Zero Trust Framework

Zero Trust is a security framework based on the principle of 'never trust, always verify'. It advocates
for access management system with continuous authentication and authorization of every user,
device, network flow and connection regardless of their location or network connectivity based on
policies using context from as many data sources as possible, to allow only secure access and mitigate
the risk of any cyber-attack.

Traditional Castle & Moat Model

Traditional model sometime known as “Castle & Moat Model” was developed to safeguard only
against external threats based on the assumption that Networks are trusted environments.
Organisation System (Castle) were relied only on Network Perimeter (Moat) for defense.
Technologies used were Firewalls, Intrusion Detection Systems and Antivirus software.

Source: https://r.search.yahoo.com/_ylt=Awrx.Plp.Oll4g4ckpHGHAx.;_ylu=c2VjA2ZwLWF0dHJpYgRzbGsDcnVybA--
/RV=2/RE=1709861097/RO=11/RU=https%3a%2f%2fcyberhoot.com%2fcybrary%2fcastle-and-moat-

Threats of Castle & Moat model

➢ It is not appropriate for cloud-based and distributed environment where it is
impossible to accurately define the network boundary and secure effectively.
➢ Even On-Premise settings are susceptible to malicious insider threats and data
breaches by partners, vendors, or workers that have authorized access and can
misuse the information.
➢ Ineffective against advanced persistent threats (APTs) that can evade perimeter
defences and stay hidden.
➢ High rate of false positives or negatives due to lack real-time visibility and control
over network activity, which affects the accuracy and efficiency of the security
team.

Zero Trust Is “Must”

Evolving Threat Landscape:
• Cyberattacks are more sophisticated and frequent and continuously evolving,
targeting both internal and external assets.
• The Zero Trust approach checks every request, regardless of its origin or the
resource being requested, based on the assumption that dangers exist everywhere.
 Increasing Cybersecurity Incidents:
• Supply chain attacks, phishing, and ransomware take centre stage in news
reports.
• Zero Trust Model ensures a proactive strategy to prevent and mitigate
incidents.
• It aligns security policies with business intent and risk tolerance.
Balancing between Business Agility and Security:
• The prevalence of cloud services, hybrid workplaces, IoT-connected gadgets, and
dynamic, complicated surroundings.
• It ensures the continuity of business processes without compromising on
security and protects people, devices, apps, and data wherever they’re located.
Dynamic compliance landscape:
• Regulatory requirements (GDPR, HIPAA, PCI-DSS) demand strong security
measures.
• Zero Trust enhances compliance with a comprehensive strategy minimizing risk
of lateral movement by enforcing access controls and data protection.

Zero Trust Defense Areas

Identity Verify users and ensure accountability

Devices Secure endpoints and enforce policies
Networks Establish secure communication and segment traffic
Applications Validate application integrity and enforce access controls
Data Encrypt sensitive data and implement access controls

Identity
The foundation of Zero Trust is identity, which emphasizes confirming and authenticating
each user's identity prior to allowing access to resources. Its objectives are to reduce the
possibility of unauthorised access and guarantee personal accountability. Always explicitly
authenticate and authorize based on all available data points, including user identity,
location, device health, service or workload, data classification, and anomalies.
Implementation Strategies:
✓ Multi-Factor Authentication (MFA)
✓ Identity and Access Management (IAM) Solutions
✓ Continuous Authentication
Devices
The goal is to keep the network trustworthy by preventing compromise and maintaining the
security of endpoints and devices. To defend against threats originating from devices, it entails
constant monitoring and the enforcement of security regulations.
Implementation Strategies:
✓ Security Information and Event Management (SIEM)
✓ Endpoint Protection Platforms (EPP)
✓ Mobile Device Management (MDM)
✓ Device Hardening

Networks
Zero Trust security assumes that security risks are present both inside and outside the network.
Nothing inside the network is trusted by default. The networks defense area focuses on
establishing secure communication channels and implementing micro segmentation to limit
lateral movement and contain breaches within the network.
Implementation Strategies:
✓ Micro-Segmentation
✓ Next-Generation Firewalls (NGFW)

