Introduction to ZTA - Benefits of ZT Flashcards
What are the benefits of Zero Trust
- Reduced Risk of Compromise
- Increased Trustworthiness of Access
- Increased Visibility and Analytics
- Improved Compliance
- and additional benefits
What is one of the main benefits of Zero Trust (ZT)?
Reduces risk of compromise
This is achieved by reducing the attack surface, limiting the radius of impact, and decreasing the time to detect and contain breaches.
What principle is at the core of reducing the attack surface?
Principle of least privilege and ‘never trust, always verify’
These principles dictate that resources are accessed based on various attributes and context.
How does Zero Trust Architecture (ZTA) implement resource hiding?
Resources are only visible to authenticated, authorized users
This concept varies depending on the ZTA implementation technique.
What is the role of the Policy Enforcement Point (PEP) in ZTA?
Forwards requests to the Policy Decision Point (PDP) for authorization
The PEP checks if the user has been authenticated and authorized by policy.
What does the PDP do after receiving a request from the PEP?
Checks if the user has been authenticated and authorized by policy
The PDP then sends its response back to the PEP.
What is the goal of using vetted, compartmentalized applications in ZTA?
To protect applications from potentially compromised hosts
This involves running only approved applications in a sandboxed environment.
What is micro-segmentation in the context of Zero Trust?
Restricts lateral movement inside an enterprise IT environment
Each access attempt is authenticated and authorized, regardless of origin.
How does ZTA improve the detection of breaches?
Centralized authentication and policy enforcement increases visibility
This visibility helps in detecting malicious access attempts in real-time.
What kinds of threats can ZTA help detect early?
- Phishing attempts
- Privilege elevation
- Use of stolen credentials
Early detection can stop attackers from launching successful intrusions.
Fill in the blank: The PEP will refuse requests from _______.
[other applications running on the server]
True or False: ZTA allows unrestricted access to resources regardless of authentication.
False
Access is always authenticated and authorized.
What is the significance of dynamic access policies in ZTA?
Enables organizations to detect malicious access attempts in real-time
This capability helps in mitigating attacks before they cause damage.
What does ZTA stand for?
Zero Trust Architecture
What is the fundamental capability of ZTA regarding identity access management?
Consolidated identity access management (IAM) and policy solutions
What is the principle of least privilege in ZTA?
Access to resources is based on the principles of least privilege and need to know
What are some methods used in ZTA to increase trustworthiness of access?
Single Packet Authorization (SPA)
What security measures are enforced before access is granted in ZTA?
Strong authentication, including MFA, session timeouts, re-authentication requests, and validation
Fill in the blank: Access to any data in ZTA is protected _______ based on its sensitivity.
cryptographically
What is the role of Multi-Factor Authentication (MFA) in ZTA?
To enforce strong authentication before access is granted
List two benefits of implementing ZTA.
- Granular access and permissions
- Continuous validation of identity, authentication, and authorization to resources
True or False: In ZTA, user authentication is decentralized.
False
What happens to the first SPA packet sent by the client?
It is rejected
How does the server respond if the SPA packet is successfully authenticated?
Creates an explicit policy to expose the service to the requesting endpoint
What is the relationship between the Policy Enforcement Point (PEP) and the Policy Decision Point (PDP) in ZTA?
PEP enforces the IAM policy of least privilege and communicates with PDP
What does NIST SP 800-207 describe regarding ZTA?
Enhanced identity governance approach establishing enterprise resource access policies based on identity and assigned attributes
What is the process for user authentication in ZTA?
User authenticates to the device, device authenticates to the network, and access request is sent to the policy engine
In an IEEE 802.1x implementation, what do corporate laptops have installed?
Agents
What is the purpose of the access request vetting process in ZTA?
To ensure the user is verified as part of the appropriate group
Fill in the blank: Access control in ZTA is based on _______ and attributes.
roles
What technology is mentioned as part of the network access control in ZTA?
Lightweight Directory Access Protocol (LDAP)
What is the purpose of continuous validation in ZTA?
To ensure ongoing compliance with access policies
What is a requirement of ZTA regarding logging and monitoring?
ZTA requires logging, monitoring, and alerting capabilities for increased visibility into users’ activity.
What should be logged and monitored in ZTA?
Attempts to access privileged resources, administrative or root account activity.
What is the purpose of anomaly detection in ZTA?
To detect suspicious patterns in both inbound and outbound traffic.
What can be automated in ZTA for improved response and remediation?
Alert notifications and automatic task assignments.
List the visibility and analytics-related improvements of ZTA.
