Trust issues

Never trust, always verify.

That’s the principle behind a Zero Trust, or ZT, cybersecurity approach. It’s a model that organizations use to persistently enforce security controls across all users, devices, workloads, networks and data, regardless of their location or affiliation.

“We can no longer have this ‘castle-and-moat’ mindset, where we are hyper-focused on defending the perimeter, believing everybody and everything already inside our network belongs there,” said Dr. Torsten Staab, principal investigator for Zero Trust Security at Raytheon Intelligence & Space, a Raytheon Technologies business. “We’ve got to assume that the bad guys are already inside, and that they are already accessing systems and data.”

Implementing a Zero Trust architecture can be a challenge. To roll out ZT across an enterprise, the framework needs to integrate all aspects of the Zero Trust model while providing a simple design, pervasive protection and ease of use. Also, this model must be able to work on all types of infrastructure such as edge, mobile, on-premises and cloud-hosted systems.

“The majority of today’s information technology and operational technology infrastructures are highly distributed, interconnected and diverse. They are system-of-systems ecosystems where trust is the key to successfully operating,” said Greg Grzybowski, DoD cyber defense technology lead for Raytheon Intelligence & Space. “Data is to an IT infrastructure like blood is to the body – it must be protected everywhere and at all times to ensure the health and welfare of the total system. Much like the human body, trust of data in a Zero Trust architecture is established through a system of defenses that provide protection not just at entry and exit but also in depth and at all points in between.”

To address this challenge, Raytheon Intelligence & Space has developed a highly scalable and extensible Zero Trust security platform called REDPro ZTX, short for Raytheon Enterprise Data Protection & Resiliency Platform Zero Trust Extended. This platform monitors users, devices, networks, workloads, and data in real-time. It enforces least-privilege access; continuously verifies access requests; and offers automated command, control and response.

This platform also allows customers to interchangeably plug-and-play defense-grade Zero Trust and cyber resiliency technologies from Raytheon Intelligence & Space and industry partners. Having modular building blocks allows customers to decide which pillars of the Zero Trust model – users, devices, networks, workloads, and data – they would like to focus on first and how to achieve comprehensive Zero Trust coverage over time. The goal of REDPro ZTX is to provide Zero Trust security, while also speeding up deployments, lowering risk, simplifying operations, and reducing response times.

“Effective Zero Trust security must trust no one including the hardware and operating system that is providing access to data and executing the user's programs,” said Daniel Rose, REDPro ZTX chief engineer, Raytheon Intelligence & Space. “The modern adversary has detailed knowledge of the entire computing stack and tools that can provide access to its inner workings including these fundamental levels. A comprehensive Zero Trust solution must integrate technology that can observe and protect at the level of hardware, OS and program execution.”

To address these concerns, REDPro ZTX can provide both Zero Trust security and cyber resiliency simultaneously. This is accomplished through the intelligent integration of dual-use technologies, such as distributed Hardware Root of Trust and System Root of Trust capabilities.

These capabilities can act as Zero Trust sensors and policy enforcement points and can also provide advanced system deception, recovery and self-healing capabilities at the operating system, application, network and data layers. In the end, “a comprehensive Zero Trust solution must integrate technology that can observe and protect at the level of hardware, operating system, and program execution,” said Rose.