Zero Trust is a set of guidelines that help create a more secure network architecture and prevent breaches by eliminating any presumption of trust of users, devices or data regardless of their physical location or access history.
Zero Trust is dominating network security planning because IT-based security solutions, which assume everything behind a firewall is safe, have become unreliable. Not only have cybersecurity attacks become more sophisticated, the growth of both remote access users and the integration of Operational Technology (including IoT) with IT networks have expanded the attack surface beyond the capabilities of IT security solutions to protect.
IT security solutions, like VPNs and firewalls, trust what is operating inside the network. The challenge is that these systems cannot monitor the hundreds and thousands of different operating systems driving OT and IoT devices or safeguard the various points of entry. Once a hacker gains access to any of these networks, they can move freely and access data from other areas of the network, as well as deploy malware and ransomware.
In an effort to provide guidance for government and industry to combat this growing threat to enterprise networks, the National Institute of Standards and Technology (NIST) released its Zero Trust Architecture (SP 800 – 207) in 2020 to promote adoption of guidelines for stronger network security.
The core recommendations for network administrators and security professionals are to:
To achieve a higher level of Zero Trust protection, what Onclave calls Zero Trust +, organizations need to deploy network security that takes the NIST guidelines and apply them across the total network with:
In a typical, co-mingled network environment, you can see the multitude of systems and devices dependent on a single defensive perimeter for the network (see diagram below).
A Zero Trust state requires all entities or users to be treated as “unverified” and require authorization. Thus, Zero Trust amends the adage of “trust, but verify” to “never trust, and always verify first.”
With Onclave TrustedPlatform™ your organization has an effective, Zero Trust+ network that protects vulnerable endpoints, securing them using them in cryptographically separated enclaves that are neither visible to attackers nor exploitable.
TrustedPlatform uses layer 2 for communications, mandating two-part authentication and controlling the network using microsegmentation.
Zero Trust Microsegmentation applies zero trust security principles to micro segmentation, which is the process of creating zones within a data center or cloud environment to identify specific workloads. By combining the two into one solution for OT and IoT, Onclave’s TrustedPlatform™ gains total visibility into a network, and can then create secured point-to-point communications. This effectively eliminates the OT and IoT network attack surface and improves overall breach containment to:
Onclave’s TrustedPlatform™ and our Zero Trust + process align with the technologies and techniques recommended in the National Institute of Standards and Technology (NIST) Zero Trust Architecture (ZTA). This includes visibility and controlled communications between remote users, devices, applications, workloads, data centers, and public cloud environments.
At Onclave, we are pioneers in developing the network technology that defines the new NIST framework. Our network platform significantly reduces the attack surface area by placing network endpoints into secure enclaves. With our network, we eliminate the attack surface area for operational technology devices and systems.