NIST SP 800-207A Acknowledges the Critical Role of Network Traffic in ZTA Success
With the September 2023 publication of NIST 800-207A, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments, NIST has laid out its guidance for developing a Zero Trust Architecture (ZTA) that can be deployed in multi-cloud and hybrid environments, an architectural approach that Gigamon believes will be the default for larger enterprises across government and industry. At a high level, this publication focuses on shifting security thinking away from location-based approaches to one that dynamically establishes trust in the identity of users and services as they seek to access data and business functions across complex environments.
Achieving this outcome will require “a comprehensive set of policies that span all critical entities and resources in the application stack, including the network, network devices, users, and services.”1 Explicit in this guidance is the assumption that an attacker is already in the environment and the organization must monitor and validate everything.2 As Gigamon stated during the public comment period, “everything” needs to include the supporting infrastructures, even those supplied by the Cloud Service Providers, and the management interfaces as they will be targeted and potentially compromised.
The final version of NIST SP 800-207A recognizes and mitigates this risk with the addition of Section 5 Support for Multi-tier Policies Through a Monitoring Framework. While not in the table of contents, this section begins on page 20 and describes the requirements for a monitoring framework in the context of cloud-native applications. Particularly critical is the following recommendation:
MON-DATA-USE-1: Access enforcement in the context of identity-tier policies in ZTA should be based on access decisions that rely on assigned permissions as well as the contextual information about each connection or access request. A key piece of contextual information is the behavioral data associated with the user and/or devices from which the request originates. This behavioral data can only be generated from the visibility information on network traffic flows, which help verify that the users and resources are behaving in a way that is consistent with their roles and are, therefore trustworthy.
The Gigamon Deep Observability Pipeline uses network traffic data to validate ZTA access and authentication policies, capabilities that have been critical to the success of many ZTA projects including cloud projects. Gigamon has the capability to access all network traffic regardless of whether this is on-premises, in private or public clouds, and broker this to the appropriate security tools. Moreover, the Gigamon Deep Observability Pipeline can also derive metadata-based network intelligence from this traffic to validate user and asset behavior and ensure that this is consistent with an organization’s Zero Trust policies.
For more information on how Gigamon is enabling government and commercial organizations to meet their Zero Trust goals, please visit our Zero Trust Information Hub.
1NIST SP 800-207(A), page 2
2Id, page 7
Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.
CONTINUE THE DISCUSSION
People are talking about this in the Gigamon Community’s Public Sector group.
Share your thoughts today