The Zero Trust Approach
The zero trust security model was developed in 2010 by John Kindervag while he was a principal analyst at Forrester Research Inc. Since then, it has taken off and has become a primary security goal for companies worldwide.
The zero trust security model is based on the concept of “trust but verify”. Historically, security models have implicitly trusted any user or device inside of the network under the assumption that it has been validated as authorized and legitimate. Under a zero trust model, every access request is independently scrutinized and verified before granting access to corporate resources. This is true regardless of where the request originates, both inside and outside of the corporate network perimeter.
What are the Core Principles of Zero Trust?
By default, a zero trust security model treats every user, device, and application as a potential threat to the company. Only after evaluating the legitimacy of a request – based on role-based access controls (RBACs) and other contextual data such as the request origin, timestamp, and user behavioral analytics – is access granted or denied.
The Zero Trust Extended Security Model defines seven key principles or areas of focus when an organization is working to implement a zero trust security model.
Five of these principles are based on applying the “default deny” security posture to various corporate assets, including:
- Zero Trust Networks: Defending the traditional network perimeter is not enough for corporate cybersecurity or a zero trust security policy. A zero trust network is microsegmented, where perimeters are defined around each of the company’s valuable assets. At these boundaries, it is possible to perform security inspection and enforce access controls, which makes it easier to block lateral movement of threats through the network and to contain and isolate a potential breach.
- Zero Trust Workloads: Cloud-based workloads, including assets like containers, functions, and VMs, are attractive targets to cybercriminals and have unique security needs. Tailored, granular zero trust security monitoring and access management are essential for protecting these assets, especially in the public cloud.
- Zero Trust Data: Improved data security is one of the primary objectives of a zero trust security policy. Implementing zero trust requires identifying caches of sensitive or valuable data, mapping common data flows, and defining access requirements based on business needs. These policies must also be consistently defined and enforced across an organization’s entire IT ecosystem, including workstations, mobile devices, application and database servers, and cloud deployments.
- Zero Trust People: Compromised credentials are the leading cause of data breaches, so authentication based on usernames and passwords is no longer sufficient. Zero trust requires strong authentication using multi-factor authentication (MFA) and zero trust network access (ZTNA).
- Zero Trust Devices: A zero trust security strategy includes treating all devices connected to the corporate network as untrusted and a potential threat. Implementing zero trust security requires the ability to determine if a device is a threat and to isolate those that are compromised.
The other two key principles describe vital capabilities for a zero trust security strategy, including:
- Visibility and Analytics: A zero trust security policy is based on making informed access decisions, which requires deep visibility into the activities performed on corporate devices and networks. Effective zero trust security is based on analytics that constantly monitors, logs, correlates, and analyzes data collected from across the entire corporate IT ecosystem.
- Automation and Orchestration: A zero trust network provides the ability to detect unauthorized and potentially malicious activities within the corporate environment. The zero trust architecture must be integrated with the corporate security infrastructure and IT architecture to support rapid, automated, and scalable incident response, security auditing, threat hunting, and task delegation.
Absolute Zero Trust Security with Check Point
An effective zero trust security policy is one that is consistently enforced across an organization’s entire IT ecosystem. Otherwise, cyber threats can exploit enforcement gaps to gain unauthorized access to corporate resources.
Attempting to implement zero trust with an array of disparate and standalone security technologies is likely to create these dangerous security holes. Check Point Infinity offers a holistic and integrated approach to implementing zero trust based on a consolidated security infrastructure.
Check Point Infinity is the core of Check Point’s Absolute Zero Trust Security strategy. It enables an organization to implement all aspects of the core zero trust principles, centralize monitoring and management of its security architecture, and minimize cybersecurity risk with a prevention-focused approach to known and zero-day threats.
To learn how to implement a zero trust security policy, check out The Ultimate Guide to Zero Trust Security. Then, find out how to implement zero trust with Check Point Infinity in Absolute Zero Trust Security with Check Point Infinity Architecture.
Feedback