Perimeter-based security depends on the traditional firewall model. It is designed to secure North-South traffic.
North-South traffic is the traffic between client and server; it moves between inside and outside the Datacenter. And it is small compared to the traffic inside the data center, which is called East-West traffic.
East-west traffic is the traffic that laterally moves between servers inside the data center, including workload-to-workload traffic. The ability of threats to move laterally (east-west traffic) is often a result of having a large perimeter in the local network.
Also, most applications are now rebuilt into distributed applications, which increase the internal network perimeter.
With Zero Trust, we shrink the perimeter to include only the backend system for a specific application and its data. As in the figure, the left side is an application and its database, isolated from other applications to limit the exposed internal network for external user access to this application. External and Internal traffic is never trusted and always verified with the same strengthened parameters.
So the Zero Trust is a modern security framework that depends on the idea of “never trusts but always verifies” the external and internal network traffic. Internal firewalls are designed to inspect the east-west traffic precisely. Internal firewalls use the same concept as the traditional firewall.
Why We need a new security model?
After Covid-19 spreads, demand in remote work is getting higher, and cyber-attack rates are increasing exponentially. The old security model detects and removes viruses and malware. In contrast, the Zero Trust Model prevents, detects, remediates new threats in real-time since it is synchronized to the latest threat database.
The Zero Trust Security Model Structure:
Implementation of the Zero Trust Security model requires implementing all five poles: Device Trust – user Trust – Network Trust – Application Trust and Data Trust.
The next diagram demonstrates the implementation of the device trust features aligned with VMware Workspace ONE products.
To manage a device, the first step is to enroll this device in the Workspace ONE UEM.
After Workspace ONE UEM manages the device, it will be added to the device inventory list.
Device Compliance Check and Remediation:
After determining the security policies, the Workspace ONE must check that the device is compliant with these security policies, such as:
The Workspace ONE can measure compliance using the following two methods:
- Compliance Engine is an automated software algorithm that gathers scheduled and unscheduled samples from devices to ensure compliance.
- RTC (Real-Time Compliance), which are unscheduled samples sent from devices on-demand by the administrator to determine device compliance or not.
Check device compliance and remediation:
Real-Time Device Threat Detection and Response:
VMware Carbon Black CB Defense:
Mobile Threat Defense (MTD) and Netskope on Cloud Security Broker (CSB) can be used as additional security options and integrate with Workspace ONE Intelligence.
Workspace ONE UEM installs a device certificate on the device and uses the certificate to establish trust between the Workspace ONE UEM server instance and the device.
The certificate can be generated and signed by the default digital certificate authority, Workspace ONE UEM CA, or you can use a trusted third-party CA.
It means not to use passwords and use other methods such as certificate-based authentication or fingerprint.
Workspace ONE Access performs the authentication for the solution. It supports many types of Certificate-based authentication:
Workspace ONE Access includes built-in Multi-factor authentication (MFA) technology called VMware Verify, which requires at least two pieces of evidence that prove the user’s identity. Multi-factor authentication (MFA) combines at least two of the following:
Something the user knows, such as a password
Something the user has, such as a hardware token
Something the user is like a fingerprint.
In any given condition, you have a user on a device, in a location, at a particular time, using a certain app, and trying to access a service (or data).
User Can create access rules based on the following parameters:
- Type of application being used
- What is being requested to access
Workspace ONE Access combines the authentication method with a compliance check to build a higher trust level in your user.
VMware implementation of Zero Trust Security Model includes implementing five trust poles: Device Trust – User Trust – Network Trust – Application Trust and Data Trust. In this post, I have explained the implementation of Device Trust and User Trust using VMware Workspace ONE Products; We have three other Trusts to be explained later.