Visibility and Zero Trust: How Trusting No One Is Restoring Faith In Cybersecurity

Scott Ford | November 5, 2018
For years, IT security architects trusted perimeter defenses to protect enterprise networks and data. The basic premise was simple: build a rock-solid perimeter to protect the trusted network. Once inside you have far-reaching access to a big flat network. In essence, it was like Jack Byrnes’ circle of trust in Meet the Fockers: you are either fully trusted and inside the circle, or you aren’t.
Jack Byrnes: “You can’t start a circle of trust. It’s my circle.”
Greg Focker: “You don’t have a patent on the circle, Jack. And by the way, you’re not even in your own circle right now.”
The price of lost trust
Companies continue to fall prey to hackers. As a result, regulators have lost trust in companies’ ability to secure customer data and are levying steep fines. One recent example: the second largest health insurer in the U.S. must pay the Department of Health and Human Services $16 million for its data breach that exposed protected information of nearly 79 million people.1
Why the spike in breaches? Put simply, while networks have changed to address business needs, network security hasn’t kept pace. Changes include:
Forrester’s Zero Trust Model
Forrester Research analysts were quick to recognize the changing dynamics that have rendered perimeter network defenses ineffective. Their solution is the Zero Trust Model for information security. At its very essence, Zero Trust is based upon the assumption that no person or device is trusted by default with access to the organization’s data. In Forrester’s words, Zero Trust is “a conceptual and architectural model for how security teams should redesign networks into secure microperimeters, strengthen data security using obfuscation techniques, limit the risks associated with excessive user privileges and access, and dramatically improve security detection and response with analytics and automation.”2
If this sounds hard, it is.
To help companies implement such a model, Forrester has defined a Zero Trust eXtended (ZTX) Ecosystem Framework that includes required technologies and vendor recommendations. Forescout is named in several of these categories and is working to be recognized in others as well.
Zero Trust starts with 100-percent visibility
Forrester is emphatic on the topic of visibility in Zero Trust. According to Forrester Analyst Chase Cunningham, “Visibility is the key in defending any valuable asset. You can’t protect the invisible. The more visibility you have into your network across your business ecosystem, the better chance you have to quickly detect the telltale signs of a breach in progress and to stop it.”2. In other words, partial visibility doesn’t cut it.
Forescout defines device visibility as the ability to continuously discover, classify and assess every IP-connected device that touches the extended enterprise network. Only by attaining deep visibility of ALL devices—everything from traditional servers, laptops and smartphones to IoT and OT devices, peripherals, network infrastructure, physical and virtual servers and workloads on public clouds—can you trust your asset intelligence and begin to confidently make intelligent security decisions and apply policy-based controls that Zero Trust requires.
Using real-time visibility to enforce trust
Real-time, in-depth visibility enhances every policy-based action the Forescout platform applies and other technologies it integrates. To learn more about how the Forescout platform enables Zero Trust security, check out these resources:
Among other things, these assets explain how Forescout:
1Associated Press: https://www.apnews.com/
2The Zero Trust eXtended (ZTX) Ecosystem Strategic Plan, Forrester, January 2018.
Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591
Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134