Network protection strategies are in a continued state of refinement, with “defense in depth” the lingering buzz phrase for the industry- a concept of adding security protection at multiple layers rather than relying only on a perimeter firewall. But there are major issues associated with current networking architecture and best-practice DMZ models. Even with an alleged 98.5% security effectiveness when deploying best-of-breed Intrusion Prevention System (IPS) products (factoring in exploit block rates, anti-evasion capabilities, etc.) and NextGeneration Firewalls (NGFWs), network attacks that slip past one security product are likely to slip past another. This paper explores a new network defense paradigm that incorporates Zero Trust Architecture within a Third Zone Architecture Model (3ZAM). 3ZAM recognizes network security as a “process response” to the Lockheed Martin Cyber Kill Chain® model and instantiates emerging trends in software-defined perimeters (SDPs), pseudoappliance strategies, micro-segmentation, and Virtual Private Networking (VPN) alternatives.
Share this article