Zero Trust Architecture
Integrating security from the ground up
Published: April 15, 2020
What’s the problem?
To understand what attacks the Zero Trust Architecture was designed to defeat, we first need to look at the attacks being executed on businesses today. Recent studies found:
- 81% of hacking-related breaches leverage stolen or weak passwords1
- 96% of the time, penetration testers identified at least one in-production vulnerability2
- 96% of the time, penetration testers found at least one network / service misconfiguration2
- 35% of exploitation activity saw man-in-the-middle attacks playing a role in the breach3
Traditional perimeter defences don’t protect attacks from occurring inside the enterprise network.
What is the Zero Trust Architecture?
The National Institute of Standards and Technology (NIST) Special Publications (SP) set the standard for Federal Government information and information systems, and SP 800-207 will define the standard for how to implement a Zero Trust Architecture.4
We see the Zero Trust Architecture as an effective network security model where no person or device is trusted to access critical company assets without real-time authentication and authorization, whether they are sitting inside an organization’s network perimeter or remotely accessing the network from outside. It can defeat network-based attacks because:
- It sits between users and servers and applies multifactor authentication to defeat credential theft
- It isolates servers to defeat server exploitation such as attacks on vulnerabilities and configuration errors
- It encrypts all traffic in impregnable tunnels to defeat man-in-the-middle attacks
- Its ease of use reduces attempts to circumvent the system just to make daily operations easier
Verizon's Private IP and Software Defined Perimeter
To establish Verizon’s Zero Trust Architecture, we combine two proven technologies: Private IP and Verizon Software Defined Perimeter (SDP). Private IP eliminates access to your Wide Area Network (WAN) from adversaries on the Internet. Verizon SDP eliminates access to servers in your data center from adversaries on the internal network.
Private IP is an MPLS-based Virtual Private Network (VPN) service that delivers the scalability and connectivity of IP with the security and reliability of a private network. Private IP makes a network invisible from the outside – very different from what an adversary would see if the Internet was used for branch office interconnectivity.
Verizon Software Defined Perimeter is a high-performance implementation of a Cloud Security Alliance protocol “designed to provide on-demand, dynamically provisioned, [software defined] air-gapped networks”. It is referenced multiple times in SP 800-207 as an implementation of the policy-based network of the Zero Trust Architecture.
Only authorized users on authorized devices can access authorized applications. In this way, Verizon SDP combined with Private IP can defeat network-based attacks.
To learn more about Verizon’s Zero Trust Architecture and any related promotions, contact your Account Manager or view some of the linked materials here.
1 Scott Rose (NIST), Oliver Borchert (NIST), Stu Mitchell (Stu2Labs), Sean Connelly (DHS). (2020). SP 800-207 Zero Trust Architecture. https://csrc.nist.gov/publications/detail/sp/800-207/draft
2 Verizon Data Breach Investigations Report. 2017
3 Rapid7 “Under the Hoodie”. 2018
4 IBM X-Force Threat Intelligence Index. 2018