The changing face of Cyber Security
AI/ML-based security solutions
Artificial Intelligence (AI) and Machine Learning (ML) are increasing. Vendors are integrating AI/ML in the offerings for threat and anomaly detection. AI-based systems help faster detect threats, fraud, malicious bots, asset discovery, detect-response, and anomalies and are also used to recognize complex patterns.
Organizations are overwhelmed by cybersecurity threats, and AI plays a vital role in helping identify the threats faster and improving overall efficiencies.
Popular ML algorithms such as Support Vector Machines, K-Nearest Neighbors (KNN), XGBoost, and AdaBoost may be used, but it all depends on the vendor and their choice of algorithm(s) and how it integrates into their product
Typical Hub and Spoke Networks: Remote users VPN to DC, HQ, and Branch offices connect to DC via MPLS. Traffic is backhauled to the data center for cloud and internet connectivity. Security is enforced at the DC
The zero-trust strategy
The zero-trust goal is to ensure you have a secure, scalable, trusted environment that allows your users, workloads, applications, and devices to be authenticated, authorized, and continuously validated.
The zero-trust framework ensures the infrastructure and data security while ensuring access is provided based on the least privileged model. Users and devices do not get access to everything by default. At each stage, users, and devices’ access is authenticated, and access to network and applications is only provided based on identity, need, and access policies.
The zero-trust Design needs to be a fluid design that can adapt to the changing needs and transformation of the organization. The solution should provide a future-ready security posture and ease of integration.
Zero Trust is an information-based security model that denies access to all data and applications by default. Access to digital assets is granted by continuous, contextual, risk-based verification across users and associated devices.
An identity-aware, context-aware, all entities untrusted by default, enforce least privilege access with comprehensive security monitoring is implemented by Zero Trust.
Zero Trust changes the security model from an implied trust model to a continuously monitored and verified trust model.
Implementing the Zero Trust framework in a traditional hub & spoke network can be challenging and expensive.
Provide access based on user profile, device, network, and application access privileges. It is challenging to do so when you have a traditional hub and spoke environment, as shown below
· Traditional hub and spoke architecture with disparate network and security stacks will not scale for the hybrid and cloud-integrated networks
· Inconsistent policies and capabilities based on users and device physical location increase the data breach risk
· Excessive desperate point products in multiple locations increase complexity and optimization challenges along with increased OPEX costs
· Digital transformation and cloud adoption changes the landscape — data center can no longer be the focal point of access
· Poor user experience equals loss of productivity. Backhauling the data to the data center to enforce security may create additional latency
· Increase in security gaps — the need to synchronize all the security peripherals, manage them consistently, and keep them updated requires a workforce and a high level of automation. Mismanagement may lead to security gaps and a compromised network.
Digital transformation is forcing businesses to modernize, which requires consistent, secure, globally available access to applications and services irrespective of the device used and the user’s location.
Challenges with traditional Hub and spoke networks
A perimeter-based approach to security
The traditional hub & spoke environment relies on a perimeter-based security approach. There is nothing wrong with it; however, the conventional system presents numerous challenges in the changing landscape of hybrid and cloud environments where you have multiple locations where applications are stored and accessed.
One of the options often discussed during digital transformation is building intelligent data centers that will retain the traditional control but will be enforced and located in carrier-neutral facilities. Branch/factories (spokes) connect using dark fiber and use either private MPLS or SDWAN solutions. Security, cloud connectivity, and controls are centralized in one location and have low latency. Each spoke has a direct dark fiber connection with the DC.
The other argument is to build data centers in the cloud and do a slow migration of applications while having the same traditional access methods.
The problem with both methods is the lack of consistent security posture, single point of failure on the network and security devices, higher OPEX cost to manage and maintain several point products, and the inability to scale as required.
Take VPN, for example; number one, it requires to be on a DMZ network, and two, it has a finite number of sessions it can support. Any venerability in the product will expose the entire network, and users with access are provided full access to the network. Users, while accessing SaaS solutions, are backhauled to the DC
Additionally, having more than one data center to provide redundancy is imperative.
Users are subjected to an additional hop while SaaS applications or internet applications. If users can access the internet/SaaS directly from their location, other hardware (firewall/edge routers/IPS/SWG) is required. Additional resources to manage and maintain the devices’ hardware, setup, and management.
Scaling the DC to provide low-latency connections is an expensive option.
By implementing a cloud delivery security model, enterprises can scale globally and enforce consistent security policies that follow the users/devices/workloads.
Devices and users are authenticated using the existing IDP and EDR solutions. All access to the internet and SaaS locations are secured and protected. Access to the corporate data center, IaaS, and PaaS resources are secured using an inside-out connection method. Users get access to applications, and by using synthetic IP, the users never have access to the network. The attack surface is limited, and how users are routed to their destination is hidden.
Use a cloud-based security provider that can scale and provide consistent, secure access and user experience. A trusted scientific approach to zero Trust
Cloud-Delivered Scalable always available Security
A cloud-delivered security solution that supports integration with existing Identity (IDP) endpoint security (EDR) and SOAR solutions enables you to implement a proper zero-trust solution. Provide access based on identity and device posture only to applications, not the network.
Zscaler ZTNA solutions provide:
· Uniform policies across all users and locations
· Single console to define global policies
· Immediate enforcement of policy changes
· Inline inspection of suspicious & unknown
· Blocking malicious and Quarantine while sandboxing
· Leverages essential file reputation and AV engines
· Native SSL inspection (with zero performance impact)
· Rich reporting and API
Do not assume or trust anything.; every device and user must be validated and provide the least privileged access based on identity, and security policy. Do not trust; validate first, evaluate the need, and only provide access to the permitted application/workloads.
The zero trust journey is challenging, and implementing Zero Trust on a global scale in a traditional network hub and spoke network presents multiple complications. Using a cloud-based security provider that can integrate with your existing IDP, EDR, and SOAR will enable enterprises to scale and implement zero trust faster. Users are connected to applications and can access them from anywhere in the world, thus eliminating the need for a VPN-based solution.
