What is Zero Trust Architecture

A Zero Trust Architecture refers to the way network devices and services are structured to enable a Zero Trust security model.

What is a Zero Trust model?

Zero Trust is a security framework that requires all users, whether in or outside the organization’s network, to be continuously authenticated, authorized, and validated before being granted access to network applications and data.

Zero Trust assumes that there is no traditional network edge; networks can be local, in the cloud, or a hybrid cloud.

How to build a Zero Trust Architecture

The Zero Trust model is a set of design principles constituting a framework, and not something that can be implemented using a single product. It requires the right operational strategy, policies, architecture, products and integrations to be successful.

A Zero Trust network follows these four main principles:

1. Set all default access controls to “deny” for all users and devices; in short, all North-South and East-West traffic are always in ‘untrusted’ mode
2. Leverage a variety of preventative techniques to authenticate all users and devices every time network access is requested;
3. Enable real-time monitoring and controls to identify and contain malicious activity and modern threats including but not limited to ransomware and supply chain attacks; and
4. Align to and enable the organization’s broader, comprehensive cybersecurity strategy

Although each organization’s process for implementing a Zero Trust network will be unique, CrowdStrike offers the following recommendations to develop and deploy a Zero Trust architecture:

1. Assess the organization.

• Determine the attack surface and identify sensitive data, assets, applications, and services (DAAS) within this framework.
• Identify and audit every credential (active, stale, shared, human user, service accounts, privileged users, etc) within your organization and ascertain the gaps in authentication policies to prevent threats using compromised credentials.
• Review all privileges for risk and impact.
• Assess the organization’s current security toolset and identify any gaps within the infrastructure.
• Ensure that the most critical assets (crown jewels) are given the highest level of protection within the security architecture.

2. Create a directory of all assets and map the transaction flows.

• Determine where sensitive information lives and which users have access to them.
• Consider how various DAAS components interact and ensure compatibility in security access controls between these resources.
• Segment all identities.
• Know how many service accounts you have and where they need to connect.
• Review all authentication protocols and remove/raise connection challenges on any outdated protocol and (e.g. deprecated NTLM protocol usage) systems (often local legacy systems).
• Secure a list of all sanctioned cloud services and enforce access based on risk scores and behavior
• Remove stale accounts and enforce a mandatory password rotation.

3. Establish a variety of preventative measures.

Leverage a variety of preventative measures to deter hackers and thwart their access in the event of a data breach. These measures include:

• Multi factor authentication (MFA): MFA, 2FA, or third-factor authentication, are essential to achieving Zero Trust. These controls provide another layer of verification to every user inside and outside the enterprise and should be triggered by risk increases, behavior, deviations and anomalous traffic.
• Least privilege principles: Once the organization has determined where the sensitive data lives, grant users the least amount of access necessary for their roles with continuous verification. Review privileged accounts regularly and assess if those elevated privileges are required as a user moves from group to group.
• Identity segmentation: Micro-perimeters act as border control within the system, identity/credential, and preventing any unauthorized lateral movement. The organization can segment based on user group, role, account type, applications accessed and so on.

4. Monitor the network continuously.

• Figure out where the anomalous activity is occurring and monitor all the surrounding activity.
• Inspect, analyze and log all traffic and data without interruption.
• Escalate and store authentication logs for anomalous or suspicious traffic and activity.
• Create a clear action plan for service account and other critical resource behavior anomalies.

Benefits of a Zero Trust Architecture

Zero Trust is one of the most effective ways for organizations to control access to their networks, applications, and data. Benefits of a Zero Trust Architecture include:

Improved visibility: The main objective of a Zero Trust model is to allow the organization to approve every user and every device every time access to the network is requested – with a clear understanding of who, why and how. This capability, coupled with least-privilege access, allows the organization to maintain strict oversight of all network users and devices, as well as their activity.

Reduced risk: Unlike a traditional perimeter security model, the default access setting for all users and devices in a Zero Trust environment is “deny.” By leveraging advanced technologies to verify the user’s identity, as well as provide application access based on behavior, user risk and device risk posture, the organization can significantly reduce risk by making it more difficult for adversaries to discover the network or gain access to it.

Containment: By segmenting the network by identity, group, and function, and controlling user access, a Zero Trust strategy helps the organization contain breaches and minimize potential damage. This helps organizations improve their “breakout time” — the critical window between when an intruder compromises the first machine and when they can move laterally to other systems on the network.

Improved user experience: When implemented correctly, a Zero Trust model provides an enhanced user experience, as compared to a VPN, which often limits application use, impacts system performance and needs to be updated and authenticated frequently. In many cases, Zero Trust organizations are also more likely to leverage MFA along with single sign on (SSO) tools to streamline and simplify the user experience with a conscious effort to reduce MFA fatigue.

BYOD policy enablement: Zero Trust can help enable personal device use, in that the security protocol does not consider who owns the device, but only that the user and device can be authenticated.

Cloud compatibility: A Zero Trust architecture is a critical security measure as companies increase the number of endpoints within their network and expand their infrastructure to include cloud-based applications and servers. A Zero Trust network is essentially borderless – it applies security principals equally to all users and devices regardless of location.

Reduced complexity: With fewer products needed for your Zero Trust implementation, there will be less complexity required to build, operate and maintain it.

Is a Zero Trust model right for your organization?

Many organizations can benefit from the enhanced security and reduced risk enabled by a Zero Trust model. Specific criteria include:

• Organizations with a highly distributed workforce and device ecosystem
• Organizations with a multigenerational, hybrid operating environment
• Organizations with broad data management landscape and data ownership

Jumpstarting Your Zero Trust Journey with CrowdStrike

The CrowdStrike Zero Trust solution secures the modern enterprise with its cloud-delivered approach to stop breaches in real time on any endpoint, cloud workload or identity, wherever they are. CrowdStrike does all of the heavy lifting for enterprise security teams to enforce frictionless Zero Trust with its industry-leading Security Cloud. The CrowdStrike Security Cloud processes trillions of events per week, enabling high-fidelity attack correlation and real-time threat analytics and response that can scale any deployment model, whether they are multi-cloud or hybrid enterprises that may also run legacy and proprietary applications.

CrowdStrike’s cloud-native approach is the only solution that empowers the security team to achieve Zero Trust protection without the combined overhead of managing terabytes of data, threat feeds, hardware and software, and related ongoing personnel management costs.