Two Essential Technologies for Zero Trust Deployment
Two Essential Technologies for Zero Trust Deployment
Per our earlier blog on this topic, Zero Trust is a new cybersecurity strategy for hardening your cyber defense to meet (and defeat) the recent waves of advanced cyberattacks. Zero Trust is compatible with your existing perimeter defense strategy and enables you to bring in additional technology layers to complement and support your existing cybersecurity ecosystem.
Many technologies go hand-in-hand as part of a Zero Trust strategy, including moving target cyber defense (MTD), micro-segmentation, second generation firewalls, and two-factor authentication. These technologies, brought into an integrated Zero Trust deployment, will significantly harden your internal networks and enable you to effectively shut down the classic Cyber Kill Chain®.
Micro-segmentation has seen very strong backing from analysts such as Forrester, Gartner, the 451 Group, and the Enterprise Strategy Group (ESG). The National Institute of Standards and Technology (NIST), part of the Department of Commerce, has recommended the use of micro-segmentation across a broad front for use in a wide variety of industries.
Micro-segmentation restricts the attacker’s ability to move from one compromised device or application to others within your network. In other words, just because you are inside our network doesn’t mean you can view and enumerate our network, access resources, or move without restriction. Lateral movement is highly restricted to a very narrowly defined set of resources. The goal of Zero Trust is to reduce the network attack surface to the smallest footprint possible. If you cannot see it, and you cannot find it, then you cannot exploit it.
Micro-segmentation enables you to set very specific security settings to different types of user traffic. By policy, users only have visibility to the servers and other devices necessary to support their authorized tasks. You explicitly define the policies that limit network and application program flows to only those that are explicitly permitted. Micro-segmentation is implemented with software, which makes it easier to define fine-grained segments and reduce the amount of associated administration required.
Cryptonite’s approach to micro-segmentation has raised the bar substantially. Why? Because we have designed it to work closely with a new and very powerful Zero Trust technology, moving target cyber defense (MTD). MTD contains cyberattackers at the very beginning of the attack by shutting down their ability to perform reconnaissance. There is no visibility into TCP/IP addresses across the network. Without visibility into the network, it is impossible for cyberattackers to map the network, identify targets, access unpatched vulnerabilities, and proceed with an attack. Cyberattacker tools are rendered inoperable as they cannot find, see or access network resources. Essentially shut down, they have no way to escape from their first point of compromise, typically an infected endpoint.
MTD shuts down reconnaissance by transforming the endpoint’s view of the network into a dynamic one. MTD creates a mapping from the obfuscated network to the real network to enable the flow of traffic across the traditional network infrastructure. Normal legitimate traffic is unaffected by MTD, but an attacker cannot collect actionable information about the network or masquerade as another legitimate endpoint. All of this is done without sacrificing performance or transparency to legitimate users on the network. MTD also protects against attackers or insiders that have been resident in your network prior to installation; network mapping of TCP/IP addresses done by attackers prior to the installation of MTD is not actionable.
Some of the solutions out in the market today require that your network use 100% of their special proprietary mix of switches and routers specifically designed to run micro-segmentation. It is important to note that Cryptonite’s micro-segmentation can also support all of your existing routers, switches, and network infrastructure and anything new you acquire later. And all of this will support MTD so you can lock down your network into a true Zero Trust configuration.
Network micro-segmentation and MTD can easily be deployed within any industry. In the finance and retail industry point of sale (POS) terminals are continually targeted to steal credit card account information. CryptoniteNXT can also shut these attackers down. The same opportunity to use MTD also exists in manufacturing and process control.
In the healthcare industry, there are many problems protecting medical devices. Truth be known, due to the fact that the security operations team has virtually no visibility into medical devices, they are almost impossible to diagnose or protect with just a perimeter defense strategy. For these reasons medical devices have become a primary target for sophisticated attackers that seek to compromise healthcare networks. Network micro-segmentation and MTD work well to secure and protect medical devices by effectively isolating them and stopping any attacker malware that seeks to establish a “backdoor” in these devices.
Finally, micro-segmentation and MTD do an excellent job in bring Zero Trust to banking. CryptoniteNXT can protect all workstations and servers, even those with missing updates and patches, and easily fends off attacks started with endpoint targeted phishing, malware, trojans, RATS and more. CryptoniteNXT also locks down automated teller machine networks (ATMs) and your SWIFT servers to protect them from the newest and most sophisticated cyberattacks.
In summary, the combination of Zero Trust technologies like MTD and micro-segmentation can benefit both industry and government. If your team has committed to learn more about or to acquire micro-segmentation technology, we believe that our CryptoniteNXT platform presents a very competitive, highly differentiated, and compelling offering. Let us know how we can help.
