

Zero Trust
Security Model
and
Implementation

This lesson describes the Zero

Trust security model design
principles, the principle of
least privilege, and steps to
configure and implement a
Zero Trust segmentation
platform.

Zero Trust Security Model

The Zero Trust security model

addresses some of the
limitations of perimeter-based
network security strategies by
removing the assumption of
trust from the equation.

With a Zero Trust model, essential

security capabilities are deployed in
a way that provides policy
enforcement and protection for all
users, devices, applications, and
data resources, as well as the
communications traffic between
them, regardless of location.

No Default Trust

With Zero Trust there is no default

trust for any entity – including
users, devices, applications, and
packets – regardless of what it is
and its location on or relative to the
enterprise network.

Monitor and Inspect

The need to "always verify"

requires ongoing monitoring and
inspection of associated
communication traffic for
subversive activities (such as
threats).

Compartmentalize

Zero Trust models establish trust

boundaries that effectively
compartmentalize the various
segments of the internal computing
environment. The general idea is to
move security functionality closer
to the pockets of resources that
require protection. In this way,
security can always be enforced
regardless of the point of origin of
associated communications traffic.

Benefits of the Zero Trust

Model

In a Zero Trust model, verification

that authorized entities are always
doing only what they’re allowed to
do is not optional: It's mandatory.
Click the tabs for more information
about the benefits of implementing
a Zero Trust network.

Improved Effectiveness

Greater Efficiency

Improved Ability

Lower Total Cost of Ownership

Lower total cost of ownership

with a consolidated and fully
integrated security operating
platform, rather than a disparate
array of siloed, purpose-built
security point products

Zero Trust Design

Principles

The principle of least privilege

in network security requires
that only the permission or
access rights necessary to
perform an authorized task are
granted.

Core Zero Trust Principles

Security profiles are defined based

on an initial security audit
performed according to Zero Trust
inspection policies. Discovery is
performed to determine which
privileges are essential for a device
or user to perform a specific
function.

Ensure that all

resources are
accessed securely,
regardless of
location. This
principle suggests
the need for
multiple trust
boundaries and
increased use of
secure access for
communication to
or from resources,
even when sessions
are confined to the
Ensure
“internal” network.
Resource
It also means
Access
ensuring that the
only devices
allowed access to
the network have
the correct status
and settings, have
an approved VPN
client and proper
passcodes, and are
not running
malware.

Adopt a least
privilege strategy
and strictly enforce
access control. The
goal is to minimize
allowed access to
resources to reduce
Enforce the pathways
Access available for
Control malware and
attackers to gain
unauthorized
access.

This principle
reiterates the need
to “always verify”
while also
reinforcing that
adequate protection
requires more than
just strict
enforcement of
access control.
Close and
continuous
Inspect
attention must also
and Log
be given to exactly
All Traffic
what “allowed”
applications are
actually doing, and
the only way to
accomplish these
goals is to inspect
the content for
threats.

Zero Trust Architecture

The Zero Trust model identifies

a protect surface made up of
the network’s most critical and
valuable data, assets,
applications, and services
(DAAS). Protect surfaces are
unique to each organization.
Because the protect surface
contains only what’s most
critical to an organization’s
operations, the protect surface
is orders of magnitude smaller
than the attack surface–and
always knowable.

Identify the Traffic

With an understanding of the

interdependencies among an
organization's DAAS, infrastructure,
services, and users, the security
team should put controls in place as
close to the protect surface as
possible, creating a micro-perimeter
around it. This micro-perimeter
moves with the protect surface,
wherever it goes.

Zero Trust Segmentation

Platform

The Zero Trust segmentation

platform (also called a network
segmentation gateway by Forrester
Research) is the component used
to define internal trust boundaries.
That is, the platform provides the
majority of the security
functionality needed to deliver on
the Zero Trust operational
objectives. Click the tabs for more
information about the abilities of
the segmentation platform.

 Secure

 Control

 Monitor

Conceptual Architecture

With the protect surface identified,

security teams can identify how
traffic moves across the
organization in relation to the
protect surface. Understanding who
the users are, which applications
they are using, and how they are
connecting is the only way to
determine and enforce policy that
ensures secure access to data. Click
the arrows for more information
about the main components of a
Zero Trust conceptual architecture.

Management Infrastructure

Centralized management
capabilities are crucial to enabling
efficient administration and ongoing
monitoring, particularly for
implementations involving multiple
distributed Zero Trust segmentation
platforms. A data acquisition
network also provides a convenient
way to supplement the native
monitoring and analysis capabilities
for a Zero Trust segmentation
platform. Session logs that have
been forwarded to a data
acquisition network can then be
processed by out-of-band analysis
tools and technologies intended, for
example, to enhance network
visibility, detect unknown threats,
or support compliance reporting.

 

Click the image to enlarge it.

