The National Security Agency’s (NSA) Cybersecurity Information Sheet (CIS) entitled “Advancing Zero Trust Maturity Throughout the Network and Environment Pillar” outlines how organizations can enhance their network security within the Zero Trust model. This involves leveraging advanced cybersecurity strategies to mitigate risks of lateral movement by malicious actors within networks.
In a recent SCmagazine article, the creator of the Zero Trust concept, John Kindervag, pointed out the industry’s current overemphasis on identity management, cautioning against neglecting network security’s critical role. This viewpoint complements the NSA’s guidance on implementing Zero Trust within the network and environment pillar, underscoring the need for a balanced approach that values both identity and network infrastructure. Kindervag’s insights advocate for not only recognizing the network as a foundational component of Zero Trust, but also actively engaging in strategies like data flow mapping, macro- and micro-segmentation, as well as leveraging software-defined networking (SDN) for enhanced security measures. This balanced focus ensures a comprehensive and resilient Zero Trust model, and RedSeal can address those network-related challenges effectively.
RedSeal can play a crucial role in implementing these strategies:
- Data Flow Mapping: RedSeal’s capabilities in mapping the network and understanding how data moves across it align with the document’s emphasis on understanding data flow to identify and secure unprotected data flows. RedSeal can help organizations visualize their network paths and flows, which is foundational for recommended effective segmentation and isolation strategies.
- Macro Segmentation: RedSeal’s Zones and Policies feature directly supports the concept of macro-segmentation, which is about segmenting the network into different security zones to control access and movement between them. By defining and enforcing network policies, RedSeal can help prevent unauthorized access between different parts of the network, such as between departments or between the IT environment and operational technology systems.
- Micro Segmentation: While the document discusses micro-segmentation’s role in further reducing the attack surface within network segments, RedSeal’s detailed network models and policy management can assist in the detailed enforcement of policies that control access to resources within these segments. RedSeal’s analytical capabilities can help identify where micro-segmentation can be most effectively applied and help manage the policies that enforce this segmentation.
- Software-Defined Networking (SDN): Although RedSeal itself is not an SDN solution, its network modeling and risk assessment capabilities are complementary to SDN’s dynamic and adaptable network management. RedSeal can enhance SDN implementations by providing a detailed understanding of the network structure and potential vulnerabilities, thereby aiding in the creation of more effective SDN policies.
RedSeal can significantly aid an organization’s efforts to advance its Zero Trust maturity, particularly within the network and environment pillar outlined in the NSA document. By providing detailed network visibility, facilitating effective macro- and micro-segmentation and complementing SDN strategies, RedSeal helps limit potential attack surfaces, enhances network security posture, and supports continuous verification of all elements within the network environment.
You can find out more by getting a demo of RedSeal and attend one of our monthly free Cyber Threat Hunt workshops.
