This post is the seventh in a series examining how Zscaler supports the move to zero trust as defined by CISA.
The CISA Zero Trust Maturity Model outlined the five key pillars of zero trust that we have detailed in this blog series. Underlying all of these pillars are cross cutting capabilities of visibility & analytics and automation & orchestration.
The migration plan outlined by NIST directs agencies to
1. Identify Actors on the Enterprise.
2. Identify Assets Owned by the Enterprise.
3. Identify Key Processes and Evaluate Risks Associated with Executing Process.
4. Formulating Policies for the ZTA Candidate.
5. Identifying Candidate Solutions.
6. Initial Deployment and Monitoring
Inherent to these steps is increased visibility and automation. Agencies need to be aware of who is accessing their data, with what devices and do so in a way that removes the burden from IT, utilizing automated tools.
Feeding the beast
Agencies own most of the tools needed to automate security monitoring and response. SOAR and SIEM solutions do the heavy lifting, but they are only as powerful as the data they are fed. Zscaler conducts over 200 billion transactions per day. This provides rich, contextual logs to build playbooks off of. Zscaler's Admin UI collects data for every transaction through our cloud and provides rich reporting capabilities with logs, charts, graphs, etc. In addition, all this data can be streamed in real-time to the customers’ SIEM.
With the Zscaler Zero Trust Exchange sitting in the middle, SIEM and SOAR get fed the right data including IOC and BIOC so that playbooks for automation can be written. Automation means that computers can react against threats – rather than humans so that response happens at cloud speed. All activity and data is available in a single pane of glass displayed in the SIEM.
Automation - easy as API
APIs allow for interfaces between solutions that can initiate dynamic policy changes and enforcement, speeding up the OODA loop (observe, orient, decide, and act). OODA focuses on filtering available information, putting it in context and quickly making the most appropriate decision while also understanding that changes can be made as more data becomes available. APIs connected to Zscaler mean that when one application raises a flag that something is wrong, access and movement can be blocked across all of the connected applications.
The API connections achieve dynamic need to know for adaptive situational awareness. For example, Zscaler has strong integrations with Microsoft Adaptive Access in Azure Active Directory (AD). Because Zscaler enforces zero trust access to the app/data, Zscaler can provide a continuous posture check or Comply to Connect (C2C) to all apps/data. By leveraging open APIs, Zscaler can make a Continuous Adaptive Access decision from data specific to Endpoint Managers like Forescout, Microsoft, Crowdstrike, as well as the Endpoint OS itself.