- Granular logging and monitoring
- Monitoring analytics over user entities behavior
- Network isolation and micro-segmentation
- Continuous monitoring across all attack surfaces
- Minimization of data exfiltration
- Continuous device posture assessment
How do IAM policies function in CSA’s SDP?
IAM policies are enforced when access requests are made to a device or host.
What does the DOD ZT Reference Architecture model outline?
It outlines a model for logging, analytics, and automation.
What is the first step in the DOD ZT Reference Architecture for analytics?
Historical user behavioral data and current user actions are sent to the analytics engine to be analyzed.
What is compared against global baselines in the DOD ZT Reference Architecture?
A user’s historical and current actions/behaviors.
What does the analysis in the DOD ZT Reference Architecture result in?
A confidence score based on the user’s behavior.
What dictates the level of access a user receives in ZTA?
The user’s confidence score and historical behavior patterns.
What happens if a user’s actions drop their confidence score below a threshold?
Access to a resource is denied.
True or False: Continuous monitoring and analysis occur in the background in ZTA.
True.
What is the purpose of logging all actions to a SIEM platform?
To process them by the analytics engine and hand them to a SOAR platform for real-time policy access decisions.
Fill in the blank: ZTA minimizes _______.
[data exfiltration]
What type of monitoring is involved in ZTA?
Continuous monitoring across all attack surfaces.
What is the significance of user entity behavior analytics in ZTA?
It leads to more detailed security analytics, making it easier to detect breaches or anomalous behavior.
What is evaluated during the setup of mTLS sessions?
Device posture.
What does NIST SP 800-207 specify about ZTA?
It enables the enterprise to observe all network traffic.
What should the enterprise record according to NIST SP 800-207?
Packets seen on the data plane.
What type of metadata is filtered out in ZTA?
Metadata about the connection such as destination, time, and device identity.
What is one way ZTA improves an organization’s compliance posture?
By requiring frequent reviews of access policies to align with evolving IT environments.
This ensures that security measures remain relevant and effective.
Why are policies important in ZTA for security governance?
They translate organizational goals and objectives into actionable security rules.
Policies help in holding organizations accountable to shareholders and stakeholders.
How are access control policies managed in a ZT approach?
They are carefully enforced, continuously monitored, and frequently updated.
This dynamic management helps maintain compliance with external and internal requirements.
What role does continuous monitoring play in policy management?
It enables alignment of policy definitions with enforcement measures.
This is crucial for implementing controls for continuous auditing and compliance.
What is micro-segmentation in the context of ZTA?
A strategy that applies access controls to individual resources using fine-grained authorization mechanisms.
It evaluates the requester’s trustworthiness before granting access.
What principles do organizations implement to reduce their attack surface?
Need to know and least privilege principles.
These principles limit user/device access to sensitive data.
How does limiting access based on location affect compliance measures?
It reduces the scope of compliance measures like PCI-DSS or GDPR.
Fewer users/devices with access to sensitive data lowers potential liability.
True or False: Continuous monitoring is not important for effective policy management in ZTA.
False.
Continuous monitoring is critical for effective policy management.
Fill in the blank: ZTA requires organizations to frequently review _______ to ensure compliance.
access policies.
This is essential as the IT environment evolves.
What can a ZT approach help organizations identify?
Business processes, data flows, users, data, and associated risks
These insights are crucial for reducing risk in cloud and container deployments.
How does a well-architected ZTA benefit IT complexity?
Reduces IT complexity while supporting resiliency and defense-in-depth
This is essential for maintaining a robust security posture.
What are some security benefits of a ZT security framework?
Numerous advantages that vary by organizational landscape, architecture, and operating model
Benefits include better governance and compliance.
How does utilizing cloud technologies in a ZT framework affect operational costs?
Helps minimize ongoing operational costs and eases the burden on human resources and staffing
Automation is key in achieving these efficiencies.
What does the ZT model provide in terms of access control?
Unified access control to data, services, applications, and infrastructure
This approach counters major threats more effectively.
What is the benefit of unifying an organization’s access controls in a ZT model?
Reduces security costs while improving efficacy, visibility, manageability, and user experience
This is more efficient than using a combination of tools like firewalls and VPNs.
Fill in the blank: A well-architected ZTA improves _______.
Governance and compliance
List some additional benefits of ZT.
- Potential cost reduction
- Simplification of IT management design
- Improved data protection (business critical data and customer data)
- Secure remote access
- Improved user experience
These benefits highlight the comprehensive advantages of adopting a ZT framework.
