F5 GLOSSARY

ゼロ トラストとは何か

Zero trust is gaining momentum. Understanding what it is and how to improve it is imperative to cybersecurity.

The zero trust security and architecture model was created by John Kindervag in 2010 when he was a principal analyst at Forrester Research Inc. The zero trust architecture is a powerful, holistic security strategy that is helping to drive businesses faster and more securely.

What Is a Zero Trust Architecture?

A zero trust architecture eliminates the idea of a trusted network inside a defined perimeter. In other words, it is a security model that focuses on verifying every user and device, both inside and outside an organization’s perimeters, before granting access. The zero trust security framework:

  • Assumes attackers are already lurking on the network
  • Trusts no environment more than any other
  • Assumes no implicit trust
  • Continually analyzes and evaluates risks
  • Mitigates risks

The zero trust approach is primarily focused on protecting data and services, but it should be expanded to include all enterprise assets (devices, infrastructure components, applications, virtual and cloud components) and subjects (end users, applications, and other non-human entities that request information from resources).

Why Is a Zero Trust Security Network Important?

In the past, perimeter security approaches followed a simple paradigm: “Trust but verify.” While the user experience was better, evolving cybersecurity threats are now pushing organizations to reexamine their postures. In recent years, a typical enterprise infrastructure has grown increasingly complex and is outpacing perimeter security models.

Examples of these new cybersecurity complexities include:

  • An enterprise may operate several internal networks, remote offices with local infrastructure, remote and/or mobile users, and cloud services
  • Complexity has exceeded legacy methods of perimeter-based network security
  • There is no more single, easily identifiable enterprise perimeter
  • Perimeter-based network security is now insufficient – once attackers breach the perimeter, their lateral movement is unimpeded

Along with these complexities, securing the network perimeter is insufficient because apps are now on multiple cloud environments, with 81% of enterprises having apps with at least two cloud providers (IBM Mobile Workforce Report). Also, global remote work trends continue, with 65% of workers citing they would like to continue to work from home or remotely (Gallup Survey). Furthermore, global mobile workforce growth continues, as indicated by Gartner’s Why Organizations Choose a Multicloud Strategy report, which estimated there would be 1.87 billion mobile workers globally by 2022.

How to Achieve a Zero Trust Architecture

First, a successful zero trust model should provide visibility for all traffic – across users, devices, locations, and applications. Additionally, it should enable visibility of internal traffic zoning capabilities. You should also consider having the enhanced ability to properly secure the new control points in a zero trust environment.

The right access policy manager secures, simplifies, and centralizes access to apps, APIs, and data, no matter where users and their apps are located. A zero trust model validation based on granular context-and-identity awareness, and securing every application-access request, is key to this and should continuously monitor each user’s device integrity, location, and other application-access parameters throughout their application-access session.

Having a robust application security portfolio in a zero trust approach is also important. The right solutions can protect against layer 7 DoS attacks through behavioral analytics capability and by continuously monitoring the health of your applications. Credential protection to prevent attackers from gaining unauthorized access to your users’ accounts can strengthen your zero trust security posture. Plus, with the growing use of APIs, you need a solution that protects them and secures your applications against API attacks.

How Does F5 Handle Zero Trust

F5 leans heavily on the NIST Special Publication 800-207 Zero Trust Architecture when it comes to our efforts around zero trust, because it provides industry-specific general deployment models and use cases where zero trust might improve an enterprise’s overall information technology security posture. The document describes zero trust for enterprise security architects and aids understanding for civilian unclassified systems. In addition, it offers a road map for migrating and deploying zero trust security concepts to an enterprise environment.

F5 and zero trust tenets - Continuous security improvements

F5 and zero trust tenets—continuous security improvements

Collecting info on current assets, network infrastructure, and communications state to improve your security posture is critical to zero trust improvements. We recommend following these steps to guide your organization in this process:

  • Continuously review and assess access, threats, and trust
  • Provide visibility into application access and traffic trends, aggregate data for long-term forensics, accelerate incident responses, and identify issues and unanticipated problems before they can occur
  • Initiate quick action, if required, including the termination of specific access sessions
  • Deliver a fast overview of access health

F5 can specifically help you deploy an effective zero trust model that leverages our Trusted Application Access, Application Infrastructure Security, and Application Layer Security solutions.  Learn more here.

 

リソース

ゼロ トラスト セキュリティ モデルによる社内アプリケーションの保護

ソリューション

ゼロ トラスト セキュリティ モデルによる社内アプリケーションの保護

詳細はこちら ›

White Paper

ゼロ トラスト セキュリティ:ゼロ トラストが重要な理由

詳細はこちら ›

ゼロ トラストについてハリウッドが教えてくれたこと

ブログ

ゼロ トラストについてハリウッドが教えてくれたこと

詳細はこちら ›

イチから考えるゼロトラスト

Webinar

イチから考えるゼロトラスト

詳細はこちら ›

ゼロトラストネットワーク実現に向けて

デモ動画

ゼロトラストネットワーク実現に向けて

詳細はこちら ›

F5 Labs

F5 Labs

What Is Zero Trust Architecture (ZTA)?

詳細はこちら ›

Security Rule Zero is a Core Component of Zero Trust

ブログ

Security Rule Zero is a Core Component of Zero Trust

詳細はこちら ›

Zero Trust - Making use of a Powerful Identity Aware Proxy (Hands on lab)

ブログ

Zero Trust - Making use of a Powerful Identity Aware Proxy (Hands on lab)

詳細はこちら ›

ゼロトラストを分かりやすく解説

マンガ解説

ゼロトラストを分かりやすく解説

マンガを読む ›

20種類以上にわたる
ITセキュリティお役立ち資料

ダウンロードはこちら
F5