Zero Trust Microsegmentation applies zero trust security principles to microsegmentation, which is the process of creating zones within a data center or cloud environment to secure critical workloads.
By combining the two into one solution for OT and IoT, Onclave’s TrustedPlatform™ is a dynamically managed private network that creates secured point-to-point communications with L2 over L3 encryption. This effectively eliminates the OT and IoT network attack surface and improves overall breach containment to:
Increase your general infrastructure security
Simplify your management, and
Lower your overhead and cost (long & short term)
Why Zero Trust?
Zero Trust is a set of guidelines that help create a more secure network architecture and prevent breaches by eliminating any presumption of trust of users, devices or data regardless of their physical location or access history.
Zero Trust is dominating network security planning in government and business, because IT-based security solutions, which assume everything behind a firewall is safe, have become unreliable.
Not only have cybersecurity attacks become more sophisticated, but the growth of both remote access users and the integration of Operational Technology (including IoT) with IT networks have also expanded the attack surface beyond the capabilities of IT security solutions to protect.
“Digital transformation and adoption of mobile, cloud and edge deployment models fundamentally change network traffic patterns, rendering existing network and security models obsolete.”
– Gartner, Market Trends: How to Win as WAN Edge and Security Converge Into the Secure Access Edge, 2019
IT security solutions, like VPNs and firewalls, trust what is operating inside the network. The challenge is that these systems cannot monitor the hundreds and thousands of different operating systems driving OT and IoT devices or safeguard the various points of entry.
Once a hacker gains access to any of these networks, they can move freely and access data from other areas of the network and deploy malware and ransomware.
Bringing Trust to Communications
Onclave’s TrustedPlatform™ and our Zero Trust process align with the technologies and techniques recommended in the National Institute of Standards and Technology (NIST) Zero Trust Architecture (SP 800 – 207) (ZTA). This includes visibility and controlled communications between remote users, devices, applications, workloads, data centers, and public cloud environments.
To achieve Zero Trust protection, organizations need to deploy network security that enables you to:
Identify all endpoints for Operational Technology not recognized by IT security
Continuously monitor all network devices and endpoints
Detect, isolate, and contain users and data that lack authorization
In a typical, co-mingled network environment, you can see many systems and devices dependent on a single defensive perimeter for the network (see diagram below). This is how many networks are structured, but they are not secure from today’s cyberattacks.
To reduce a network’s attack surface, Onclave Networks uses secured point-to-point communications aggregated into networks with their own root of trust.