Let’s say you’re committed to implementing Zero Trust architecture. Where should you begin? It’s a daunting task, but it’s not as if you have to blaze a new trail. In fact, the trail has been paved by legions of security and IT professionals who have already succeeded in getting from point A (porous, “hope-for-the-best” security infrastructure) to a locked-down Zero Trust implementation and the peace of mind that comes with it.
In talks with folks – customers, contractors and colleagues – who can proudly say they’ve been there and done that, these five steps to successful Zero Trust planning and deployment come up time and time again. While you don’t need to use the Forescout platform to perform these steps, you can save considerable time getting to Zero Trust if you do.
1. Identify your attack surface. To implement Zero Trust, you must profile and inventory every device on your network to determine if each one is trustworthy. That means identifying every connected thing on your extended network – continuously discovering, classifying and assessing the risk of all connected users, devices, applications and workloads. Forescout eyeSight provides comprehensive device visibility that makes short work of this step. Forescout eyeInspect (formerly SilentDefense™) provides these capabilities (and more) for OT networks and industrial control systems.
2. Map data flows and system interdependencies. Again, visibility is key, only in this case, your focus must be on network traffic flows and the protocols devices use to communicate. Forescout eyeSegment lets you monitor and visualize all traffic entering your network – including the VPN traffic. Gaining insight at this level across all networks lets you establish communication baselines, detect abnormal behavior and implement Zero Trust policies.
3. Correlate user, device and posture data to determine least-privilege access. This is a Zero Trust must: Effective security policies must continuously leverage a combination of user, device and posture data to maintain effective, dynamic least-privilege network access control. The continuous monitoring capabilities of the Forescout platform play a critical role here.
4. Build and test Zero Trust policies. This is relatively easy once you’ve mapped data flows and you have a handle on the business context and interdependencies of connected devices. On top of that, you can build and simulate segmentation policies prior to actually deploying them in the production environment—avoiding potential disruption of critical services. This is where eyeSegment really improves the buildout process.
5. Orchestrate, monitor and automate response. You need to automate context sharing across all enterprise security tools and have the ability to execute controls across multivendor physical and virtual environments. A solid Zero Trust solution can provide dynamic network segmentation and orchestrated incident response, as well as continuous monitoring and control of connected devices and workloads – and do it all at scale. The Forescout platform integrates with leading wired, wireless and cloud infrastructure as well as third-party security tools. Learn more about Forescout eyeExtend products.
Want to get started? Here are a few resources that can help:
Mitesh Shah is a Principal Technical Marketing Manager at Forescout, where he helps organizations understand efficient ways to implement Zero Trust strategies across their enterprise.