The Network Pillar: Leveraging Network Traffic Visibility to Accelerate Zero Trust
This discussion focuses on leveraging network traffic visibility to help organizations reach the strategic goals and tasks associated with the Network/Environment Pillar described in the draft Zero Trust Maturity Model developed by CISA and set forth in OMB Memorandum 22-09, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles (2022). As articulated by NIST in Special Publication 800-207 Zero Trust Architecture, using information about the "current state of assets network infrastructure and communications" to improve an enterprise's security posture is a fundamental tenet of zero trust and the ability to observe "all network traffic" is a requirement.
See Also: Cybersecurity Struggles: The Midmarket's Complex Battle
By deploying network traffic visibility, an enterprise will be able to:
1. Map critical data flows during the segmentation process, to avoid inadvertent business and operational disruption;
2. Maintain visibility into data in motion within and between segments, to maintain lateral movement by adversaries.
The analysis of data about network traffic can help detect anomalies in traffic that cannot or should not be decrypted, validate the integrity of logs generated by network components and monitor/secure network components that do not support EDR solutions.