Zero-Trust

Introduction to Zero Trust

NIST Zero Trust Architecture refers to cybersecurity policies and best practices developed by the National Institute of Standards and Technology (NIST). In the Special Publication 800-207 and 800-207A series, NIST establishes the standards of Zero Trust as an approach to security focused on users, assets, and resources instead of static, network-based perimeters. With Zero Trust, no implicit trust is granted to anyone attempting to access the network, regardless of location.

The National Institute of Standards and Technology bases their concept of Zero Trust on the following five principles:

• Granting the least access privilege based on user roles and responsibilities.
• Segmenting & isolating networks using microsegmentation and identity-based segmentation to limit lateral attacks and additional breaches within the network infrastructure.
• Continually monitoring and verifying network traffic, user behavior and resource health and feeding that back into continuously improving security policy. More advanced approaches include using AI-enhanced analytics to recognize, predict and learn from certain patterns.
• Multi-factor authentication practices to determine and verify user identities, locations, and privileges.
• Automating security processes, including threat mitigation, monitoring, alerts and incident responses.

The Tetrate platform helps organizations adhere to NIST standards by implementing a Zero Trust approach across endpoints, apps, networks, and data in transit while maintaining the highest levels of security.

• Enable zero trust at scale: Remove all implicit trust. Continually validate each stage of digital interaction.
• Simplify infrastructure: Advance digital transformation by reducing overall security complexity.
• Gain visibility & control: Get a bird's eye view of application traffic in order to respond faster and more effectively to threats.
• Strengthen your cyber resilience policies & procedures: Limit and prevent attacks, improve response time and mitigate breaches and prevent intruders from pivoting to critical systems.

The Zero Trust Architecture (ZTA) approach to security considers that no user or device, whether from inside or outside the organization's network, should be automatically trusted. Instead of relying on old-fashioned perimeter defenses, ZTA emphasizes confirming identity and allowing access through rigorous authentication and authorization steps.

Tetrate Security Architecture

The Tetrate platform provides a multi-faceted security architecture:

• Tenancy: A comprehensive Resource Hierarchy, extended where needed by Configuration Profiles, enables an administrator to finely-tune role-based access control across the Tetrate configuration and to define mandatory and advisory configuration that is inherited by child resources.
• Access Control Policies: Security policies can be built incrementally, and are propagated according to admin preferences. The Security getting started example provides a simple illustration of how policies are built and inherited. Security policies are based on the mesh identity assigned to each managed service, and are typically grouped by Workspace or other Tetrate resource
• Authentication and Authorization: Additionally, requests can be authenticated and authorized according to JWT tokens provided in the request, providing a user-based authentication method

Two Getting Started exercises introduce the key Tetrate capabilities for supporting Zero-Trust:

• Encrypting and Authenticating Traffic with mTLS explains how to encrypt internal traffic, and authenticate clients and services with Tetrate-assigned service identities
• Managing Security Policies explains how to set up a basic deny-all posture, and then unlock service-to-service flows as required

Using Tetrate's hierarchy of sets of services, from Organization to Workspace and lower, you can quickly create scalable, centrally-managed authorization policies to support a Zero-Trust posture.