Secure the Enterprise: Building a Zero Trust Architecture

Zero trust principle

• remove implicit trust
• enforce risk-based least privilege 
• assume compromise

The above principle points should be considered during new solutions evaluations, change control and architecture review boards.

Zero trust domains

These are built on a foundation of governance on top of automation/orchestration on top of visibility/analytics. The pillar are then 1. identity 2. device 3. network/environment 4. application workloads 5. data

Zero Trust Maturity Model, what are the maturity levels organisations progress though when implementing Zero Trust. When assessing the current zero trust maturity in an organisation. Rank in terms of traditional, initial, advanced and optimal. Find the gap and then create a zero trust architecture.

The first important task of building a Zero Trust Architecture is to identify the protect surface. This concept focuses on determining the most critical assets, data, applications and services that need protection. By defining the protect surface, organisations can create a focused security strategy to safeguard what matters most.

A key method used to create a Zero Trust policy that answers the 'who, what, when, where, why, and how' definition is logging. By continuously monitoring and logging activity, organisations can gain insights into user behaviour, detect anomalies and respond to potential threats.

Zero Trust Architecture operates on the principle of "always verify." This means inspecting the perimeter (north-south traffic) and internal traffic (east-west) to ensure that no zone is completely trusted. In a Zero Trust configuration, all traffic is scrutinized to prevent potential threats from within and outside the network.

The WildFire Threat Intelligence Cloud, developed by Palo Alto Networks, plays a crucial role in a Zero Trust Architecture. WildFire is a cloud-based virtual sandbox used to evaluate unknown files and URL links found in emails. By analysing these potential threats, WildFire helps organizations stay ahead of emerging cyber threats and maintain a robust security posture. For more information, you can visit the WildFire page.

In summary, building a Zero Trust Architecture requires identifying the protect surface, implementing continuous logging and always verifying traffic. Utilizing tools like WildFire Threat Intelligence Cloud further strengthens the organization's ability to detect and mitigate threats, ensuring a secure enterprise environment.

Note: NIST 800-207 definition of Zero Trust. A collection of concepts designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in systems viewed as compromised.