What is Zero Trust +?

Applying the NIST Zero Trust Architecture across your network to provide greater security.

Zero Trust is a set of guidelines that help create a more secure network architecture and prevent breaches by eliminating any presumption of trust of users, devices or data regardless of their physical location or access history.

Zero Trust is dominating network security planning because IT-based security solutions, which assume everything behind a firewall is safe, have become unreliable. Not only have cybersecurity attacks become more sophisticated, the growth of both remote access users and the integration of Operational Technology (including IoT) with IT networks have expanded the attack surface beyond the capabilities of IT security solutions to protect.

IT security solutions, like VPNs and firewalls, trust what is operating inside the network. The challenge is that these systems cannot monitor the hundreds and thousands of different operating systems driving OT and IoT devices or safeguard the various points of entry. Once a hacker gains access to any of these networks, they can move freely and access data from other areas of the network, as well as deploy malware and ransomware.

National Institute of Standards and Technology (NIST) Zero Trust Architecture

In an effort to provide guidance for government and industry to combat this growing threat to enterprise networks, the National Institute of Standards and Technology (NIST) released its Zero Trust Architecture (SP 800 – 207) in 2020 to promote adoption of guidelines for stronger network security.

The core recommendations for network administrators and security professionals are to:

  • Focus on protecting individual or small groups of resources, and
  • Not provide any level of trust to a device, system or user based on its physical or network location or whether or not it was previously given access to any part of a network.

Introducing Zero Trust +

To achieve a higher level of Zero Trust protection, what Onclave calls Zero Trust +, organizations need to deploy network security that takes the NIST guidelines and apply them across the total network with:

  • Identification of all endpoints for Operational Technology not recognized by IT security
  • Continuous monitoring of all network devices and endpoints
  • Detection, isolation, and containment of users and data that lack authorization

In a typical, co-mingled network environment, you can see the multitude of systems and devices dependent on a single defensive perimeter for the network (see diagram below).

Co-mingled Network Environment - IT and OT systems and devices

A Zero Trust state requires all entities or users to be treated as “unverified” and require authorization. Thus, Zero Trust amends the adage of “trust, but verify” to “never trust, and always verify first.”

With Onclave TrustedPlatform™ your organization has an effective, Zero Trust+ network that protects vulnerable endpoints, securing them using them in cryptographically separated enclaves that are neither visible to attackers nor exploitable.

Cryptographically Separated Enclaves - Not Visible or Exploitable - Onclave Networks

Zero Trust Microsegmentation across your network

TrustedPlatform uses layer 2 for communications, mandating two-part authentication and controlling the network using microsegmentation.

Zero Trust Microsegmentation applies zero trust security principles to micro segmentation, which is the process of creating zones within a data center or cloud environment to identify specific workloads. By combining the two into one solution for OT and IoT, Onclave’s TrustedPlatform™ gains total visibility into a network, and can then create secured point-to-point communications. This effectively eliminates the OT and IoT network attack surface and improves overall breach containment to:

  • Increase your general infrastructure security
  • Simplify your management, and
  • Lower your overhead and cost (long & short term)

Onclave’s TrustedPlatform™ and our Zero Trust + process align with the technologies and techniques recommended in the National Institute of Standards and Technology (NIST) Zero Trust Architecture (ZTA). This includes visibility and controlled communications between remote users, devices, applications, workloads, data centers, and public cloud environments.

At Onclave, we are pioneers in developing the network technology that defines the new NIST framework. Our network platform significantly reduces the attack surface area by placing network endpoints into secure enclaves. With our network, we eliminate the attack surface area for operational technology devices and systems.

Learn how Onclave delivers Zero Trust+,
Click below to download our white paper.