Why Zero Trust Isn’t So Trustworthy
By Benny Lakunishok, CEO and co-founder of Zero Networks
Everyone agrees a zero trust networkmodel is the optimal way to protect your network. But can you really reach that goal of having every single network connection in your organization to go through that zero trust network model? If so at what cost and effort?
While we all want to lock down the network and implement zero trust, to date, it has been impractical to accomplish. Current implementations have forced you to make tradeoffs between airtight security, affordability and scalability. You can have one, maybe two, but not all three.
For example, you can restrict access for each and every user and machine to achieve airtight security, but this requires either committing significant time and resources to deploy, manage and maintain, which is not affordable, or reducing the scope of that enforcement, by focusing on implementing zero trust for only specific, critical sections of the network or resources.
If you want to minimize the amount of time and effort you have to spend to keep complicated router ACLs, firewall rules or other network access controls up to date for your entire network, you have to be okay with less granular, more lenient security. Either way, you have to give up something, which means you are not getting a zero trust model at scale that you can really trust.
Requirements for a Sustainable Zero Trust Networking Model
What’s needed is a way to automate the deployment, management and maintenance of network access policies, so there is no need for constant IT intervention. Consider an organization with 10 sites, 25,000 clients and 2,000 servers. If they want to achieve a zero trust stance they need to restrict access for each and every one of these clients and servers. The process of manually creating network access policies, tailor-made for the needs of each and every user and device, simply doesn’t scale – the process needs to be automated. What’s required is an easy, automated self-service way for every user and machine in your network to get only the access they need, nothing more.
Enter Zero Networks – Enabling Airtight, Affordable Zero Trust at Scale
We built the Zero Networks Access Orchestrator to deliver the speed and ease of use you require to make an airtight zero trust stance achievable at scale. Our goal is to ensure all users and machines within the network are only allowed to access the resources they require to do their job, with the click of a button.
How do we do it? The Zero Networks Access Orchestrator integrates with your existing IT, networking and cybersecurity infrastructure to observe and create an accurate map of all the communications within your network. After enough data has been gathered, the Access Orchestrator uses a patent-pending method to automatically create user- and machine- level perimeter policies that use your existing infrastructure to confine access to only what they need. There are no agents for IT to deploy or manage, no policies to continuously update.
When a user needs access to new resources or assets they will only need on rare occasions, they can get it, using a standard two-factor authentication process that confirms their request is legitimate. The Zero Networks Access Orchestrator will then automatically incorporate the additional access requirement into the policies for that user or machine to ensure they can securely go about their business.
In addition, the Zero Networks Access Orchestrator makes sure that if a user or machine stops using a given resource their permission to access that resource will be revoked after a configurable amount of time. There is no need for IT intervention. Zero Networks does it all for you.
Prior to deployment, Zero Networks presents live simulations that give you an accurate readout of the effect the new zero trust network model will have on each user and machine in your network. This ensures you know exactly what will be implemented, so there are no disruptions.
Malicious entities, on the other hand, will be prevented from moving freely inside the network. Zero Networks shuts down many of the internal attack vectors that plague organizations, such as network discovery, lateral movement, remote execution, commodity malware propagation, and ransomware propagation. Even if an attacker obtains credentials from the most privileged accounts, such as those of an administrator, they will be contained to only a limited set of resources.
As a result, you finally have a way to quickly and efficiently establish and maintain an airtight zero trust network model at scale. For more information or a demo, please visit www.zeronetworks.com.
About the Author
Benny Lakunishok is the co-founder and CEO of Zero Networks, which is making an airtight zero trust model at scale a reality for enterprise networks. Lakunishok has been in cybersecurity for more than a decade. He was part of the leadership team of Aorato, which was a hybrid cloud security company, acquired by Microsoft. He went on to lead the product team in Microsoft responsible for the Aorato technology, as well as the team that integrated Microsoft’s acquisition of Hexadite into the portfolio. Prior to Aorato, he was a senior premier field engineer for Microsoft and in the security team of an elite intelligence unit within the Israeli Defense Forces. He holds a BS in computer science from the College of Management Academic Studies in Israel.