The following is an excerpt from our recent research brief, Zero Trust: The Security Network Infrastructure of Tomorrow. To read more, download the full report here.
Today, in order to protect a network, security teams rely on several different security instruments to keep data secure. These could range from web application firewalls (WAFs), content-filtering gateways or network access control solutions. For the Zero Trust network, however, Forrester believes a new kind of product category will emerge: the segmentation gateway.
“[The segmentation gateway] takes all of the features and functionality of individual, standalone security products and embeds them into the very fabric of the [segmentation gateway]. By embedding a packet-forwarding engine, we have a device that can sit at the very center of the network. The software gateway’s larger value lies in its ability to properly segment networks in a secure manner and build security into the very DNA of the network. Presaged by the rise of unified threat management (UTM) and next-generation firewall (NGFW) appliances, the Zero Trust segmentation gateway vision is well on its way to reality,” reads a Forrester report.
Organizations must focus on learning how to build a Zero Trust infrastructure. But Forrester warns that all the technology components are not yet available for purchase. “While you cannot go out and simply buy a Zero Trust network, cybersecurity professionals can use the architectural design components of Zero Trust to help get past today’s biases about how we should build networks and begin looking at network design from a new point of view,” said the report
The key components to creating the Zero Trust architecture are:
Manage data for security & compliance
With Zero Trust, organizations can build compliance into the architecture. For example, if one security requirement entails the placement of a firewall between a wired and wireless network, the Zero Trust network can implement the firewall automatically, rather than making this task a manual process for security teams.
Centrally manage from a single console
With Zero Trust, security teams can manage from a single location and gain improved network awareness about the state of their systems. Zero Trust reduces complexity and consolidates management consoles, making it easier for managers to understand the state of their networks and what vulnerabilities might exist.
Collect, analyze & manage all data
Critical to the success of a Zero Trust network is the ability to identify and track all log traffic across the network. Forrester refers to this as a “data acquisition network,” in which all data is collected in a single place and can be analyzed in near real time.
For more about zero trust, download the full report here.