Zero Trust: break the passive development mode of "attack and defense" and build a "moat" for enterprise safety

Zero trust strategic planning at home and abroad

The United States government continues 2021 Released in 《 Executive order to improve national cyber security 》 after , Then at local time 2022 year 1 month 26 Japan , Officially released the final zero trust strategy ：《 A federal strategy for migrating to a zero trust security approach 》, It aims to reshape the sustainable defense capability of the United States against modern cyber security threats . And the requirement is in 2024 Before FY “ Achieve specific zero trust security goals ”, This will also be the first national zero trust architecture in the industry .

In our country 2021 Published in 《 Three year action plan for high-quality development of network security industry （2021-2023 year ）》 Make the network security market clear “ Accelerate the development based safe operation 、 Active immunity 、 Zero trust Other framework , Promote the development of innovative technologies and the research and development of network security system . Accelerate the development of dynamic boundary protection technology , Encourage enterprises to deepen micro isolation 、 Software defines boundaries 、 Secure access service edge framework and other technical product applications ” Is the goal of the current work .

Where is the road to enterprise security ？

Break the passive patched moat Wall security mode ,

Dynamic management based on identity fine particles is the king

Vertical industries in the context of digital transformation , Also in the foundation IT Cloud services are introduced into the architecture 、 Hot technologies such as mobile computing , The physical boundary between the intranet and the extranet gradually disappears , The iteration speed of virus Trojan horse is also much faster than before , The number of terminals is growing exponentially , How to achieve Real time and efficient management and control It has become one of the difficulties in the development of the industry .

Traditional network security architecture divides the network into intranet through security boundary 、 Extranet 、 Different areas such as isolation area , The default Intranet has higher security , Preset the reliability of the equipment and system in the intranet , Then deploy firewall and other network security products on the border to carry out heavy maintenance , Form the digital moat of enterprise business .

But the escalating advanced persistent attacks have already broken through the earlier security boundaries , The threat to the intranet continues to escalate , here More flexible dynamic recognition 、 authentication 、 Access control has become the core demand of enterprises , At this moment , Fusion software defines boundaries (SDP)、 Enhanced identity management (IAM)、 Micro isolation (MSG) Of the three technologies Zero trust Architecture Quietly born .

It defaults to the principle that no terminal is trusted , Rely on device-based 、 The dynamic management of users and behavior patterns realizes the fine-grained access control of different resources , solve VPN Account authentication 、 Security policy management problems caused by security defects such as environment identification and horizontal movement , Establish a protection mechanism for internal resources .

Never trust , Always check

Zero trust architecture is not just security technology innovation , Upgrading equipment is not only safe , The essence is a network security management mechanism 、 The design model 、 Changes in planning practice .

“ Chuangyu zero trust gateway ” Is based on “ Zero trust ” Security hardware products based on identity authentication and dynamic trust created by security system . The zero trust gateway no longer relies on the traditional firewall physical boundary , Access control ; But according to the user 、 equipment 、 The network environment 、 Access behavior is measured based on as many data sources as possible , Through continuous data collection 、 Verification and evaluation to achieve dynamic security access control based on identity authentication .

Chuangyu zero trust technology principle //

Chuangyu zero trust gateway through trusted agent 、 Policy engine and trust evaluation engine realize zero trust access control . Chuangyu zero trust gateway after receiving the request , According to the network parameters of the current request user 、 Positional arguments 、 Intelligent evaluation of environmental parameters and historical portraits , To judge the possible risk level after the current request for release , The gateway will determine the processing of the request according to the risk level , The results of the processing are persisted and used for threat intelligence analysis , Visually display the safety and risk of the system .

Chuangyu zero trust product features //

• Multi factor authentication

Chuangyu zero trust gateway provides a variety of user authentication methods , Including SMS verification code 、 WeChat 、OTP etc. ; from “ Take the network as the boundary ” Evolved into “ With identity as the boundary ”, In an untrusted network environment , Identity as the core , The access control management based on authentication and authorization reconstructs the trusted network 、 Secure network framework .

• Fine grained authority control

The principle of minimum permission is one of the practices that must be followed by zero trust security architecture , Chuangyu zero trust gateway performs fine-grained access control based on identity , Only give users the minimum access they need to complete a specific job , In order to cope with the increasingly severe risk of ultra vires lateral movement . At the same time, the system will change according to the user's login habits （ Such as time 、 Location 、 Network, etc ）, Combined with the detection and analysis of network environment , Dynamically adjust user authorization policy , Always control the minimum access rights of users . In this way , It can greatly alleviate voucher theft 、 Security threats caused by unauthorized access .

• Continuous trust assessment , Dynamic permission adjustment

Chuangyu zero trust gateway is used for authentication at more than one login , It includes the whole process of accessing the business system after logging in . Even if the user's recent requests are legal , It will also detect each request in real time 、 Threat rating ; For different risk levels , Grant different levels of trust , Assign different permissions . Through this continuous trust assessment , Avoid the invasion of external threats to the greatest extent , Provide more efficient protection for enterprise assets .

• Threat Intelligence linkage , Build a safe environment

Chuangyu zero trust gateway conducts security analysis according to the network environment of the request initiator , Combined with the massive threat intelligence data accumulated by Chuangyu for many years , Make up for the blind spot of external threats , Enemy and know yourself . Through rapid perception 、 Response ability , Judge whether the network of the request source is secure and trusted , So as to determine the trust level and threat level of the request , Intercept suspicious requests , Interdiction threat .

The implementation and promotion of zero trust architecture is the key element for digital enterprises to achieve the goal of modernization 、 It is also an inevitable way to ensure network security .

As the opponent's attack and destruction methods evolve , We must continue to optimize the way we treat network security from the source . Know that Chuangyu is a major player in the network security market “ The player ” One of , Have a more avant-garde understanding and thinking of zero trust , We will also make unremitting efforts to explore the great potential of the zero trust market , Make network security more unbreakable with the blessing of zero trust !

Reference source ：https://net.it168.com/a2022/0214/6622/000006622503.shtml

If there are business requirements related to zero trust gateway

Please scan the code for expert support