The continued, high frequency of successful cyberattacks against today’s enterprises has made it abundantly clear that traditional, perimeter-centric security strategies are no longer effective. There is inadequate visibility, control and protection of user and application traffic transiting high-risk network boundaries, and an outdated assumption that everything on the inside of an organization’s network should be trusted.
The Zero Trust architecture approach, first proposed by Forrester Research, is intended to address this by promoting "never trust, always verify" as its guiding principle. With Zero Trust there is no default trust for any entity — including users, devices, applications, and packets — regardless of what it is and its location on or relative to the corporate network. By establishing Zero Trust boundaries that effectively compartmentalize different segments of the network, you can protect critical intellectual property from unauthorized applications or users, reduce the exposure of vulnerable systems, and prevent the lateral movement of malware throughout your network.
Some organizations use virtual local area networks (VLANs) to segment their network, but VLANs simply isolate network traffic – they are unable to enforce the control of privileged information. In addition, by itself, a VLAN cannot inspect your traffic for threats. True Zero Trust network segmentation requires an enterprise security platform that understands your applications, users, and content.
Palo Alto Networks enterprise security platform addresses critical Zero Trust concepts such as:
To get started, IT security teams can take advantage of our virtual wire deployment mode to non-disruptively deploy Palo Alto Networks devices at one or more locations within your network. Configured in listen-only mode, you can then obtain a detailed picture of transaction flows throughout the network, including where, when and to what extent specific users are using specific applications and data resources. Armed with these details, your security team can then incrementally deploy devices in appropriate locations to establish internal trust boundaries for identified trust zones, and configure the appropriate enforcement and inspection policies to effectively put each trust boundary "on line."
With the right Zero Trust architecture for your network, you will gain unparalleled situational awareness of malicious activity, prevent the exfiltration of sensitive data and simplify adherence to compliance regulations.