Traffic Enforcement with Nile Trust Engine

4 min

introduction the zero trust fabric engine is the enforcement core of the nile trust service it applies zero trust policies to all network traffic, whether between endpoints inside a zero trust fabric ( east west ) or traffic entering and leaving the network ( north south ) every flow is evaluated against defined policies before it is allowed , denied , or redirected to another enforcement point, ensuring continuous adherence to the principle of least privilege security posture and policy enforcement the trust engine enforces a default deny posture—no traffic flows without an explicit policy this model protects enterprises from unauthorized communication and minimizes the risk of lateral movement and malware propagation inside the network every permitted flow is governed by a policy that defines the source, destination, applicable service profile, and enforcement action traffic enforcement directions the zero trust fabric engine operates on traffic in all directions and evaluates each and every flow east west traffic traffic between endpoints within a zero trust fabric, such as between users and devices at the same site, is considered east west traffic these flows can be locally enforced locally within the zero trust fabric or forwarded upstream for centralized inspection north south traffic traffic entering or leaving the site, such as communication to the internet or corporate data centers or cloud saas services, is considered north south traffic these flows can be locally enforced or forwarded to an upstream firewall or to a secure service edge (sse) platform for advanced inspection enforcement modes the zero trust fabric engine supports multiple deployment options, giving organizations flexibility in how traffic is handled and balance performance, visibility, and compliance requiements while maintaining zero trust integirty local native enforcement both east west and north south traffic can be enforced directly within the zero trust fabric hybrid enforcement in a typical hybrid enforcement model, east west traffic is enforced locally within the zero trust fabric, while north south traffic is forwarded upstream to a firewall or sse for enforcement or inspection upstream firewall enforcement both east west and north south traffic are directed to upstream enforcement systems important note when an upstream firewall is utilized, it is important to understand that for north/south traffic, enforcement may be performed independently by each system inbound traffic will be evaluated by the firewall rule set and subsequently by the trust engine policy set see the section on actions for more information