Zero Trust Networking

Identity and Access Management (IAM)

IAM is about defining and managing the roles and access privileges of individual users — this includes customers, contractors, suppliers, and partners as well as employees — and the context in which users are granted (or denied) those privileges. IAM systems simplify access and adherence to security protocols, corporate policies, and government regulations – both for systems administrators and users. They are centralized, automated, orchestrated, and frictionless.

A predecessor of modern IAM is network access control (NAC). NAC has been used for many years to grant endpoints — which could be a BYOD smartphone or an IoT device like a pacemaker — access to network resources once the system authenticates and authorizes that device. Most wireless vendors have built NAC into their onboarding platforms and the technology is meant to integrate easily with different types of endpoints and security products.

Deploying NAC, like newer IAM platforms, requires a lot of up-front planning and policy development but pays dividends when it is automated and working well. Structured’s engineers and compliance professionals have a lot of experience guiding clients in how to best deploy this technology.

Security Orchestration, Automation and Response (SOAR)

SOAR platforms ingest data across integrated sources – such as from SIEM tools, firewalls, identity and access management systems, intrusion detection/prevention systems, and much more. A critical distinction is that SOAR is capable of orchestrating these workflows and then executing some automated responses, such as opening a ticket or even more complicated steps like quarantining an infected device or blacklisting a malicious URL.

Orchestration and automation relieve overtaxed IT teams by offloading repetitive investigative tasks and reducing “noise” caused by excessive false positive, or even irrelevant, alerts. And, as cyberattacks become more pernicious and capable of rapid lateral movement throughout an organization, automated responses that contain and remediate threats without the delay caused by manual human involvement can mean all the difference between revel and ruin.

Security Information and Event Management (SIEM)

SIEM platforms collect log data across the enterprise – from applications, domain controllers, network devices, security hardware/software, and much more. It aggregates the information, analyzes it to look for abnormal patterns and potential threats, and then normalizes the data into something humans can understand and work with.

SIEM platforms generate contextualized alerts and provide actionable insights for security operatives who can then address and remediate threats. These platforms also are incredibly useful forensics tools for conducting after-the-fact analysis and compliance/incident reporting.

Next-generation SIEM solutions are evolving to include artificial intelligence and machine learning capabilities designed to reduce false positives, provide some predictive analysis for better prevention, and even initiate some automated responses to more quickly stop threats. While this still is an emerging market, there are some early indicators that next-gen SIEM may grow to look more like Security Orchestration, Automation and Response (SOAR) platforms.

Multifactor Authentication (MFA)

Security-minded organizations — especially those with distributed workforces also turn to multifactor (or at least two-factor) authentication (MFA) to add an extra layer of protection when end users try to access corporate applications and data. In the case of two-factor authentication, users are challenged to provide something they know (such as a password) and something they have (such as SMS confirmation on an approved smartphone).

True MFA takes the sign-in process one step farther in that it requires something you are — provided by facial recognition, iris scan, or fingerprint.