Zero Trust Network Access

What is Zero Trust?

Zero Trust is a security concept which was pioneered in 2010 by John Kindervag, the former vice president and principal analyst at Forrester Research. Fundamentally, his thinking was that the typical castle-and-moat approach to cybersecurity – whereby external network access is restricted, but internal access is not – had left organisations badly exposed to hackers and breaches.

Since then, the concept has evolved, and developed into a holistic approach which encompasses a variety of models, solutions and technologies. However, the underlying principle is always a consistent one: never trust, always verify. In other words, eliminate trust in all users, devices and applications which have access to your network architecture.

Hero Image 3

Why is Zero Trust needed? 

A recent study by Verizon found that over a third of breaches or leaks originate from internal network users. Yet digital organisations need to allow internal users access to data and applications from both inside and outside the network. Furthermore, sensitive information may be stored within the network, or on external platforms such as the cloud.

As such, Zero Trust provides a framework for dynamic network security, which goes a long way to mitigating these risks, and limiting the scope of damage that can be inflicted by these various threats.

Deploying Zero Trust

There is no single way to implement Zero Trust architecture, and we tailor our deployments to suit the specific organisation.

Nevertheless, our approach is underpinned by several fundamental principles such as: identifying flows of sensitive information, creating strong user and device identities, network micro-segmentation, defining access control policies, authenticating everywhere and continuously monitoring and evolving.

Hero Image 4
Hero Image 5

Zero Trust and SASE

Zero Trust is a key element in any secure access service edge (SASE) strategy. Find out how your organisation can implement a SASE architecture.

Secure Access Service Edge

Duo Security

Duo Security helps protect users and devices against phishing and identity-based attacks. It provides visibility of all devices and users seeking access to network applications, enabling you to ensure they meet security standards before granting them access.

Using two-factor authentication, users can verify their identity with Duo’s one-tap approval. IT teams can also streamline the user login workflow with a single dashboard to access all applications. And with adaptive authentication, you can enforce access security policies based on user, device and application risk.

Hero Image 6
Hero Image 7

Cisco ISE

Cisco’s Identity Services Engine (ISE) uses software-defined network segmentation, which grants access to specific areas of the network based on criteria such as job role, device type and location – thus minimising risk, and containing any threats or breaches.

This cloud or network-based segmentation approach provides IT teams with unrivalled visibility of network activity, and can quickly pinpoint non-compliant devices. Its functionality is both automated and dynamic, ensuring simplified rollout, and minimal resource requirements for managing ongoing access control.

Secure Network and Cloud Analytics

Formerly known as Stealthwatch, Cisco’s Secure Network Analytics is a single, agentless solution that provides comprehensive threat monitoring across your entire cloud and network environment.

It leverages machine learning with algorithms that continuously process data flows from user activity to establish a baseline of what is normal. Any anomalies which deviate from this are immediately analysed against various threats – generating alerts ranked by priority so you can focus on critical incidents, and drown out the noise.

Hero Image 8

Contact Sales