Zero trust network access has been growing in popularity as a way to improve security. But what is it, and how does it work?
In this post, we’ll explain zero trust network access, and show you how you can use it to improve your organization’s security.
How Does Zero Trust Network Access Work?
Zero Trust Network Access means that you should not trust anyone or anything unless you validate them first. In traditional network access control (NAC) systems, NAC appliances are placed at the network edge. It is responsible for authenticating network clients and enforcing policies (e.g., anti-malware scans, patch management).
But this traditional NAC infrastructure does not provide any protection for internal hosts. These hosts are behind the firewall and cannot be reached by NAC appliances. To protect internal hosts that are behind the firewall, Zero Trust Network Access is used.
This relies on centralized identity management systems for identity and access management (IAM). This is in combination with distributed enforcement points that perform strict host-based enforcement. That is through network access control (NAC) and host-based firewalling.
Dynamic Whitelisting Technology
These enforcement points can be placed anywhere in the network. So, they can selectively block access to hosts depending on their compliance with policies. The policies are set by centralized IAM systems.
In this way, access can be restricted only to compliant hosts, and the overall security posture of the organization is increased significantly. To enforce these policies, Zero Trust Network Access uses dynamic whitelisting technology. It allows only whitelisted applications and services to run on a device while blocking all unknown others.
This leads to a significant reduction in risk compared with traditional NAC solutions. This is where all unknown applications are blocked by default.
The Zero Trust model was developed by Forrester analyst enSilo’s CEO, Uri Farkas an ex-analyst at Gartner. He has published numerous research papers on cybersecurity for the past 20 years. His Zero Trust model is based on his experience in observing how actual organizations deal with security incidents.
His observation includes high-profile breaches like Target, Home Depot, and JP Morgan.
Zero Trust Security Model
Zero Trust Network Access is based on Zero Trust Security Model. The Zero Trust model says that only applications that are known and approved by administrators should run on the device. So, this is in contrast to the traditional network access control (NAC) model.
This is where unknown applications are blocked by default. Hence, this approach has several advantages. That is compared with traditional network access control (NAC). Among them:
The need for expensive and complex device-level appliances is eliminated, making the solution scalable and less costly to deploy. Risk assessment can be performed on-demand and in real-time. So, this is instead of relying solely on historical data that does not take into account the current context of the device.
Zero-day attacks can be mitigated because only known applications are allowed to run on the endpoint. In addition, Zero Trust Network Access introduces several new concepts that were not available in traditional NAC solutions. Also, Dynamic application whitelisting (DAppW) allows only whitelisted applications and services.
Moreover, this is to run on the endpoint while blocking all unknown others. So, this leads to a significant reduction in risk compared with traditional NAC solutions where all unknown applications are blocked by default.