NSAの新しいサイバーセキュリティ情報シートから得た3つのポイント

The U.S. National Security Agency (NSA) has issued a new cybersecurity information sheet, Advancing Zero Trust Maturity Throughout the Network and Environment Pillar.  

I’m particularly excited about this document because it recognizes Zero Trust Segmentation (ZTS) as an essential component of Zero Trust, a stance I’ve taken since the beginning. In fact, in the second Zero Trust report ever written, Build Security into your Network’s DNA from November 2010, I wrote this: “…new ways of segmenting networks must be created because all future networks need to be segmented by default.”

With ransomware payments amounting to $1.1 billion in 2023, it’s essential that organizations build Zero Trust architectures with ZTS at their core. This is because ransomware attacks depend on flat networks for success. Flat networks are dangerous. You may pay the bills, but attackers own them.

新しい情報シートから得た上位 3 つのポイントは次のとおりです。

1. ZTS: 基礎となるゼロトラストテクノロジー

I've long believed that segmentation is how we create Protect Surfaces, the fundamental concept of Zero Trust. However, over the past few years, there has been a pronounced emphasis on the Identity pillar of Zero Trust. Identity is important, but the singular focus on this pillar has led to very few organizations understanding the importance of network security controls in building Zero Trust environments, both on-premises and in the cloud.

This is why it’s so great to see the NSA’s new information sheet reaffirm the value of network security in building Zero Trust — ZTS is finally getting the attention it deserves. According to Gartner, “By 2026, 60% of enterprises working toward zero trust architecture will use more than one deployment form of microsegmentation, which is up from less than 5% in 2023.”

ZTSは、攻撃対象領域が拡大し、ネットワークがますます複雑になり、相互接続されるにつれて、ますます重要になります。これは、組織がレジリエンスを構築し、真の永続的なゼロトラストアーキテクチャを確立するための最良の方法です。  

2. データフローマッピングなしでゼロトラストを構築できない

I want to give kudos to the NSA for calling out the significance of data flow mapping in the information sheet. In the early days of Zero Trust, I learned that you must first understand how a system works together before you can successfully build out Zero Trust environments. I’ve been advocating for flow mapping ever since.

Back in 2022, I was honored to be appointed to serve on President Biden’s National Security Telecommunications Advisory Committee subcommittee, where I was a part of authoring and delivering a report on Zero Trust to the President. This report documents the 5-Step Model I have been promoting for several years, with Step 2 focused entirely on Transaction Flow Mapping.  

Learn more about how Illumio can help you get end-to-end visibility across your entire hybrid attack surface.

3. ネットワークセキュリティはゼロトラストです

ゼロトラストのアイデンティティの柱から始める組織はたくさんありますが、残念ながら、ネットワークの柱にたどり着くことはめったにありません。これはゼロトラストを構築するための正しい方法ではありません。ネットワークセキュリティはゼロトラストに不可欠な部分であり、ネットワークを保護することがゼロトラスト です 。

NSAの新しいガイダンスは、組織がゼロトラストのネットワークの柱の価値を理解し、ゼロトラストアーキテクチャに向けた旅の際にネットワークセキュリティテクノロジーを探すのに大いに役立つと信じています。

ZTS is a foundational technology of Zero Trust’s Network pillar. ZTS contains the spread of breaches and ransomware across the hybrid attack surface. With the Illumio ZTS Platform, you can visualize how workloads and devices are communicating, create granular policies that only allow wanted and necessary communication, and automatically isolate breaches by restricting lateral movement proactively or during an active attack — across your cloud, endpoints, and data center environments.

世界がますますつながり、攻撃対象領域が拡大するにつれて、組織はゼロトラスト環境で最も重要な保護対象領域を定義、マッピング、保護することがさらに重要になっています。  

全体として、私はNSAの情報シートに感銘を受けました。これは、ZTSの力と目的を示す重要な業界検証ツールであり、今日の進化する脅威に直面してサイバーレジリエンスを構築しようとしている組織にとって、北極星として機能するはずです。

‍Contact us today to learn more about getting started with Illumio ZTS at your organization.