使用零信任架构保护您的业务资产

A guide to designing security solutions using Zero Truststrategies and architectures The current landscape Organizations looking to keep up with shifting business requirements and customer demands mustrepeatedly adjust their IT strategies and infrastructure. And with the addition of widespread AIadoption across the tech landscape, there’s the added concern around AI-powered attacks, creatinga challenge for many organizations to secure increasingly complex IT environments against anexpanding threat landscape. In fact, most organizations are already acting on the perception that AIwill enable cyberattackers to do more harm, more easily. According to our 2024 Insight-commissionedFoundry survey, 89% of respondents say their organization is in the process of updating cybersecuritystrategies in direct response to perceived increase in risk.1 One way to improve threat detection and response is by implementing Zero Trust architecture. Usingautomation, visibility, analytics and governance, Zero Trust architecture considers people, processesand technologies in order to improve an organizationv’s security posture across users, devices, data,network, workloads and applications. Zero Trust architecture explained Zero Trust is a security strategy based on the principle “never trust, always verify.” Using a Zero Trustarchitecture, organizations can protect their assets for the long run and strength overall cybersecurity Zero Trust strategy has three key tenets: Assume breachto develop solutions that minimize the spread of a threat.Trust is not implicit: Build solutions thatnever trust and always verifyin order to reduce risk.Use least privilege accessso users only have access to what they need to do their jobs. The three tenets of Zero Trust are applied across five pillars in order to reduce risk and minimize thespread of an attack. The five pillars that make up a Zero Trust architecture are: These pillars use solutions such as multi-factor authentication, network segmentation and dataclassification. When an organization implements more mature solutions, such as just-in-time accessand analytics, its Zero Trust maturity level improves. Zero Trust architecture explained (continued) Zero Trusttenets Identify | Authenticate | Authorize | Inventory | Isolate| Secure Control & remediate all devices Segment | Isolate | Control network environment| Implement granular access & policy restrictions Application segmentation | API security | DevSecOps |Run-time application security | CASB | CWPP | CSPM Classify | Discover | Categorize | Encrypt data |Implement DRM & DLP Visibility & analytics | Governance | Automation & orchestration Each pillar also includes security operations and governance capabilities. These capabilities includevisibility and analytics, automation and orchestration, and governance against defined policies andstandards. These important features detect anomalous behavior, automate security processes andresponses to incidents, and provide threat visibility. Zero Trust maturity levels Key benefits of Zero Trust Zero Trust architecture has four maturity levels, according tothe Cybersecurity & Infrastructure Security Agency (CISA).2Thematurity levels can be identified across the five pillars of a Zero Trustarchitecture depending on the capabilities enabled. As a Zero Trustarchitecture’s solutions across people, processes and technologiesbecome more advanced and automated, its maturity level increases. Reduce security threatexposure. Continuous verification ofusers and devices on yournetwork helps detect andprevent malicious activitiesin near real time. Using leastprivilege concepts helpsmitigate insider threatssuch as attackers posing asinternal users. Maturity levels: Optimal The implemented security technologies and processes are usingcontinuous and automated features to manage and detect requestsand potential threats across the five pillars. This is the highest level ofmaturity and something to strive for; however, many organizationsmay never attain an optimal maturity level as it can take many years. Minimize lateral movementof attacks. Capabilities such as micro-and macro-segmentationand strong access controlslimit the attack surface andhelp prevent an attacker fromaccessing and exfiltratingsensitive data. Advanced Most processes, controls and configurations are automated toalign with policies. Plus, more advanced capabilities are enabled,such as least privilege access and network segmentation. At thislevel, advanced solutions are enabled consistently across allenvironments and are being used for threat or out-of-policy visibilityand analytics. Improve threat visibilityand response. Initial Policies are clearly established and better governed. Althoughgovernance may be manual, some processes at this stage arebecoming automated. Some enhanced security solutions areenabled, such as multi-factor authentication. By continuously analyzinguser and network data,anomalous traffic patternsc