Once a radical idea, zero trust is now the dominant paradigm in enterprise security, largely supplanting the older perimeter-defense model. And as cybersecurity vendors move toward consolidated security platforms that merge once-separate point solutions, zero trust has emerged as the bedrock that underpins modern security offerings.
The zero-trust security model begins with the notion that a network has already been penetrated. As a result, it asks users to authenticate themselves when moving from one part of the network to another, or when asking for access to documents or files that require high security clearance.
No user, whether it's a human, a software process, or a device, is ever fully trusted. All are monitored, tracked and verified as they access different parts of the network. Each user gets no more system privileges than needed to perform its tasks, and excessive existing privileges are revoked. Access is based upon user identity, not network location.
"A modern unified platform needs to be built around the zero-trust concept," says Aviv Abramovich, Head of Security Services Product Management at Check Point. "Less privileges, always verify, continuous verification and an awareness and visibility — if you don't have these specific capabilities, your platform will just be missing some really important components and capabilities."
How zero trust became a must-have
The shift to zero trust accelerated during the rapid growth of cloud computing in the late 2010s and was put into hyperdrive by the 2020-22 COVID pandemic and the massive shift to remote work. Zero trust is simply more applicable than the perimeter-defense model to workplaces with many employees working from home, as well as to organizations with many of their assets in the cloud.
Zero trust also works well with the on-premises networks and assets that many businesses still retain, so there's no long-term downside in shifting to the new paradigm.
Because zero trust bases access upon user identity rather than network location, it's good at handling remote devices and the bring-your-own-device phenomenon.
Under the perimeter-defense model, an employee's phone that joins the company wireless network might be able to reach all the systems a company-owned laptop could, but zero trust limits that phone's access. Likewise, an employee-owned computer will be properly managed by zero trust if it joins the network, no matter where it may be physically.
"You need to think of security holistically," says Abramovich. "Your network actually extends to the employee that sits at home in his slippers, reading his email on his bring-your-own-computer connected to his own Wi-Fi router at home."
Abramovich outlines three "pillars" of zero trust:
- The principle of least privilege. No user gets any more system or network privileges than necessary.
- No users are implicitly trusted, and all are continually re-verified.
- All users are monitored and tracked, and none get free rein throughout the entire network.
"The fact that I trusted you two minutes ago doesn't mean I trust you now," says Abramovich. "Maybe something has changed. Maybe you, in those two minutes, you managed to get malware on your laptop, or wherever you're accessing, and now I have to take that trust away."
How consolidated solutions use zero trust
Identity is the new perimeter, goes the current adage, and a robust IAM policy is at the heart of the zero-trust security model. Under zero trust, network administrators — or Active Directory/Entra ID domain controllers — must know the identity of each device or user on the network, and exactly what levels of access those persons or machines need to do their jobs.
This has broad implications for many aspects of cybersecurity. Endpoint protections are strengthened by zero trust's limits upon which other systems can access the endpoints, and vice versa. Network security is boosted by zero trust's authentication checks at segment boundaries, and cloud security is assisted by zero trust's limits on access.
Logs, SIEM systems and SOAR platforms have access to copious identity data that zero trust provides about each user, enabling quicker and better-informed incident responses.
However, this also creates a need for more automation. Monitoring, tracking, verifying and collecting data on users and their behavior will quickly overwhelm human efforts. By contrast, consolidated security platforms are heavily automated, ensuring that what might seem like grunt work to humans will be automatically and painlessly processed.
Automation and centralization also mean that your staffers can focus on their central tasks instead of needing to learn tangential procedures they will seldom use.
"A great benefit from all of this is if it's from a single vendor, then you're actually improving your efficiency, because there's lots less skills that you have to have in your security team to be able to manage all these different [tools]," says Abramovich.
How a consolidated security platform can help you achieve zero trust
The vast proliferation of security vendors and specialized point solutions in the past decade has resulted in medium-sized and large organizations deploying dozens of tools and maintaining relationships with just as many vendors.
Naturally, this leads to inefficiencies and cost overruns and overwhelms security staffers who must monitor and use different environments, platforms and solutions.
Many organizations are replacing separate point solutions with consolidated security platforms that bundle many different tools and features into a single interface. By doing so, these organizations can streamline operations, reduce alert overload and cut costs.
Implementing a modern consolidated security platform will also aid you on your journey toward zero trust. It won't be the complete solution — no vendor yet offers a complete zero-trust package — but it will provide many of the pieces that can be used to assemble an in-house zero-trust solution.
In fact, if you're using a fairly modern IAM solution, you may already be halfway there, says Abramovich.
"If you've implemented security in the sense that you require authentication before access, you do validation, and you monitor the application," he says, "maybe without even knowing or meaning to do it, you've kind of already implemented some of the zero-trust principles."
Abramovich admits that Check Point's own consolidated platform doesn't offer an IAM solution. But he adds that it does offer most other aspects of enterprise cybersecurity and works well with third-party solutions.
"There are companies that are very good at managing identities. You would use them as an identity [provider]. And you would use, let's say, Check Point for network security," he says.
"However, there are companies that have pretty good coverage on multiple elements you might need. Not just network security, but mobile security, phone security, cloud security. Definitely what we see is there are companies now, like Check Point, building a platform."
