Understanding the Intersection of Observability and Zero Trust

At RSAC24, Gigamon CISO Chaim Mazal shared his thoughts on zero trust and why it needs a dose of observability.

zero trust
(Credit: Alexander Yakimov / Alamy Stock Photo)

Implementing zero trust is necessary for organizations looking to enhance their security posture. By following the “never trust, always verify” principle, zero trust checks every access request and gives users only the necessary access. It lowers the risk of data breaches, limiting potential damage and improving visibility into network activity.

Gigamon is a deep observability company that captures network-derived intelligence, optimizes it, and sends it to security tools to help enforce zero-trust policies in hybrid cloud environments. I recently met with Gigamon Chief Security Officer Chaim Mazal at the 2024 RSA Conference to discuss the importance of adopting zero trust as part of a modern cybersecurity strategy. The conference occurred May 6-9 at the Moscone Center in San Francisco.

Highlights of the ZKast interview are below.

  • Zero trust is a comprehensive, layered approach to security. This approach requires verifying everything at the network, asset, and identity levels to ensure secure connections. It involves various methods, such as search-based policy engines and emerging technologies, like artificial intelligence (AI).

  • Zero trust is not a single product. It’s a principle consisting of several pillars that achieve end-to-end security. One of the main pillars is visibility, which is integrated into all other zero trust pillars. Visibility involves using real-time network telemetry and feeding it into the right tools for insights. This allows security and network operations teams to make informed decisions using data.

  • Since zero trust combines various methodologies and datasets across different environments, it creates additional complexity for organizations. Gigamon simplifies this process by providing a unified, real-time dataset across systems. Organizations can monitor all their assets, including encrypted traffic, which is crucial for zero trust and verifying everything on the network.

  • Gigamon partners with other key industry players like Vectra and ExtraHop to integrate various security tools. One example is network detection and response (NDR), an advanced tool that monitors network traffic using analytics and machine learning (ML), unlike traditional security methods that lack network visibility.

  • Microsegmentation is an integral part of zero trust but poses challenges due to limited visibility. Effective microsegmentation requires mapping traffic patterns, identifying lateral movement, and analyzing encrypted traffic for threats. Gigamon offers tools for traffic mapping, detecting lateral movements, and decrypting traffic, thus supporting microsegmentation within the zero trust framework.

  • Gigamon stands out in deep observability by ensuring that only critical traffic and telemetry are processed. It involves granular data collection, real-time analysis, and contextual insights to detect anomalies and threats. This helps security operations teams focus on actionable data, reducing false positives and unnecessary alerts.

  • While AI has become a valuable tool for security teams, cybercriminals also leverage AI to launch more sophisticated malware and phishing attacks. Dual AI use underscores the need for advanced threat detection, which Gigamon provides to stay ahead of cyber threats. Effective early detection response to these threats will be crucial as the threat landscape grows.

  • A best practice for implementing zero trust is a layered approach that focuses on IT hygiene. Vulnerability management, identity and access management, and regular patching are all key actions organizations can take. Having a comprehensive overview of all assets is important since things that can’t be seen can’t be secured.

Zeus Kerravala is the founder and principal analyst with ZK Research.

Read his other Network Computing articles here.

Related articles:

About the Author(s)

Zeus Kerravala, Founder and Principal Analyst with ZK Research

Zeus Kerravala is the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions. Kerravala is considered one of the top 10 IT analysts in the world by Apollo Research, which evaluated 3,960 technology analysts and their individual press coverage metrics.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights