Traditional Perimeter Security and Zero Trust – Are they Really That Different?
[This is the third in a series of Zero Trust posts. ICYMI, "Getting to Ground Zero (Trust)" is the first and "Evaluating Vendors for Zero Trust System Integration" is the second.]
This post will compare and contrast of some differences between Zero Trust (ZT) based perimeter security and traditional perimeter security. It will not be possible to cover all differences or similarities, so the focus will be of some highlights. In particular, the focus will be on Artificial (and Automated) Intelligence (AI), automated system refresh capabilities, logging, and Virtual Private Networks (VPNs). Knowing that many organizations are utilizing Machine Learning and Artificial (and Automated) Intelligence today, it is likely there are organizations already implementing ZT capabilities. While AI/ML are not the only aspect of ZT, it is utilized in ways that extend the automation process and reduce response time to flagged events. As with all organization's security-based decisions, the cost to implement ZT capabilities must be a factor in determining the scope and feasibility of its coverage. For example, a company may have the ability and financial backing to integrate a moderate level of AI log analysis yet may not have the resources to implement automated responses to events.
Automating responses with a capability such as a Security Orchestration Automation and Response (SOAR) solution can require a significant number and volume of different resources, such as financial, personnel (primarily up front), physical/virtual technology, and time. In traditional security perimeters, components like firewalls, VPNs, and proxies were utilized to funnel, monitor, and control traffic. In many cases, the firewall had multiple duties which could include VPNs, traffic monitoring (at several layers), traffic control, and exploit/malware detection. At that time, this was a convenient and cost-effective means for perimeter security. While this configuration provided a level of security, it lacked the capabilities available today which provide much better log analysis and automated response. As the world of bad actors evolved and became much more creative, it was evident additional and sperate capabilities were needed for monitoring and traffic control.
The first round of SOAR capabilities was born from these needs. Passive listeners with traffic management capabilities allowed for near real-time monitoring of traffic while offloading the resources from the firewall to another device, enhancing visibility and control into the network. Security Information and Event Management (SIEM) tools became the standard in many organization's Security Operations Centers (SOCs) and Network Operations Centers (NOCs) providing the organization quicker response times to events. Fast forward to today and most vendors in the firewall, SIEM, and log aggregation realm offer, or at least integrate with, SOAR capabilities. These SOAR capabilities can utilize basic/complex IF/THEN rules or input from AI-backed inputs. The addition of a SOAR into an organization's security toolset takes the traditional perimeter security model into the ZT space.
A significant tenet in the ZT world is automated response. A SOAR provides a portion of the components needed for complete implementation, but it is a step closer to Zero Trust. The financial side of moving from only monitoring and alerting to automated response has significant implications and may require major rework in an environment to support the entire flow. As with other technologies, automated response (AR) can be as little or as much as needed to meet an organization's needs. For example, if an organization requires all web facing devices to be redeployed/reconfigured in the event of a malicious event, several components may be needed, such as a virtual infrastructure, Configuration Management (CM), and automation. These are some of the basic technologies to allow for automated configuration management. Together with the addition of a SOAR it is possible to enable full system rebuilds after the detection of malicious or anomalous behavior of the resource, such as a compromised web server. Many SOAR operations depend on logs from multiple systems to provide it enough information to determine response actions.
In traditional perimeter security environments logging was used by SIEMs or other detection/monitoring to provide the view into many or all resources. From there, the same logs were utilized to perform forensics activities post a flagged event. In most cases the traditional perimeter security operations relied on manual or semi-automated analysis of network traffic and system logs. As the internet-connected devices and traffic increased, it became evident the traditional way of monitoring and detection were insufficient or became overly burdensome on the resources (i.e., personnel and technology) organizations had at their disposal. In the ZT world, one way AI is used is to filter data allowing for more efficient and expedient detection and response to threats. Additionally, the automated capability of SOARs or custom written AI integrations take the burden of system redeploys out of the hands of a administrators freeing them up to address other needs of the organization.
Even with the addition of AI/ML, personnel are still required to develop, implement, update, many aspects of the environment, including the AI/ML components deployed there within. As with traditional perimeter security, VPNs were a way to allow remote users the access required to perform their tasks. VPN usage and management have changed over the years but still continues to provide an important role in an organization's perimeter security. While there have been discussions about the need for VPNs in a ZT environment, considering the primary message with ZT is to assume breach of the environment, a VPN should be considered a continuing necessity in remote work/remote site environment. VPNs in a ZT environment can serve the same role as in the traditional perimeter security model. While they may have lesser management of traffic due to SOAR capabilities, they still serve to minimize attack surface and scope of an organization's network.
Until Zero Day exploits and insider threats no longer exist many of the traditional perimeter security technologies, methods, and controls will still be valuable and further support the ZT implementation into one's environment. Several of the capabilities and reconfigurations in ZT move the onus from traditional components, processes, and procedures into AI-backed automation tools. For most organizations, a strategic plan to move towards a ZT-enabled environment would likely implement or augment existing capabilities. VPNs continue to be one such capability.
There have been discussions about the need for VPNs in a ZT environment as the primary message with ZT to assume breach of the environment. While this assumed breach paradigm is important, VPNs still hold an important role and should continue to be used for the foreseeable future. As viewed through this compare and contrast, ZT and traditional perimeter security differ, but are more building blocks and not competing paradigms. As many organizations look to implement Zero Trust, they will likely find they already have many of the foundational components needed to support the more advanced operations of Zero Trust. While these are not the same, they share many similarities and are building blocks for a more secure environment. Zero Trust and traditional perimeter security should be treated as complimentary, not competing. If well planned, a ZT roadmap would reduce waste while accomplishing an organization's goals, likely utilizing much of what already exists in the environment.
With CyberPoint's NXZT Team by your side, rest assured we will work with you to attain your Zero Trust goals. Whatever your Zero Trust aspirations may be, trust CyberPoint's NXZT Team to turn them into reality!
Contact us about how we can support your organization today.
About CyberPoint's NXZT Team: Your Premier Partner for Zero Trust Security
Embracing ZT within your IT infrastructure demands a seasoned and proficient partner, and CyberPoint's NXZT Team stands at the forefront of ZT expertise. With a wealth of experience in the ZT domain, we specialize in conducting comprehensive assessments, meticulously evaluating your organization's existing network and creating detailed reports outlining the necessary adaptations to achieve ZT certification.
Contact NXZT
With CyberPoint's NXZT Team by your side, rest assured we will work with you to attain your Zero Trust goals. Whatever your Zero Trust aspirations may be, trust CyberPoint's NXZT Team to turn them into reality!