Zero Trust Principles: Address Asset Visualization and Classification
Phase 1 of Our “Adaptive Approach to Zero Trust Assurance”: Address Asset Visualization and Classification
Forescout has developed a step-by-step approach to realizing Zero Trust security. We call it “The Adaptive Approach to Zero Trust Assurance,” and it’s designed to help meet zero trust mandates faster with a simplified transition roadmap. This is the second blog in the series. The first one is “Reach Zero Trust Security Mandates with an Adaptive Approach.”
In 2024, we saw a rise in cyber threats and regulatory pressures. Personal liability for CISOs increased along with the number of audit requirements needed to prove compliance and quantify organizational exposure and risks.
According to our researchers at Vedere Labs:
- Security incidents have grown by 354% since 2022
- Ransomware groups grew by 55%
- Published vulnerabilities increased 43% YoY
- Ransomware attack severity in medical devices increased 68% in H1 2024
- Critical infrastructure and cyber physical system incidents have grown by 668%
That’s why the headlines are literally full of details of cyber attacks that exploited vulnerabilities in networks where visibility and access controls are inadequate, outdated or non-existent. To defend against these threats, organizations that want to be proactive must assume a breach mindset: Acknowledge the inevitability of a breach with active defenses that minimize its impact.
It starts by addressing the most critical assets in the business with the principles of Zero Trust.
Zero Trust architecture continuously verifies every user, device, and transaction, granting no implicit trust to anyone or anything. The first step in achieving Zero Trust Assurance is to address the gaps in asset visualization.
Addressing these gaps begins with an understanding of what is on the network, where it is, how it communicates, and whether or not it should be there. Without this basic information, it is impossible to implement Zero Trust.
Common Security Challenges
Most businesses struggle with incomplete asset visibility, creating compliance risks and weak security posture. Key issues include:
- Outdated network inventories that don’t have an accurate record of connected devices
- Static internal defenses that don’t protect against lateral movement in the network
- Stale or non-existent least-privileged access assignments, allowing excessive permissions
- Manual security incident response processes, requiring human intervention rather than automated remediation
To reach Zero Trust mandates, organizations can fill the visibility gaps created by these common security challenges by identifying assets, ascertaining their risk, and observing their network behavior over time.
Go deeper: Join our in-depth webinar to see how to streamline your journey toward Zero Trust Assurance.
‘Address’ Asset Management with These Key Zero Trust Principles
1. Discover and Classify Connected Assets
The first step is asset discovery and classification, which provides real-time visibility into every device and endpoint on the network. This process helps answer key questions:
- What type of device is connected and what is its role (e.g., server, IoT device, laptop)?
- How is the device connected (e.g., via switch, controller, cloud, wireless)?
- Who owns the device and what permissions should it have (LDAP user, Domain member)?
We have seen how these insights deliver rapid value in our customer installations. One executive shared with us that Forescout was the only vendor to reveal that his network had gaming consoles logged into it!
In another example, a government entity with an air-gapped network was facing project delays caused by an inability to control network access. Once we reviewed the full network inventory, we identified mobile devices with physical switch ports – a clear indication of unauthorized wireless bridges. In yet another example, we discovered a camera network that had an unauthorized user logged into over 50 devices.
Access problems like these can be overcome with active and passive discovery methods, such as (but not limited to) traffic ingestion, network infrastructure interrogation, and vulnerability scanning. Thorough discovery identifies all the assets connected to the network continuously.
We believe this first component delivers the fastest time to value. All the better if it’s agentless, vendor-agnostic, and uses a non-intrusive approach.
2. Enrich the CMDB with Continuous Updates
Zero Trust security requires continuous asset updates so that security policies remain intelligent, relevant and effective. A Configuration Management Database (CMDB) should serve as the single source of truth for all IT and security assets. A CMDB that is enriched with details provided by continuous discovery helps build a strong security posture, like detecting misconfigurations, vulnerabilities or weaknesses in IT, OT/IoT & IoMT devices. It’s even better when integrated systems share data bidirectionally — with third-party ecosystems like IT vulnerability management tools, ATDs, or ITSMs.
By integrating real-time asset discovery, organizations will improve their ability to assess risks — and enforce compliance and governance policies. Automated data synchronization with the CMDB helps ensure security teams always have up-to-date information on every device and its network status.
3. Observe and Analyze Network Traffic
Understanding how devices communicate with one another on the network is an important factor when defining least-privileged access policies in a zero-trust network. Network traffic analysis provides a clear picture of baseline behaviors and helps detect anomalies such as unauthorized data transfers or connections to potential threat actors. This information helps inform least privileged access policies and assess the effectiveness of current access policies.
The best observation tools use real-time monitoring, AI-supported anomaly detection, and behavioral analytics to recognize suspicious activities before they become full-scale breaches.
Ultimately, integrating all of these strategies into an adaptive approach to Zero Trust security helps organizations navigate the evolving threat landscape without overwhelming systems or resources.
Check back with us in the next few weeks for the third blog in the series about phase 2 of the “Adaptive Approach to Zero Trust Assurance”: Design the Protect Surface of the Network.
See how we have built-in Zero Trust principles for the U.S. Department of Defense in the Comply-to-Connect program.