Per our earlier blog on this topic, Zero Trust is a new cybersecurity strategy for hardening your cyber defense to meet (and defeat) the recent waves of advanced cyberattacks. Zero Trust is compatible with your existing perimeter defense strategy and enables you to bring in additional technology layers to complement and support your existing cybersecurity ecosystem.
Many technologies go hand-in-hand as part of a Zero Trust strategy, including moving target cyber defense (MTD), micro-segmentation, second generation firewalls, and two-factor authentication. These technologies, brought into an integrated Zero Trust deployment, will significantly harden your internal networks and enable you to effectively shut down the classic Cyber Kill Chain®.
Micro-segmentation has seen very strong backing from analysts such as Forrester, Gartner, the 451 Group, and the Enterprise Strategy Group (ESG). The National Institute of Standards and Technology (NIST), part of the Department of Commerce, has recommended the use of micro-segmentation across a broad front for use in a wide variety of industries.
Micro-segmentation restricts the attacker’s ability to move from one compromised device or application to others within your network. In other words, just because you are inside our network doesn’t mean you can view and enumerate our network, access resources, or move without restriction. Lateral movement is highly restricted to a very narrowly defined set of resources. The goal of Zero Trust is to reduce the network attack surface to the smallest footprint possible. If you cannot see it, and you cannot find it, then you cannot exploit it.
Micro-segmentation enables you to set very specific security settings to different types of user traffic. By policy, users only have visibility to the servers and other devices necessary to support their authorized tasks. You explicitly define the policies that limit network and application program flows to only those that are explicitly permitted. Micro-segmentation is implemented with software, which makes it easier to define fine-grained segments and reduce the amount of associated administration required.
Cryptonite’s approach to micro-segmentation has raised the bar substantially. Why? Because we have designed it to work closely with a new and very powerful Zero Trust technology, moving target cyber defense (MTD). MTD contains cyberattackers at the very beginning of the attack by shutting down their ability to perform reconnaissance. There is no visibility into TCP/IP addresses across the network. Without visibility into the network, it is impossible for cyberattackers to map the network, identify targets, access unpatched vulnerabilities, and proceed with an attack. Cyberattacker tools are rendered inoperable as they cannot find, see or access network resources. Essentially shut down, they have no way to escape from their first point of compromise, typically an infected endpoint.
MTD shuts down reconnaissance by transforming the endpoint’s view of the network into a dynamic one. MTD creates a mapping from the obfuscated network to the real network to enable the flow of traffic across the traditional network infrastructure. Normal legitimate traffic is unaffected by MTD, but an attacker cannot collect actionable information about the network or masquerade as another legitimate endpoint. All of this is done without sacrificing performance or transparency to legitimate users on the network. MTD also protects against attackers or insiders that have been resident in your network prior to installation; network mapping of TCP/IP addresses done by attackers prior to the installation of MTD is not actionable.
Some of the solutions out in the market today require that your network use 100% of their special proprietary mix of switches and routers specifically designed to run micro-segmentation. It is important to note that Cryptonite’s micro-segmentation can also support all of your existing routers, switches, and network infrastructure and anything new you acquire later. And all of this will support MTD so you can lock down your network into a true Zero Trust configuration.
Network micro-segmentation and MTD can easily be deployed within any industry. In the finance and retail industry point of sale (POS) terminals are continually targeted to steal credit card account information. CryptoniteNXT can also shut these attackers down. The same opportunity to use MTD also exists in manufacturing and process control.
In the healthcare industry, there are many problems protecting medical devices. Truth be known, due to the fact that the security operations team has virtually no visibility into medical devices, they are almost impossible to diagnose or protect with just a perimeter defense strategy. For these reasons medical devices have become a primary target for sophisticated attackers that seek to compromise healthcare networks. Network micro-segmentation and MTD work well to secure and protect medical devices by effectively isolating them and stopping any attacker malware that seeks to establish a “backdoor” in these devices.
Finally, micro-segmentation and MTD do an excellent job in bring Zero Trust to banking. CryptoniteNXT can protect all workstations and servers, even those with missing updates and patches, and easily fends off attacks started with endpoint targeted phishing, malware, trojans, RATS and more. CryptoniteNXT also locks down automated teller machine networks (ATMs) and your SWIFT servers to protect them from the newest and most sophisticated cyberattacks.
In summary, the combination of Zero Trust technologies like MTD and micro-segmentation can benefit both industry and government. If your team has committed to learn more about or to acquire micro-segmentation technology, we believe that our CryptoniteNXT platform presents a very competitive, highly differentiated, and compelling offering. Let us know how we can help.