ZTNA - Back To Basics

Uploaded on 2025-03-10 in TECHNOLOGY--Resilience, FREE TO VIEW

As digital threats are growing increasingly sophisticated, Zero Trust Network Architectures (ZTNA) are stepping into the spotlight as a game-changing cybersecurity model. 

Spearheaded by mandates like those from the former Biden administration in the U.S., Zero Trust is rapidly gaining adoption as organisations strive to protect their digital assets in an ever-evolving threat landscape.

Zero Trust: A Refreshing Return To Basics

The philosophy behind Zero Trust is strikingly simple yet extremely effective: "Never trust, always verify." By emphasising strict access controls and thorough verification processes for all network interactions, Zero Trust serves as a comprehensive framework for safeguarding sensitive data and minimising both attack vectors and the impact of the breaches.

At its core, ZTNA redefines cybersecurity by treating every user, device, and connection as inherently untrustworthy. Access is always on a need-to-know basis, effectively compartmentalising every asset, service and data object.

It builds on five key pillars, giving comprehensive control and protection across all facets of an organisation’s IT infrastructure: Identity, Device, Network, Application, and Data. Across the five pillars, Visibility and Analytics, Automation and Orchestration, and Governance play a vital role in cross-pillar coordination. This approach drastically reduces the risk of unauthorised access and lateral movement within a network.

A Double-Edged Sword: Enhanced Detection & Increased Alert Volumes

One of the consequences of implementing Zero Trust is its impact on detection rates and alert volumes. By its nature, ZTNA generates a massive amount of telemetry data as security systems meticulously log and analyse every interaction within the network. 

Organisations adopting Zero Trust are equipping their networks with more granular access controls.

Any activity both permitted and denied is captured and can serve as the basis for detection. In addition, activity that deviates from established norms, unexpected authentications or anomalous traffic flows, creates a clear signal for analysts. However, this increased visibility comes with a cost: a surge in alert volumes.

According to a recent study, false positives already account for 20% of all incidents in Security Operations Centres (SOCs), leading to alert fatigue among analysts. With Zero Trust's heightened focus on telemetry, SOC teams face even greater challenges in sorting through the noise to identify genuine threats.

Leveraging security analytics to detect behavioural anomalies and reduce false positives is possible using advanced tools capable of identifying unusual patterns in network activity. This can dramatically improve detection capabilities, providing early warnings of potential threats.

AI & Automation: Strengthening Zero Trust With Hypergraphs

Traditional security models struggle to keep up with modern threats. Attackers don’t rely on static malware anymore, they use built-in system tools, blend in with normal activity, and move laterally within networks. Zero Trust is the right approach to counter these threats, but access controls alone aren’t enough. To be effective, Zero Trust needs a deeper understanding of attack progression, better correlation between security signals, and automated response capabilities.

AI and hypergraphs (a mathematical model that shows how multiple objects are related) provide this missing layer, enabling security teams to move from isolated alerts to a complete picture of an attack.

Security teams today deal with fragmented data across SIEM, EDR, NDR, IAM, and other tools. Each system generates detections independently, making it difficult to see how different events relate to each other. Hypergraphs solve this by linking detections across tools, creating a structured representation of attack paths. This helps security teams understand how an attack is unfolding, rather than treating each detection as a separate event. With hypergraphs, it becomes easier to spot the progression of an attack, identify gaps in visibility, and prioritize incidents that require immediate action. Instead of relying on simple correlation rules, which often fail to capture the complexity of modern attacks, hypergraphs offer a dynamic way to map attacker behaviour across multiple security layers.

AI plays a crucial role in making this approach work at scale. By analyzing threat intelligence, security logs, and detection data, AI can match attack techniques to real-world detections, helping security teams identify gaps in their defences.

It also improves incident investigation by reconstructing attack timelines and filtering out noise, making it clear whether an event is part of a real attack or just background activity. Beyond detection, AI enhances automated response by triggering containment actions based on the progression of an attack, reducing the time it takes to react to threats.

This combination of AI, automation, and hypergraphs makes Zero Trust security more practical and effective. Instead of relying on rigid rules and static detection models, security teams can continuously adapt to new attack techniques. AI shifts detection from simple signature-based alerts to a behaviour-based approach, reducing false positives and improving accuracy. Automated workflows allow analysts to focus on high-priority threats rather than manually sorting through massive amounts of security data. Integrated threat intelligence ensures that defences stay ahead of emerging attack patterns.

By managing detection logic at scale, organisations can maintain consistent security coverage without overwhelming their teams.

Zero Trust is not just about restricting access, it’s about understanding threats in real time. AI and hypergraphs transform fragmented detections into actionable intelligence, allowing organisations to respond faster and more effectively. As attackers continue to evolve, security teams need tools that can keep up. AI and automation provide that capability, making Zero Trust a functional security model rather than just a theoretical framework.

Looking Ahead At Zero Trust

The adoption of Zero Trust to control access represents a fundamental shift in how organisations approach cybersecurity. By emphasising visibility, granular control, and continuous verification, ZTNA not only enhances security but also aligns with broader trends like remote work and cloud computing.

As organisations embrace Zero Trust, they must be prepared to navigate the complexities of increased telemetry and alert volumes. However, with the right combination of AI-driven tools, strategic planning, and ongoing training, the benefits far outweigh the challenges.

Zero Trust is not just a buzzword; it’s fast becoming a necessity. By addressing these challenges with a strategic and phased approach, organisations can unlock the full potential of Zero Trust, strengthening their cybersecurity posture and building resilience against modern attacks.

Christian Have is CTO at Logpoint

Image: Ideogram

You Might Also Read:

Can Shortening The Cyber Stack Increase Stability?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Shadow IT Problem No One Talks About

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SolarWinds

SolarWinds

SolarWinds as a worldwide leader in solutions for network and IT service management, application performance, and managed services.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

EIT Digital

EIT Digital

EIT Digital is a leading digital innovation and entrepreneurial education organisation driving Europe’s digital transformation. Areas of focus include digital infrastructure and cyber security.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

The goal of ICSP is to become a state hub for cybersecurity research and education, including multidisciplinary programs and research opportunities, outreach activities, and industry partnership.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

usecure

usecure

usecure is a global provider of computer-based cyber security awareness training, offering the market’s most time-efficient, cost-effective and admin-lite solution for reducing insider threats.

Difenda

Difenda

Difenda Shield is a fully integrated and modular cybersecurity suite that gives your organization the agility it needs to implement a world-class cybersecurity system.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

Acumen

Acumen

Acumen's cyber security engineers protect your critical systems, in critical moments. We are here when you need us most.

Guardian Angel Cyber

Guardian Angel Cyber

Guardian Angel Cyber, is your trusted ally in safeguarding your digital assets and online presence.

Orca Tech

Orca Tech

Orca Tech brings together a portfolio of complimentary vendor in the IT security industry to help provide a complete solution to meet the requirements of our Partners across all sectors.

Linx Security

Linx Security

The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle.