Don’t Test Today’s Zero Trust Networks with Yesterday’s Tools
2022-04-06 | 7 min read
When attacks come from inside your network
In the 1970's thriller "When a Stranger Calls", the police tell the babysitter to get out NOW because the disturbing calls are coming from inside the house. As a former teen babysitter, all I can say is yikes! So, what does this have to do with testing and securing network infrastructure?
Let's take a step back for a moment. Traditional network security assumes that if you keep hackers and threats outside the network perimeter using passwords, life is good, and all is well. Once inside the network, users have inherent trust and are free to move about as they wish with no further authentication.
Trust no one
As traditional networks evolve into a complex distributed cloud environment, this security model is turned upside down. There is no defined network perimeter and users can access resources in any cloud - private, public, or hybrid. Today's modern networks are adopting a new approach to security centering around zero trust where nothing and nobody is trusted. Ever! Zero trust is not a single product or technology but rather a cybersecurity framework of a set of policies, best practices, and guidelines. Zero trust assumes that everything is under constant attack and that threats are coming from inside the house....uh, inside the network that is.
Validation is based on identity not perimeter and there is no lateral movement. If you invite a guest to your house, it doesn't mean you give them carte blanche to visit every room, jump on your bed, rifle through all your drawers, and open closets. But, that's the general premise of unchecked lateral movement in traditional legacy networks. With zero trust, visitors can only go to one spot in a specific room and only to that spot. Any further movement or action requires authentication of identity. Every. Single. Move. Now imagine this concept on a large scale in a network with thousands of users, and endpoints, and hundreds of applications with endless combinations of connections and requests all needing authentication.
We need a new way
This complexity and scale necessitate an entirely new way to test and validate network infrastructure. Yesterday's test tools simply won't work in today's dynamic zero trust networks, with complex application mixes and advanced traffic patterns.
Enterprises must use different tools than what they use to test their legacy premise-based networks. And, looking at a broader level, it's vital that the network equipment manufacturers (NEMs) who provide the underlying infrastructure to enterprises, service providers, and government entities quickly embrace this major paradigm shift. NEMs are on the front lines of this evolution and must prove beyond measure that their products perform at scale in complex distributed cloud and hybrid networks. The infrastructure they deliver connects devices and users but goes beyond routing and switching hardware. Today's network infrastructure includes SD-WAN, SASE, edge computing, intrusion prevention systems (IPS), gateways, proxies, load balancers, web application firewalls (WAFs), next-gen firewalls, VPNs, servers, and wireless access points among others. NEMs and their customers must test and measure the impact that every component, tool, and application has on security, performance, and overall quality of experience (QoE).
Keysight post-deployment feedback shows that early discovery of issues can provide massive savings, with some customers finding that bugs discovered in development were as much as 90 to 100 times less expensive to fix than when found after products ship or deploy.
Quality assurance is critical for NEMs and the customers who depend on them to provide quality network solutions that can help their businesses succeed. Quality equates with greater loyalty and customer satisfaction, less network downtime, and better cost containment. Let's face it, networks are THE life blood of every organization. Shut down a company's network for even minutes and things come to a grinding halt, often costing millions of dollars. Corporate reputations are on the line, with social media allowing favorable and critical reviews to quickly appear in hundreds of public forums. The stakes are too high to test today's network infrastructure with outdated legacy test tools.
Meet Keysight's CyPerf 2.0
The industry's first instantly scalable software test solution for zero trust in distributed cloud networks, CyPerf offers a new way to test infrastructure in the lab and in live production networks: on-prem or in the cloud. CyPerf brings new heights in realism, by creating an authentic digital twin of users, applications, and threats. Highly scalable, it supports tens of millions of concurrent users and millions of connections per second, delivering deep insights into the end user experience, security posture, and performance bottlenecks.
To learn more about CyPerf or to take a free test drive, visit http://www.keysight.com/us/en/products/network-test/cloud-test/cyperf.html
Register Now for the webinar Zero Trust Testing: A Brave New World for Distributed Networks
to learn how to take your network testing to new levels. We'll see you on April 12th at 1 pm EDT.