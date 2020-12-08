How Zero Trust Network Architecture Defends Enterprise Cybersecurity
December 8, 2020
Partners leverage Infoblox-powered architecture to protect security posture
Zero trust is an industry-wide strategic initiative adopted by most security-conscious organizations that helps prevent data breaches by adopting a security posture of default denial. Trust is assessed at the time of network connectivity, with an identity- and context-based logical access boundary, removing any notion of implicit trust based on your location or IP address.
Originally, Zero Trust Network Architecture (ZTNA) was proposed by John Kindervag while he was the principal analyst at Forrester Research about 10 years ago, in response to the failure of traditional security models that operate under the outdated assumption that everything inside an organization should be trusted. This assumption isn’t true when any inside system or device can be compromised by a phishing attack or drive-by malware download, or when it’s operated by a malicious insider or contractor.
With zero trust, the platform identifies a “protect surface” that’s made up of the most valuable data, assets, applications, and services. Then the platform defines user/role-based policies for each protect surface using micro-segmented networks. Because they contain only the most critical assets of an organization’s application environment, protect surfaces are orders of magnitude smaller than traditional attack surfaces and easier to manage.
At the very core, zero trust is both platform- and technology-agnostic. It enables partners to build additional layers of security for enterprise networks by using a wide variety of security technologies, including foundational network infrastructure security, micro-segmentation, application-aware firewalls, secure web gateways, cloud access service brokers (CASBs), and much more.
ZTNA for Partners
Learn more about ZTNA with this white paper from Infoblox: "An Introduction to Zero Trust – A Compelling Cybersecurity Strategy for Defending the Enterprise."
Five Tenets of Zero Trust
● Validate access to data: Data is the central element that must be protected. Access to this data, at any time, must be continually and carefully revalidated.
● Analyze data flows: To best protect organizational data, a company must understand the flows of data in and out of systems and devices so that the data can be validated later and micro-networks can be built.
● Employ micro-segmentation: With an understanding of the critical data that must be protected, IT teams can then create the micro-segmented networks that map best to the flow of the data.
● Maintain visibility and monitor: Organizations must have visibility into all activity within their network, log it, and be able to analyze it comprehensively by integrating with security information and event management (SIEM) technologies to determine if any malicious behavior is present.
● Automated response: Enterprises should wrap zero trust best practices into their security automation strategies and use security orchestration, automation, and response (SOAR) tools to support mitigation efforts.
In a report, Forrester recently expanded and clarified its original notion of zero trust to draw a road map for implementing a zero trust architecture: the Zero Trust eXtended (ZTX) ecosystem. In this report, Forrester identifies key vendors that support its view of the zero trust ecosystem and turns zero trust into a concrete framework and architecture for building out cybersecurity resilience across all enterprise networks.
DNS Security Is the First Line of Defense for ZTNA
Domain Name Service (DNS) acts as the first line of defense for a ZTNA protect surface (data, assets, applications, services) by detecting and blocking activity related to most modern malware like ransomware, exploits, phishing, command and control (C&C) callbacks, data exfiltration, domain generation algorithms (DGA), APTs, and more, using the latest threat intelligence and ML-based analytics.
DNS security augments existing security tools and can offload the blocking of threats from perimeter security, reducing the amount of malicious traffic sent to these tools and preserving their processing power. Here are the three ways DNS security can be leveraged.
● DNS resolution: When a compromised endpoint attempts to resolve the domain name of a C&C server, the DNS server could block that name resolution and send that connection request to a sinkhole. This will prevent data exfiltration or new malware downloads from affecting these C&C sites.
● DNS tunneling: Hackers use DNS payloads as means to exfiltrate data on port 53, to circumvent next-generation firewalls or IDS/IPS rules. Enhancing DNS to detect such exfiltration attempts will prevent data exfiltration via DNS.
● Volumetric DNS requests: Botnets could be used to launch a distributed denial of service (DDoS) attack on external DNS servers and make them unavailable to resolve name resolution of genuine domains. In 2016 the Mirai malware launched a massive DDoS attack on the DNS server operated by Dyn, by using millions of IoT devices as bots to generate fake DNS requests. A robust DNS service should be able to detect such fake DNS requests in large volume.
InfoBlox DDI Platform and BloxOne™ Threat Defense Helping ZTNA Adoption
Infoblox provides the industry-leading DDI platform (DNS, DHCP, and IPAM) that provides foundational security, a centralized point of visibility, and the control needed to efficiently implement ZTNA.
● Domain Name Service (DNS): DNS provides a critical audit trail of any domain/hostname lookups. This audit trail can be leveraged to quickly map out services and resources that have been accessed by compromised devices.
● Dynamic Host Configuration Protocol (DHCP): This is used to dynamically assign reusable IP addresses to devices on the network, every time a device (e.g., a laptop) joins a network. DHCP data also helps correlate disparate suspicious activity associated with the same device under investigation, especially in dynamic environments.
● IP Address Management (IPAM): It begins with IP address discovery, tracking, and allocation of data pertaining to all devices on the network. It maintains a centralized repository of data associated with devices, networks, and services in one clear and easy to manage interface.
Figure 1: Infoblox DDI Platform with BloxOne Threat Defense
The Infoblox DDI platform along with BloxOne Threat Defense (Figure 1, above) provides foundational support for partners to implement key aspects of ZTNA. The Infoblox platform helps partners enable organizations to detect and block data exfiltration and malware C&C communications via DNS. It maximizes brand protection by securing traditional networks, as well as digital imperatives like SD-WAN, IoT, the cloud, and mobility. It also integrates with other security technologies such as network access controllers, NG firewalls, and vulnerability scanners to provide SOAR solutions and quickly contain and remediate cyberthreats. In a nutshell, Infoblox-powered ZTNA helps partners optimize the performance of the entire security ecosystem while also reducing the total cost of enterprise threat defense.
Narayan Makaram, CEO of Cybernetix Security and a cybersecurity consultant for Infoblox, has more than 20 years of experience leading product marketing, product management, and strategic alliances at several companies, including ArcSight, Arctic Wolf Networks, FireEye, Hewlett Packard, Imperva, and Tenable. His expertise are in the areas of Managed Detection and Response (MDR), network security, application security, Security Information and Event Management(SIEM), and data protection.
