Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Three Network Weaknesses that Zero Trust Addresses

Home
Industry Insights
Three Network Weaknesses that Zero Trust Addresses

Blog Article Published: 08/04/2021

Zero Trust is a network security concept that aims to protect enterprise assets. Under Zero Trust, organizations should not automatically trust anything inside or outside traditional perimeters. Before granting access to assets, organizations should require the verification of anything and everything that tries to connect. Zero Trust also includes the continued evaluation of sessions throughout the entire duration of the connection.

Software Defined Perimeter (SDP) is the most advanced implementation of a Zero Trust strategy. Before allowing any connection to hidden assets, SDP implementations use a single packet to establish trust via a separate control and data plane. This enables organizations to defend new variations of old attack methods that are constantly surfacing. Implementing SDP improves the security posture of businesses that face the challenge of adapting to increasingly complex attack surfaces.

The following common weaknesses are inherent in how networks are architected today, giving rise to the need for a new way of thinking about security. Learn how Zero Trust and SDP address these issues below.

1. Connect First, Then Authenticate

In network installations that utilize the Transport Control Protocol (TCP), access is allowed prior to authentication. Since there are no foolproof gatekeepers to challenge identity claims, access control mechanisms can be bypassed. Despite any encryption efforts that may be in place, authentication, authorization, and token-based access control systems may have multiple flaws. This ‘connect first, then authenticate’ method can be prone to malicious activity.

SDP Perspective: None of these techniques are effective at preventing attacks. A Zero Trust implementation requires immunity from all layers of attack on network, hosting, and application platform infrastructure. An SDP requires authentication prior to access to resources.

2. Monitoring Endpoints is Compute, Network, and Human Resource Intensive

AI endpoint monitoring cannot yet correctly detect or prevent unauthorized access, as current AI typically relies on non-evolving simple behavioral models. Isolation of protected resources can be compromised over time by capturing identity details, understanding authorization mechanisms, and spoofing authentication credentials. Detecting new avenues of ingress with fraudulent intent requires a combination of performance monitoring, pattern analysis of transaction data, and analysis provided by security specialists. Relying on endpoint monitoring alone still leaves enterprises vulnerable to undetectable attacks.

SDP Perspective: For highly confidential data, the best method of security is to prevent attacks before they occur. An SDP Zero Trust deployment can deny risky transactions based on a single packet analysis revealing a lack of positive identification. The connection is immediately dropped if the requestor is not authenticated.

3. Packet Inspection Has No User Context

Packet analysis happens at the application layer. Therefore, incursions can happen prior to detection. Network single packet inspection to identify connections are successful within bounds. However, these methods are only as secure as TCP/IP and TLS protocols and application code. The fundamental challenge with inspecting packets is the problem of identifying the user from the source IP. While some attacks such as DDoS and malware may be detected using existing techniques, the vast majority of attacks such as code injections and credential theft require a context to detect, as they are performed at the application layer.

SDP Perspective: On the other hand, SDP does have packet inspection end user context. With an SDP Zero Trust deployment, dropped packets gathered at SDP gateways can be forwarded for out-of-band inspection and analysis. Combined with network data, a risk profile can be detected before ingress.

Learn more about Zero Trust by visiting CSA’s Zero Trust Advancement Center.

CSA’s SDP and Zero Trust Working Group is dedicated to validating and protecting the devices and connections on a network. Their research publication SDP and Zero Trust shows how SDP can be used to implement Zero Trust Networks and why SDP is applied to network connectivity. Access the publication here.

Acknowledgements

  • Juanita Koilpillai
  • Nya Alison Murray
  • Michael Roza
  • Matt Conran
  • Jason Garbis
  • Junaid Islam
  • Aditya Bhelke
  • Eitan Bremier
  • Tino Hirschmann
  • Steve Swift
  • Sam Heuchert
  • John Markh
  • Roupe Sahans
  • Oscar Monge Espana
  • Gerardo Di Giacomo
  • Vladimir Klasnya
  • J. Lam
  • Clara Andress
  • Dan Mountstephan
  • Manoj Sharma
Software Defined PerimeterZero Trust

Share this content on your favorite social network today!

Latest from CSA
AI Summit at RSAC 2024
The State of AI and Security Survey Report
Data Resiliency Survey 2024
Trending This Week
#1 What is the Cloud Controls Matrix (CCM)?
#2 Zero Trust and AI: Better Together
#3 Test Accounts: Another Compliance Risk
#4 AI Safety vs. AI Security: Navigating the Commonality and Differences
#5 Is PQC Broken Already? Implications of the Successful Break of a NIST Finalist
Secure your cloud data with Zero Trust Training
Related Articles:
Implementing a Data-Centric Approach to Security

Published: 04/19/2024

7 Common Causes of Data Breach: Safeguarding Your Digital Assets

Published: 04/18/2024

Protocols are Passé. APIs are Key for Effective Zero Trust Implementation.

Published: 04/12/2024

Threats to Water: The Achilles’ Heel of Critical Infrastructure

Published: 04/08/2024