Applications
The applications area focuses on validating application integrity and enforcing
strict access controls using least privilege access with just-in-time and just-enough access
(JIT/JEA) to safeguard against attacks and ensure reliability
Implementation Strategies:
✓ Risk-Based Adaptive Policies for Access Controls
✓ Application Security Testing (AST)
✓ Application Firewalls
✓ Secure Development Lifecycle (SDL) Practices
✓ Container Security
Data
The data focuses on encrypting sensitive data both at rest & in transit to maintain
confidentiality and integrity, while implementing access controls and data classification to
minimize exposure to unauthorized users and potential breaches. Move from perimeter-based
data protection to data-driven protection. Use intelligence to classify and label data. Encrypt
and restrict access based on organizational policies.
Implementation Strategies:
✓ Data Encryption
✓ Data Loss Prevention (DLP)
✓ Data Classification
✓ Tokenization and Masking
Approach towards Zero Trust Framework
Zero Trust solution adheres to the NIST 800-207 standards. Rather than adopting a
separate access management solution, Zero Trust security is to be built into the network, not
just layered on top of it. Gartner, a global research and advisory firm, has termed this trend
"secure access service edge" (SASE).

Assessment:
Evaluate organization wide existing security measures, identify vulnerabilities, and assess the
organization’s readiness for Zero Trust adoption.
Define Attack Surface:
Catalogue which assets and resources will be subject to Zero Trust principles based on risk , ensuring
a focused approach.
Segmentation:
Segment not only Network but resources to minimize the blast radius of any successful attack by
defining granular resource boundaries and separating users according to roles and duties.
Adaptive Access Controls:
Define and enforce adaptive (based on context, including user identity, device, location, type of
content, and the application being requested) role based access controls along with principle of least
privilege and lifecycle management. user access privileges are continually reassessed as context
changes. Classify and manage data access according to risk.
Multi factor Authentication:
Implement multi-factor authentication and continuous authentication mechanisms to verify user
identities across all users and privilege accounts using SSO.
Keep devices & applications updated:
Vulnerabilities need to be patched as quickly as possible. Zero Trust networks should be able to
restrict access to vulnerable devices. It reduces the attack surface and risk of a data breach.
Real time Monitoring:
Deploy real-time monitoring tools to detect anomalies and respond promptly to threats. Use
analytics to get visibility, drive threat detection, and improve defenses. Rich intelligence and
analytics are utilized to detect and respond to anomalies in real time. Reduce security vulnerabilities
with expanded visibility across digital environment.
Automation and Orchestration:
Rapidly solve and iterate on security issues that occur as part of a zero trust practice with
orchestrated actions and common playbooks reducing cleanup time and cost.

Use Cases of Zero Trust Framework

Access control for cloud and multi-cloud: It can also help reduce the use of unauthorized cloud-
based services (a situation called Shadow IT) by controlling or blocking the use of unsanctioned apps.
Isolating IoT Devices: Zero Trust segments and monitors communication from Internet of Things
(IoT) devices, preventing lateral movement and potential threats.
Securing Remote Connections: Zero Trust verifies identities and enforces access controls to provide
remote users, no matter where they are, with secure access without sacrificing performance.
Limiting Access to Third-Party Contractors: Zero Trust restricts third-party access to specific
resources based on authentication and authorization, reducing the risk of unauthorized entry.
Replacing or Augmenting VPNs: Zero Trust offers a better defense against contemporary threats
and attacks than conventional VPNs.
Conclusion
Zero Trust Fundamentals: Adopting continuous verification and identifying the shortcomings of
perimeter-based security are essential steps in transitioning from existing models to Zero Trust.
“Never Trust, Always Verify”.
Strategic Adoption: Organizations must adopt Zero Trust strategically by realizing its significance,
defining the perimeter of defenses, and coordinating implementation with corporate goals.
Tools and Technologies: Using cutting-edge tools and technologies is crucial for implementing
Zero Trust successfully since it gives enterprises the ability to monitor activity, enforce access
controls, and safeguard critical data.
Balancing Act: Although Zero Trust provides notable improvements in security resilience,
companies still need to manage the implementation's challenges and weigh the advantages
against the time, money, and effort.