Zero Trust Network

5 min

what is zero trust network? securing the network traditionally usually resulted in making a complexity vs risk tradeoff zero trust network by nile protects data by default by ensuring all components powering the network infrastructure are authenticated and the data passing through the service are encrypted end to end to protect against attacks like mitm immutable security posture a secure network begins by ensuring that the underlying elements of the network are secure security begins in the supply chain long before a nile component is deployed into the user environment every nile device has a unique device certificate that is created during manufacturing and is burned into the trusted platform module (tpm) of the device all software is signed using this certificate as a result, each device can verify the integrity of its hardware, firmware, and software on every startup and a device will not start if it has been compromised or tampered with likewise, each device is uniquely tied to an individual nile customer and will only work in that customer’s environment additionally, by delivering a network as a service, nile was free to rigorously reduce each element (access, point, switch, etc ) to its most necessary services fewer services mean fewer opportunities for vulnerabilities nile designed deep instrumentation and sensors into every hardware and software component, and nile’s cloud based ai uses this insight to ensure that the network is continuously and automatically optimized zero infrastructure access the nile design completely removes the need for a human to connect to a device, allowing the removal of ssh, telnet, or other remote services, which can be accidentally left open or exploited by attackers in fact, there is no management or console port that could potentially be abused by attackers likewise, all network configurations are fully automated by nile, removing the potential for human errors each device leverages nile’s custom hardened os and all code is updated automatically https //arstechnica com/information technology/2020/01/unpatched vpn makes travelex latest victim of revil ransomware/ and https //www cisa gov/news events/cybersecurity advisories/aa20 283a threat actors have heavily targeted networking infrastructure both as a way of gaining initial access into an organization and to further distribute additional malicious payloads to other hosts within the network vulnerabilities within network devices will often be overlooked by standard vulnerability scans, or teams may delay updating them due to concerns about impacting the network… furthermore, as the complexity of a network grows, so do the opportunities for configuration errors and mistakes human error can easily leave devices, segments, and services unprotected or at risk without the security team’s knowledge nile removes all of these risks without staff having to do anything or ever even having to think about them at all encryption of all traffic in addition to securing each individual element, nile ensures that every connection and all traffic between nile elements is secure nile implements tls between all network elements to ensure that only devices tied to that specific customer are allowed on the network, and all traffic is encrypted via macsec (802 1ae) all traffic on a customer’s nile network is encrypted and can’t be sniffed or modified regardless of user, device, application, or whether the asset is on the wired or wireless network nile also lets organizations bring their own key (byok), ensuring that not even nile can see the customer’s actual data encryption can be handled in many ways by many components depending on the network, application, and user device any enterprise wireless network will likely implement strong encryption as a standard practice for traffic over the air, but the same is not true once that traffic hits the wire or for the wired ethernet side of the network any unencrypted traffic can allow attackers to sniff traffic and to steal data or even capture login credentials in transit the well known https //www comparitech com/blog/information security/sniffing attack/ trojan is just one example of malware that will attempt to sniff traffic, and in some cases, even when the application implements its own encryption unencrypted traffic can also allow an attacker to intercept and manipulate traffic in transit using man in the middle (mitm) techniques even when encryption is implemented between a user and application, attackers can use mitm connections by taking advantage of vulnerabilities or weak implementations of encryption by performing ssl stripping, hijacking, and other techniques with nile, all traffic on the network is encrypted by default including access to internal resources that may not encrypt traffic as well as applications that may have vulnerable implementations of encryption