l SOLUTION BRIEF l

Re-Thinking Enterprise Security – Zero Trust Security

Principles for a Safer, More Secure Environment

Comprehensive Network Visibility and Analytics Are a Requirement to Achieve

Any Level of Zero Trust Maturity

The old security architecture of a strong external perimeter being the best (and often only)
defense against compromise is becoming less and less adequate as the sophistication of
attackers improves, the vectors of attack shift or expand, and the threat surface grows. From ZERO TRUST MATURITY – HOW
direct attacks such as the recent log4j vulnerability, indirect attacks such as phishing with DOES NETSCOUT HELP?
malware, and internal lateral movement, traditional perimeter-based network access control
has proven insufficient in detecting, much less preventing compromise. Prevention at the edge First and foremost, comprehensive visibility of
has been the savior side of the arms race but has always, and will always, place second. the entire network is a requirement to achieve
any level of Zero Trust maturity.
To make matters worse, the implicit security assumption has been that everything inside an
organization’s network should be trusted. This almost always means that once on the network, NETSCOUT® Omnis® Security portfolio of
anyone can move laterally within the network – including attackers seeking further compromise. products can enable this and more:
The zero-trust model was designed to re-think the security paradigm to enable services which
• NETSCOUT network taps are used to mirror
drive digital transformation while also improving the security posture.
traffic from the wire

Zero Trust • NETSCOUT Packet Flow Switches are

used to replicate and distribute packets
According to NIST “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that to existing cybersecurity monitoring tools,
move defenses from static, network-based perimeters to focus on users, assets, and resources. including
A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise
• NETSCOUT® Omnis CyberStream sensors,
infrastructure and workflows. Zero trust assumes there is no implicit trust granted to assets or
which using Adaptive Service Intelligence®
user accounts based solely on their physical or network location or based on asset ownership
(ASI) technology, convert raw packets into
… Zero trust focuses on protecting resources, not network segments, as the network location is a robust source of layer-3-7 metadata (aka
no longer seen as the prime component to the security posture of the resource.” Smart Data) and

Zero-trust architecture (ZTA) is an enterprise’s cybersecurity plan which utilizes zero-trust • NETSCOUT Omnis® Cyber Intelligence (OCI)
principles and encompasses component relationships, workflow planning, and access policies. which analyzes that data in real-time and
Therefore, a zero-trust enterprise is the network infrastructure (physical and virtual), services, historically to detect and investigate threats
and operational policies that are in place as a product of a zero-trust architecture plan.
With comprehensive visibility, OCI can detect
threats, trace interconnected devices, view
However, establishing a ZTA is an ongoing process of refinements for any business as all
historical usage, and assist in orchestrating
existing networks, resources, processes, and security capabilities are reshaped to the mitigation through API. Additionally, OCI can
ZT model. Detection and validation of these ZT designs and policies need to be done utilize protection groups to classify networks,
continually to ensure both adherence to the ZTA as well as alerting when ZT enforcement servers, and services based on risk, allowing
boundaries are attempted to be crossed. Comprehensive visibility is essential to the for very rapid and concise verification of zero-
verification and maintenance of the ZT enterprise. trust adoption.

Zero Trust Maturity – Establishing and Maintaining ZT is an Ongoing

Process with a Fundamental Requirement of Comprehensive Network
Visibility & Analytics
CISA’s Zero Trust Maturity Model represents a gradient of implementation across five distinct
pillars, where minor advancements can be made over time toward optimization. The pillars
include Identity, Device, Network, Application Workload, and Data. Each pillar also includes general
details regarding Visibility and Analytics, Automation and Orchestration, and Governance.

SECURITY 1
 l SOLUTION BRIEF l Re-Thinking Enterprise Security – Zero Trust Security Principles for a Safer, More Secure Environment

Zero-Trust Pillars and Foundations

Device Trust Data Trust Network / Application Trust User Trust

Environment Trust

 Device Authentication  Data at Rest Protection  Network segmentation  Single Sign-on  Multi-Factor Authentication
 Device Management  Integrity  Micro Segmentation  Isolation  User Authentication
 Device Inventory  Data Loss Prevention  Transport Encryption  Any Device Access  Conditional Access
 Device Compliance  Data Classification  Session Protection

Visibility and Analytics

Visibility: Dashboards, Detection, Alerts, Inventory, Tagging
Analytics: Traffic reporting, Trending, Utilization

Automation and Orchestration

Orchestration: Policy Engines, Configuration
Automation: Access Control, Remediation

Governance

As enterprises begin and refine their zero-trust architecture, their solutions increase in reliance
upon automated processes and systems, more fully integrate across pillars, and become more
dynamic in their policy enforcement decisions. Zero trust (ZT) is the term
In traditional, non-zero-trust deployments, the monitoring and analytics foundation is gathering
for an evolving set of
packets at the perimeters and occasionally in particularly specific or sensitive areas of the cybersecurity paradigms that
internal network. move defenses from static,
As the ZT architecture matures, perimeters blur or vanish altogether. East-West traffic now network-based perimeters
needs to be seen and controlled to detect and prevent lateral or deeper compromise. Resulting to focus on users, assets,
monitoring visibility is extended across the entire network, both physical and virtual. In an
optimized stage of ZT, full visibility and advanced analytics and intelligence validate the correctness
and resources. A zero-trust
and enforcement of security policies. Implementing and developing the ZT architecture takes architecture (ZTA) uses zero
time, and will continue to evolve as policies, processes, and tooling are improved. trust principles to plan
Whether you’re just beginning on your ZT implementation or are already very mature, industrial and enterprise
NETSCOUT’s visibility and analytics capabilities should be major components to the detection infrastructure and workflows.
and validation of your ZT design.

- NIST

Corporate Headquarters Sales Information Product Support

NETSCOUT Systems, Inc. Toll Free US: 800-309-4804 Toll Free US: 888-357-7667
Westford, MA 01886-4105 (International numbers below) (International numbers below)
Phone: +1 978-614-4000
www.netscout.com

NETSCOUT offers sales, support, and services in over 32 countries. Global addresses, and international numbers are
listed on the NETSCOUT website at: www.netscout.com/company/contact-us

© 2022 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, the NETSCOUT logo, Omnis, Guardians of the Connected World, Adaptive Service Intelligence, Arbor, ATLAS, InfiniStream,
nGenius, and nGeniusONE are registered trademarks or trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries.
Third-party trademarks mentioned are the property of their respective owners.
SECSB_033_EN-2202 05/2022