<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">

Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Developing a Single Source of Truth for Zero Trust

As federal agencies and companies move toward a Zero Trust model following recent executive orders to improve their cybersecurity posture, understanding your network’s ‘single source of truth’ is critical to building an effective Zero Trust architecture.

The concepts of Zero Trust were based in response to ‘bring your own device’ (BYOD) enterprise network trends where cloud assets are not located within the perimeter-based network, and now moving security to focus on users, assets, and resources.

As IoT devices are increasingly under threat, as seen in the recent Verkada breach where attackers gained access to live feeds from over 150,000 of the startup’s networked cameras, companies are facing challenges with a basic building-block of information security –  understanding what’s connected to your network. A recent survey from the Ponemon Institute shows that information security practitioners are unable to identify up to 50% of the devices connected to their networks.

With interconnected networks and potentially insecure equipment being constantly introduced, administrators must be able to constantly monitor their networks for new devices and audit them when they appear. As security applications must constantly monitor these devices as they operate behind your perimeter, building your Zero Trust architecture on solid ground requires a strong foundation.


Building a Zero Trust Security Foundation

The Zero Trust security model re-imagines how to implement secure access to resources by following a few concepts to always assume a hostile environment, presume a breach, never trust and always verify, scrutinize explicitly, and apply unified analytics.

For a successful implementation of these security concepts, companies must build a proper foundation to bridge the gap between networking and security to work, including:

  1. Complete Visibility - The combination of packet-level visibility and asset discovery is key to understanding what is on the network. Not only mapping the devices on your network but optimizing performance, analyzing behavior, and alerting possible threats.
  2. Authentication - Once you can define what is on your network, Zero Trust relies on implementing continuous multi-factor authentication by providing dynamic credentialing and authorization.
  3. Role-Based Access Control - The authentication process is backed by an access control policy that restricts information system access to authorized users, based on identity and role, so everyone doesn’t have unfettered access to the entire network.
  4. Continuous Monitoring - IT Security strategies must provide continuous monitoring and analysis, looking for changes in security status and anomalies that can indicate a compromise.
  5. Incident Response - Continuous monitoring then triggers a response framework that should be in place to respond to a security event or issue on the environment, device, application, or data to instantly change network access privileges.

Learn how to Add to Visibility Architecture to Your Zero Trust Cybersecurity Strategy


Understanding Your Single Source of Truth

Understanding the performance, behavior, and activity across your network is vital to a strong Zero Trust security foundation. Asset discovery, continuous monitoring, threat detection, and response rely on packet capture and traffic inspection, looking into the packets to accurately discover threats in the traffic on the network to intelligently respond.

No matter whether you’re looking at a server from five years ago or cutting-edge IoT hardware, these devices have one thing in common—they communicate across your network using packets. Basically, nothing on your network communicates without them, and therefore packets are ultimately the single source of truth for Zero Trust security architecture.

So understanding not only how to capture every packet on your network, but how to use those packets to identify threats, performance and the hardware and applications that are generating them becomes vital to Zero Trust success. Here are a few ways IT teams use packet-level information to audit and monitor devices on your network. 

  1. Asset Discovery - Your network is more complex now than it was in the past. Tools like network performance monitoring (NPM) and asset inventory allow you to discover your network topography, including subnets and VLANs. A best practice is to map these areas of your network before packet capture so that nothing gets missed.
  2. Ping Sweeps - Perform a series of pings over your network using a tool like nMap or Hping. This provides you with initial information about which IPs are live and gives you some baseline information to perform an audit.
  3. Packet Capture - Using a tool like Wireshark, you can begin to intercept packets that are originating from the live IP ranges on your network. You can also analyze packet-level information to determine which kind of device is emitting the packets, what they’re being used for, as well as whether they’re being used for malicious purposes.
  4. NetFlow Analytics - If you use Cisco routers, then you can collect information from NetFlow datagrams to supplement the information you obtain from packet analysis. This information can be used to identify devices on the network in more granular detail—where their traffic is coming from, where it’s going, which kind of IT protocol and service type it’s using, and so on.

The point is that once you have the right collection of sensors and applications, you should be able to understand the complete picture of your network in real-time. If an application changes its behavior, you’ll get an alert. If someone adds a new application or piece of hardware to the network, you’ll get an alert showing exactly what kind of hardware it is and what it’s doing. Access to this information will let you begin building a true Zero Trust network security approach.


How to Ensure Complete Packet Visibility

Complete visibility is pivotal to understanding what is on the network and detecting anomalous behavior to then make dynamic changes to security policy and real-time access decisions – all-important to your Zero Trust strategy.

But how do you ensure you are providing complete packet visibility to your packet capture, asset discovery, continuous monitoring, and threat detection tools?

To access your network traffic and provide packet visibility to a security tool you have two options – a network TAP and the SPAN or mirror port on your switch. Adding a network TAP ensures you are getting complete data to your security tool, as SPAN ports are known to drop packets, create duplicate packets and even introduce bidirectional traffic. Not the foundation we encourage for Zero Trust security, as SPAN wasn't developed for continuous monitoring.

Network TAPs provide the ability to pass every bit, byte, and packet to your security tools, 24/7/365. In other words, this is the only way to obtain the highest accuracy or ‘single source of truth’ from the hardware, applications, and traffic on your network.

Looking to add complete packet visibility to your Zero Trust deployment, but not sure where to start? Join us for a brief network Design-IT evaluation or demo. No obligation - it’s what we love to do.

 

zero-trust-cybersecurity-free-whitepaper

Written by Harry Berridge

Harry is Garland's Director of Federal Operations. With over 30 years of experience in sales, marketing, and channels, Harry brings a wealth of knowledge and expertise working in the Federal space to Garland Technology.

Authors

Topics

Sign Up for Blog Updates