The term “zero-trust” may sound gimmicky at first glance, but in reality, organizations are increasingly adopting this approach to shore up network security from multiple angles.
Forrester coined the term zero-trust in 2010 to describe the idea that nothing is inherently safe and that everything must be continuously verified. You may have heard the motto, “Trust nothing; verify everything.” This is a great way to think about zero-trust in Cybersecurity.
Forrester identifies tools that help to promote a zero-trust network culture, including:
- Access controls
- Multi-factor authentication
- Device identification and verification
- SIEM and other Cybersecurity platforms that continuously monitor network environments
In its Aug. 2020 special publication “Zero Trust Architecture,” NIST defines zero-trust as a term for an “evolving set of Cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources.” The agency further identifies zero-trust architecture as the framework for applying zero-trust principles to infrastructure and workflows. Zero-trust approaches, NIST says:
- Assume no implicit trust of assets or user accounts based solely on their physical or network location or their ownership status
- Use authentication and authorization before each connection to an enterprise resource is established
- Are responses to enterprise network trends that include remote users, bring your own device BYOD and cloud-based assets not located within enterprise-owned network boundaries
- Focuses on protecting resources, not network segments
Why is Zero-Trust Important?
Zero-trust improves enterprise security posture from a big picture standpoint. This approach gives SOCs visibility into who is accessing the network, when and from where, invaluable information when it comes to safeguarding enterprise assets, including data.
A zero-trust stance is especially compelling when it comes to enterprise cloud assets. With more workers connecting remotely and bad actors lying in wait for associated network vulnerabilities to open up, it can be a wise decision to keep a tight lid on trust. This includes thwarting cyber crimes like phishing and credential-based attacks, as well as employee behavior around access.
Zero-trust is being increasingly adopted by organizations. The 2019 Zero Trust Adoption Report (published by Cybersecurity Insiders) revealed that 78% of IT security teams are “looking to embrace zero-trust” — more than a third have made measurable progress toward this goal.
This same research found that 47% of enterprise IT security teams “lack confidence” in their ability to provide zero-trust with their current security technology. Additional findings include the top reasons enterprises say they are excited about adopting a zero trust model:
- The ability to limit excessive trust from employees and partners
- Applications are no longer exposed to unauthorized users or the Internet
- Access to private apps will no longer require network access
- Can achieve more effective means of application segmentation
How MixMode Enables Zero-trust
Zero-trust is at the heart of the MixMode solution through its use of Self-Learning, Unsupervised AI. The AI is driven by a zero-trust generative model that initially takes no historical knowledge to function and is unbiased from human alteration. MixMode should be a fixture of any zero-trust architecture and strictly adheres to the zero-trust model. MixMode’s platform inherently makes no assumptions about the data stream it analyzes out of the gate and everything must be verified as expected behavior.
SOC teams can point MixMode at any data stream they want (i.e. a corporate network or cloud environment) and it alerts on behavior deviation, supporting the zero-trust framework through observable and independent validation of the zero-trust model.
Simply put, MixMode AI sees everything and anything that is out of the ordinary is flagged. Nothing is trusted and everything must be verified.
The platform establishes a baseline of expected behavior in about 24 hours after installation. As network traffic flows in and out, MixMode applies third-wave, context-aware AI to identify anomalous behavior in real-time.
While other Cybersecurity platforms rely on data labeling approaches that can filter out problem behavior or send mountains of false positives to SOC teams, MixMode hones in on true potential threats wherever it is deployed.
Learn more about how MixMode can enhance your zero-trust security approach and set up a demo today.