-time network activity monitoring. It gives you a holistic view of all communications into, between, or out of your multi-cloud or hybrid network, enabling you to detect anomalous or malicious activity as it happens. 

Fusion ingests VPC, VNet, and on-prem flow logs, as well as DNS logs, enriched with dozens of context attributes from applications and services in your tech stack. Because its frictionless architecture eliminates the burden of deploying sensors or agents, you can start monitoring any part of your network in minutes or hours, not days or weeks.

Fusion enables a range of ZTA monitoring activities, including:

• Map communication dependencies for application migration and microsegmentation project or soft segmentation planning.
• Monitor communications patterns to establish a baseline of normal behavior and use AI-powered analytics to adjust those baselines over time to reduce false positives.
• Create custom dashboards to validate policy enforcement by your CloudOps, NetOps, and SecOps teams.
• Automate response workflows with high-confidence, high-fidelity alerts that indicate anomalous or malicious activity as it occurs. 

The Value of Network Security and Observability

As a wise man once said, “observability is the lynchpin to success”. Monitoring your network for policy violations after ZTA implementation is critical for the overall success of your ZTA project.

Fusion delivers three primary benefits to any ZTA project:

1. Reduced implementation complexity. Before you tackle the heavy lifting of updating your network architecture and security controls, you must understand your existing data flows. The Fusion platform provides a holistic view of all network communications. It enables your cloud, network, security operations, and application teams to map behaviors and communication dependencies for critical workloads quickly. Armed with this knowledge, you can design, test, and implement new policies and configurations without the drama of broken applications.  
2.  Continuous validation that controls are working as designed. Zero Trust is not a “set and forget” project. If you’ve already implemented your Zero Trust architecture, you need to monitor it every time your applications, roles, network architecture, services, or security controls change. Netography provides continuous monitoring and governance capabilities, allowing you to ensure you’re still enforcing your trust boundaries and access controls.
3. Lower TCO. Netography is a 100% SaaS, cloud-native platform that provides network security and observability at scale, leveraging streaming telemetry data enriched with operational context. You gain actionable insights that enable your operations teams to align your legacy technologies and policies with your updated ZTA in a single platform and in real-time, without the cost and complexity of deploying sensors or agents.

When you use the Fusion platform for real-time network security and observability of network communications, you’ll accelerate and simplify your  Zero Trust implementation. You’ll be able to advance to a more secure environment that reduces risk exposure while keeping your business moving forward. 

Learn more about how Netography Fusion helps organizations enable their Zero Trust implementation. Want to see it for yourself? Start your free trial or contact us for a demo.