Zero Trust Conceptual

Architecture

Zero Trust Conceptual

Architecture

Traditional security models identify

areas where breaches and exploits
may occur, the attack surface, and
you attempt to secure the entire
surface. Unfortunately, it is often
difficult to identify the entire attack
surface. Unauthorized applications,
devices, and misconfigured
infrastructure can expand that
attack surface without your
knowledge.

With the protect surface identified,

you can identify how traffic moves
across the organization in relation
to the protect surface.
Understanding who the users are,
which applications they are using,
and how they are connecting is the
only way to determine and enforce
policy that ensures secure access to
your data. With an understanding of
the interdependencies between the
DAAS, infrastructure, services, and
users, you should put controls in
place as close to the protect surface
as possible, creating a micro-
perimeter around it. This micro-
perimeter moves with the protect
surface, wherever it goes.

In the Zero Trust model, only

known and permitted traffic is
granted access to the protect
surface. A segmentation gateway,
typically a next-generation firewall,
controls this access. The
segmentation gateway provides
visibility into the traffic and users
attempting to access the protect
surface, enforces access control,
and provides additional layers of
inspection. Zero Trust policies
provide granular control of the
protect surface, making sure that
users have access to the data and
applications they need to perform
their tasks but nothing more. This is
known as least privilege access.

Zero Trust Least Privilege

Access Mode

Additionally, to implement a Zero

Trust least privilege access model in
the network, the firewall must.
Click the tabs for more information
about Zero Trust least privilege
access model.

Have Visibility of and

Control Over the
 Applications and their
Functionality in the Traffic

Be able to Allow Specific

 Applications and Block
Everything else

Dynamically Define Access

to Sensitive Applications
 and Data Based on a User’s
Group Membership

Dynamically Define Access

from Devices or Device
Groups to Sensitive
 Applications and Data and
From Users and User
Groups to Specific Devices

Be able to Validate a User’s

 Identity Through
Authentication

Dynamically Define the

Resources that are
 Associated with the
Sensitive Data or
Application

Control Data by File Type

 and Content

Zero Trust Segmentation

 Platform

 Trust Zones

Zero Trust Capabilities

The core of any Zero Trust

network security architecture is
the Zero Trust Segmentation
Platform, so you must choose
the correct solution. Key criteria
and capabilities to consider
when selecting a Zero Trust
Segmentation Platform include.

Criteria and Capabilities

Click the arrows for more

information about the key criteria
and capabilities to consider when
selecting a Zero Trust segmentation
platform.

Coverage for All Security

Domains

Virtual and hardware appliances

establish consistent and cost-
effective trust boundaries
throughout an organization’s
network, including in remote or
branch offices, for mobile users,
at the internet perimeter, in the
cloud, at ingress points
throughout the data center, and
for individual areas wherever
they might exist.

 

Zero Trust Implementation

Implementation of a Zero Trust

network security model doesn’t
require a major overhaul of an
organization’s network and
security infrastructure.

A Zero Trust design architecture

can be implemented with only
incremental modifications to the
existing network, and
implementation can be completely
transparent to users. Advantages of
such a flexible, non-disruptive
deployment approach include
minimizing the potential impact on
operations and being able to spread
the required investment and work
effort over time.

To get started,
security teams can
configure a Zero
Trust segmentation
platform in listen-
only mode to obtain
a detailed picture of
traffic flows
Configure
throughout the
Listen-
network, including
Only
where, when, and to
Mode
what extent specific
users are using
specific applications
and data resources.

With a detailed
understanding of the
network traffic
flows in the
environment, the
next step is to
define trust zones
and incrementally
establish trust
boundaries based
on relative risk or
sensitivity of the
data involved.
Security teams
Define should deploy
Zero devices in
Trust appropriate
Zones locations to
establish internal
trust boundaries for
defined trust zones.
Then, they should
configure
enforcement and
inspection policies
to effectively put
each trust boundary
“online.”

Next, security teams

can progressively
establish trust zones
and boundaries for
other segments of
the computing
environment based
on their relative
degree of risk.
Examples of where
secure trust zones
 can be established
include IT
management
systems and
networks, where a
successful breach
could lead to
compromise of the
entire network;
Establish
partner resources
Zero
and connections
Trust
(business to
Zones
business, or B2B);
high-profile,
customer-facing
resources and
connections
(business to
consumer, or B2C);
branch offices in
risky countries or
regions, followed by
all other branch
offices; guest
access networks
(both wireless and
wired); and campus
networks.

Zero Trust
principles and
concepts must be
implemented at
major access
points to the
internet. Security
teams will have to
replace or augment
legacy network
Implement security devices
at Major with a Zero Trust
Access segmentation
Points platform at this
deployment stage
to gain the
capabilities and
benefits of a Zero
Trust security
model.

 3 of 3