Zero to hero: How zero trust security can save your network

Laurent Bouchoucha
12월 06, 2021

For companies and organisations, 零信任是确保IT硬件和连接设备安全的最佳选择, and employees are protected.

a man looking at the camera

Zero trust is not a new concept. However, 疫情和向更加数字化的社会转型凸显了以前没有出现在雷达上的问题,使零信任安全成为热门话题.

如今,联网的物联网(IoT)设备比以往任何时候都要多. These equipments are designed to provide a single service, and unfortunately, security is not the device’s priority. 缺乏内置安全性使得物联网设备容易受到攻击, as well, it creates a potential route into an organisation’s entire network.

随着企业开始数字化转型之旅,确保网络基础设施的安全至关重要. 网络分段,零信任安全的一个原则,使防止攻击成为可能. As soon as a compromise is reported, 可以减少攻击的可能性,并且可以限制网络上的横向移动, so as not to affect other connected systems.

Zero trust at-a-glance

In business computing and enterprise environments, 根据现有的信任程度,网络分段有两种方法. Traditionally, the boundary of trust has been physical and implicit, so the computer network was protected by a firewall. 用最简单的术语来说,这意味着——内部的东西受到外部的保护. 然而,随着威胁风险的增加,这种方法不得不演变.

In the zero trust world, trust is dynamic and adaptable and no longer assumed, even within the network. The guiding principle is ‘never trust – always verify’, 这意味着要像系统中已经存在攻击者一样行动. With this principle in mind, the first step is Network Access Control (NAC), the identification of objects, and authentication of connected users. Based on these factors, 宏分割是使用防火墙来过滤不同类别的对象和用户之间的流量. 例如,你可以隔离监控摄像头和建筑管理传感器. Then, based on identification, 在段内的第二级过滤使细化和实现微段成为可能. In this second step, 目的是防止监控摄像机在同一网段内相互通信.

Zero trust network in healthcare IT networks blog image 540x380

Why zero trust is so important now

Over the past 18 months cyberattacks have been on the rise, and the costs to businesses have been significant. 此外,黑客正在实施越来越复杂和恶意的攻击. 因为零信任要求在允许访问网络之前对每个设备和用户进行识别和认证, it is possible to contain, and even avoid attacks. 这是由于网络分段限制了访问范围,减少了攻击的传播.

通过宏观和微观分割的智能混合,零信任方法为每个用户和对象提供了一个受限的移动安全边界. Organisations manage network access controls, define authorisations (for example access by job role), and are able to secure and contain threats, 随着网络不断搜索不适当或可疑的行为.

New network functionalities enable zero trust, 是哪一个比例地提高了防御规模扩大和复杂的网络攻击的水平.

Five steps to your zero trust network

虽然从头开始构建一个零信任的安全网络非常容易(例如, new premises, new structure), however, most companies already have an existing network in place. 这些组织面临的挑战是协调方法以满足组织的需要, while securing it from attacks. Following are five steps to zero trust:

Zero-Trust journey in 5 steps

1. Monitor: Identify all equipment, peripherals, 连接的设备,并验证所有访问网络的人. An object inventory is created and populated automatically.

2. Validate: 控制所有连接的设备,并使那些不适合该活动的设备无效, as they increase the possibility of attack. 应用最小权限原则,授予执行任务所需的最小权限. If the network identifies non-compliant equipment, it will be necessary to implement a restoration or remediation plan.

3. Plan: Know all the users' equipment, 以及他们的工作流程和为将这些数据转换为安全策略而生成的流量,该策略智能地结合了宏观分段(输入/输出控制)和微观分段(细粒度安全规则).

4. Simulate: Apply in parallel identification, authentication, 在“故障打开”模式下的安全策略:所有设备都将被授权,网络行为将被记录和索引, 以便建立授权方案和适应的网络安全策略. 这一关键步骤将改进安全策略,同时确保正常活动不受影响.

5. Enforce: 在最后一步中,“失败打开”变为“失败关闭”:不再容忍身份验证失败, all unreferenced users or devices are refused, all illegitimate flows are stopped. 网络监控可以立即验证所有设备是否已被识别, 在进行安全检查时,对用户进行身份验证以在网络上获得授权,或者可能将其隔离.

In a nutshell

The zero trust approach makes it possible to identify traffic, automatically store objects in an inventory, create scheduled rules for the network, and share user and IoT profiles according to rules. 它还可以确定中心IDS或交换机的DoS攻击, 并可选择对受限和动态边界内的可疑流量实施隔离.

零信任提供了一种跨网络基础设施的身份验证策略和一致的安全策略, 根据用户和连接技术的需求实施. 宏观分割与微观分割的智能结合, with quarantine in the event of a breach of security rules, 确保您的网络基础设施的最高程度的安全性. In an increasingly volatile, uncertain, complex, and ambiguous world, 零信任方法是确保网络和业务资产安全的最佳选择.

Laurent Bouchoucha

Laurent Bouchoucha

VP Business Development, Network Division

在解决方案营销领域自豪地领导着一支专家团队, business program management, solutions architecture, pre-sales and business development. 推动和支持我们在校园和数据中心网络方面的积极发展战略.

저자에 대해

최신 블로그

woman during a presentation

Surprising impact of noise reduction on transcription accur…


A man looking at a laptop
비즈니스 연속성

Supply chain resilience and business adaptability



Education today: Why modernising campus networks is a must



Revitalise education with a modern campus network

A modern, campus-wide network upgrade aligns capabilities with academic, research and business priorities today and tomorrow. 

Tags - IoT, 보안
