As our team at Dynamite Analytics, recently released our new PCAP analytic platform, DynamiteLab, I was reflecting on the evolution of network security best practices from the aging Perimeter Security model to the emerging Zero Trust Architecture. Our efforts at Dynamite are largely focused on network visibility and traffic analysis, and it has been encouraging to see that our work has become essential for enforcing the tenets of Zero Trust.
About the Author
Technology Advisor, Dynamite Analytics
Jamin is the original creator of PacketTotal.com (acquired by Dynamite), the largest public PCAP analytic service in the world.
The Days of Perimeter Security
I first heard the term “Zero Trust” described at a cybersecurity hacking workshop in 2013. The presenter explained a simple policy framework he developed to grant varying levels of access to guests on his home network. I remember finding the model clever but could not imagine it implemented on a large scale. At the time, I worked on a global incident response team for a large financial institution, and to say the environment was monolithically complex would be a dramatic understatement.
Our team focused on detecting threats, scoping the damage, and ultimately stopping the immediate bleeding. Our function was largely reactive, and, in my opinion, it put too much faith in the “defense in depth” strategy. We focused our efforts disproportionately on the perimeter and lacked visibility into our internal environment. We spent millions on excellent security controls that were often half utilized or poorly positioned.
The Paradigm Shift to Zero Trust
The Zero Trust model flips this paradigm, replacing the traditional perimeter-based defense model with one based on continuous verification of trust between resources – “never trust, always verify.” Under the Zero Trust model, there is no innate trust between resources, even those that only communicate internally. It takes a ground-up approach that ultimately requires environments to be architected around the principle of least privilege, using patterns and controls like micro-segmentation, centralized identity and access management, and automated policy enforcement to bolster existing security processes.
It wasn’t until several years later, as I transitioned into the world of security engineering that I began seeing Zero Trust principles get translated into strategic corporate objectives. I believe the most significant catalyst behind this trend was the shift from traditional, on-premise networks to hybrid and cloud environments. This effort effectively gave us a clean slate and a chance to take advantage of the many Zero Trust tenets baked into cloud infrastructure providers.
Zero Trust and Network Detection & Response (NDR)
We started Dynamite Analytics with a goal to enable advanced network cyber defenses capable of detecting even the most sophisticated cybersecurity threats, such as ransomware-as-a-service, supply chain compromises, zero-day exploits and so forth. The key idea behind our work is the ability to extract rich metadata from network traffic for use in network behavior analysis and forensics. This cybersecurity market segment was originally defined by Gartner in 2019 as Network Traffic Analysis (NTA) and was subsequently renamed to Network Detection and Response (NDR).
Coincidentally, NDR capabilities directly translate in the Zero Trust network requirements, as defined in the NIST Publication 800-207 (188.8.131.52):
“The enterprise can observe all network traffic. The enterprise records packets seen on the data plane, even if it is not able to perform application layer inspection (i.e., OSI layer 7) on all packets. The enterprise filters out metadata about the connection (e.g., destination, time, device identity) to dynamically update policies and inform the policy engine as it evaluates access requests.”
About Dynamite Analytics
Dynamite Analytics is a US-based SaaS company focused on network cybersecurity. The company’s leading platform, DynamiteLab, equips cyber and network operators with intuitive, machine-enabled analytics of network packet-captures (PCAPs). DynamiteLab operates as an international community hub for research and exchange of network traffic samples. Dynamite Analytics has won multiple US federal R&D awards pertaining to network traffic analysis.