The Fast Mode spoke to Adrian Belcher, Solutions Architect at Gigamon on the impact of traffic visibility on ZTNA networks. Adrian joins us in a series of discussions with leading cybersecurity and networking vendors, assessing the evolution of ZTNA technologies, the roadmap for ZTNA deployments, the benefits of ZTNA for enterprise and telco networks, and the need for real-time traffic visibility technologies such as DPI for ZTNA.
Ariana: Why is cloud a key component of ZTNA?
Adrian: As organisations modernise, scale their operations globally and adopt more hybrid working practices, cloud has become central to business operations, innovation, and growth. Unfortunately, this has significantly widened the attack surface leading to an increase in breaches as employees access company assets from personal devices and on unsecure networks. Within hybrid network architecture, the rise in complexity caused by transformation initiatives obscures visibility and leaves critical gaps. Local network tools have limited observability into cloud traffic, and cloud-based tools have limited observability in lateral traffic, therefore leaving the door wide open for unseen threats to permeate.
A Zero Trust Network Architecture builds security into these more fluid cloud environments by focusing on identity-centric security rather than network-centric security. It allows security teams to control access across all devices no matter their location and to control risk across complex infrastructure, monitoring both North-South and East-West traffic. By setting up access controls at all entry points as well as within the network itself, teams can get a good understanding of the network environment and continuously monitor who is moving within it. Without configuring ZTNA controls to meet the needs of a hybrid cloud environment and address cloud visibility challenges, no organisation can claim it has achieved zero trust.
Ariana: How important is traffic visibility for ZTNA vendors?
Adrian: Traffic visibility is at the core of a Zero Trust Model and allows security teams to fully implement the principles of ZTNA into their systems. It is impossible to intercept and authenticate traffic without oversight into what and who is moving where, whether at entry points or internally. Traffic visibility is also a critical component in most ZTNA security standards and frameworks such as NIST, ISO, PCI DSS and CIS Controls.
Network visibility has four main benefits that directly contribute to the success of a ZTNA:
- Understanding the network and user behaviour: a Zero Trust model relies on network visibility to help determine the best approach to protecting assets. It provides security teams with comprehensive insight into all activity that is happening on their servers. This allows them to monitor for any suspicious behaviour, gain real-time insights into user access patterns, detect anomalies, and quickly identify potential bad actors or malware that is trying to gain access to their systems. Teams can see all authentication attempts and resource usage, regardless of the location or device, and take immediate action to prevent or mitigate potential threats.
- Enforcing access control: ZTNA relies on strict access controls and segmentation, limiting users’ access to only the specific resources required for their roles. It eliminates the assumption of trust and ensures that every user, device, and network resource is continuously authenticated and authorized before granting access. It is traffic visibility which allows organizations to monitor and enforce access controls effectively. By understanding the network traffic and user interactions, organizations can verify that access permissions are aligned with the Zero Trust principles, such as the principle of least privilege, and adjust as needed.
- East-West (lateral) traffic visibility: monitoring lateral movement within a network is key to Zero Trust. Typically, once a bad actor enters a network, their lateral movement within the network can often go unnoticed. With visibility into East-West traffic, which refers to the communication between devices and resources within the network, organisations can better detect and monitor the movement of data and users. With a Zero Trust Model, the need for authentication at every access point allows for clear lateral movement monitoring, making it harder for attackers to move freely within a network.
- Meeting compliance requirements: many industries have specific compliance requirements that organisations must adhere to as part of ZTNA, such as PCI DSS for payment card processing. Network visibility helps organisations to demonstrate compliance by providing visibility into network activities, access controls, and user behaviour, and assists in monitoring and auditing network activities to ensure compliance with regulatory standards.
Adrian Belcher is a Solutions Architect at Gigamon. Adrian has over two decades of experience in technical roles across network security and optimisation, working across Service Provider, Enterprise and Government environments.
This interview is a part of The Fast Mode's Next-Gen DPI Traffic Visibility for ZTNA segment, featuring over 40 leading cybersecurity and networking solution providers and their views on the importance of traffic visibility for ZTNA. A research report on this topic will be published in January 2024 - for more information, visit here.
