Network administrators and cyber professionals are adopting zero trust networking as a moniker that essentially signals the end of perimeter security. Lets take a deeper dive into this concept and discuss what zero trust means and how it affects network security.
Essentially for the past 20+ years, we've operated in a mode where internal networks were most commonly protected with a NAT device on the edge of the network and where firewall rules were used to examine the state of connections. Connections originating outside the network were blocked by firewall rules, and devices on the trusted LAN were allowed to access the Internet.
With the proliferation of millions of IoT devices, we are now in a world where IoT devices, printers, cameras, Alexa's, etc. are added to secure network segments. Still, the OS on those devices (which may originate in foreign countries) are not necessarily things we should trust. Furthermore, network configurations have also become more complex with VPNs between offices, VPNs from work-from-home (WFH) users, and things like WiFi also bring increased risk to the sanctity and security of our protected LAN segments.
Making matters more complicated, we also now have IPv4 and IPv6 running along with proxies and other services allowing IPv4 transport over IPv6.
The idea of zero trust networking is that each device should be hardened and should not have open ports or services and that all access to/from devices are secured by authentication.
The second core tenant of zero trust is that devices should also use encryption for all network activities, making them less susceptible to snooping, man-in-the-middle attacks, or DNS-based attacks.
Let's think about networks and network security. We first need to examine the role of modern firewalls and how layers of security are applied to networks to help maintain security.
There are many-many layers we use in securing networks which include but are not limited to:
Let's discuss this in the context of security within a security company where cash transfers are made to outlying banks. In this example, we shall say that this organization utilizes a zero trust model, where only trusted employees are allowed onto the grounds of the security company.
Even with all these things in place, it is well-understood that massive security breaches can still happen. For example, robbers tunnel into a facility, or multiple employees collaborate to circumvent security processes.
Unfortunately, zero trust isn't the total solution because zero-day vulnerabilities exist in devices that are on protected network segments, and hackers and malware leverage these zero-day vulnerabilities to move laterally within networks and frequently employ live-off-the-land techniques to evade detection by antivirus, antimalware, IDS, and firewalls. Hackers often use email as an attack vector and then combine that with zero-day malware or malware, allowing privilege escalation.
So how does iStatus ArpWatch help?
If we borrow an analogy of security systems, alarm systems typically utilize an array of sensors to protect a building. For example, cameras are used along with access control systems, glass-break sensors, and motion sensors. All of these things are combined to improve and enhance the security of systems.
Similarly, ArpWatch is a tool that can help detect unauthorized devices present on secure network segments. This is like detecting someone inside the locked bank transfer company using motion sensors. While the bank is locked, there should not be motion inside the locked bank. Similarly, we would not expect to see rogue/untrusted devices within a secured network segment. iStatus ArpWatch can stand guard over your networks 24/7, helping to give the IT team eyes and ears to monitor for rogue devices and to monitor for other types of attacks not easily visible to other forms of network security such as monitoring for DNS Changes or monitoring for man-in-the-middle attacks.
iStatus takes network security even further by allowing individual probes to be installed in high-security networks by installing a probe on each VLAN. This is similar to the concept that you would typically see dozens of motion sensors within a larger facility. This is architecturally superior to other methods, which typically either require a separate monitoring PC on each VLAN (which is expensive and impractical) and superior to other designs where centralized monitoring is used across multiple VLANS (where the monitoring itself then hugely increases the risk of breaches allowing traffic between otherwise-isolated VLANs.
Zero trust networks are a way to increase the security of business networks, but zero trust networks can fail when zero-day and unpatched vulnerabilities allow for the traversal of malware or when rogue devices are connected to network segments, allowing hackers to utilize low-level network attacks to launch man-in-the-middle, DNS, or directly access information which can be easily infiltrated offsite.
iStatus ArpWatch™ is a low-cost, easy-to-deploy solution that enables companies to quickly deploy additional layers of monitoring without the high cost of spinning up servers or IT managers to learn complex new systems.