ZTNA - Back To Basics

Uploaded on 2025-03-10 in TECHNOLOGY--Resilience, FREE TO VIEW

As digital threats are growing increasingly sophisticated, Zero Trust Network Architectures (ZTNA) are stepping into the spotlight as a game-changing cybersecurity model. 

Spearheaded by mandates like those from the former Biden administration in the U.S., Zero Trust is rapidly gaining adoption as organisations strive to protect their digital assets in an ever-evolving threat landscape.

Zero Trust: A Refreshing Return To Basics

The philosophy behind Zero Trust is strikingly simple yet extremely effective: "Never trust, always verify." By emphasising strict access controls and thorough verification processes for all network interactions, Zero Trust serves as a comprehensive framework for safeguarding sensitive data and minimising both attack vectors and the impact of the breaches.

At its core, ZTNA redefines cybersecurity by treating every user, device, and connection as inherently untrustworthy. Access is always on a need-to-know basis, effectively compartmentalising every asset, service and data object.

It builds on five key pillars, giving comprehensive control and protection across all facets of an organisation’s IT infrastructure: Identity, Device, Network, Application, and Data. Across the five pillars, Visibility and Analytics, Automation and Orchestration, and Governance play a vital role in cross-pillar coordination. This approach drastically reduces the risk of unauthorised access and lateral movement within a network.

A Double-Edged Sword: Enhanced Detection & Increased Alert Volumes

One of the consequences of implementing Zero Trust is its impact on detection rates and alert volumes. By its nature, ZTNA generates a massive amount of telemetry data as security systems meticulously log and analyse every interaction within the network. 

Organisations adopting Zero Trust are equipping their networks with more granular access controls.

Any activity both permitted and denied is captured and can serve as the basis for detection. In addition, activity that deviates from established norms, unexpected authentications or anomalous traffic flows, creates a clear signal for analysts. However, this increased visibility comes with a cost: a surge in alert volumes.

According to a recent study, false positives already account for 20% of all incidents in Security Operations Centres (SOCs), leading to alert fatigue among analysts. With Zero Trust's heightened focus on telemetry, SOC teams face even greater challenges in sorting through the noise to identify genuine threats.

Leveraging security analytics to detect behavioural anomalies and reduce false positives is possible using advanced tools capable of identifying unusual patterns in network activity. This can dramatically improve detection capabilities, providing early warnings of potential threats.

AI & Automation: Strengthening Zero Trust With Hypergraphs

Traditional security models struggle to keep up with modern threats. Attackers don’t rely on static malware anymore, they use built-in system tools, blend in with normal activity, and move laterally within networks. Zero Trust is the right approach to counter these threats, but access controls alone aren’t enough. To be effective, Zero Trust needs a deeper understanding of attack progression, better correlation between security signals, and automated response capabilities.

AI and hypergraphs (a mathematical model that shows how multiple objects are related) provide this missing layer, enabling security teams to move from isolated alerts to a complete picture of an attack.

Security teams today deal with fragmented data across SIEM, EDR, NDR, IAM, and other tools. Each system generates detections independently, making it difficult to see how different events relate to each other. Hypergraphs solve this by linking detections across tools, creating a structured representation of attack paths. This helps security teams understand how an attack is unfolding, rather than treating each detection as a separate event. With hypergraphs, it becomes easier to spot the progression of an attack, identify gaps in visibility, and prioritize incidents that require immediate action. Instead of relying on simple correlation rules, which often fail to capture the complexity of modern attacks, hypergraphs offer a dynamic way to map attacker behaviour across multiple security layers.

AI plays a crucial role in making this approach work at scale. By analyzing threat intelligence, security logs, and detection data, AI can match attack techniques to real-world detections, helping security teams identify gaps in their defences.

It also improves incident investigation by reconstructing attack timelines and filtering out noise, making it clear whether an event is part of a real attack or just background activity. Beyond detection, AI enhances automated response by triggering containment actions based on the progression of an attack, reducing the time it takes to react to threats.

This combination of AI, automation, and hypergraphs makes Zero Trust security more practical and effective. Instead of relying on rigid rules and static detection models, security teams can continuously adapt to new attack techniques. AI shifts detection from simple signature-based alerts to a behaviour-based approach, reducing false positives and improving accuracy. Automated workflows allow analysts to focus on high-priority threats rather than manually sorting through massive amounts of security data. Integrated threat intelligence ensures that defences stay ahead of emerging attack patterns.

By managing detection logic at scale, organisations can maintain consistent security coverage without overwhelming their teams.

Zero Trust is not just about restricting access, it’s about understanding threats in real time. AI and hypergraphs transform fragmented detections into actionable intelligence, allowing organisations to respond faster and more effectively. As attackers continue to evolve, security teams need tools that can keep up. AI and automation provide that capability, making Zero Trust a functional security model rather than just a theoretical framework.

Looking Ahead At Zero Trust

The adoption of Zero Trust to control access represents a fundamental shift in how organisations approach cybersecurity. By emphasising visibility, granular control, and continuous verification, ZTNA not only enhances security but also aligns with broader trends like remote work and cloud computing.

As organisations embrace Zero Trust, they must be prepared to navigate the complexities of increased telemetry and alert volumes. However, with the right combination of AI-driven tools, strategic planning, and ongoing training, the benefits far outweigh the challenges.

Zero Trust is not just a buzzword; it’s fast becoming a necessity. By addressing these challenges with a strategic and phased approach, organisations can unlock the full potential of Zero Trust, strengthening their cybersecurity posture and building resilience against modern attacks.

Christian Have is CTO at Logpoint

Image: Ideogram

You Might Also Read:

Can Shortening The Cyber Stack Increase Stability?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Shadow IT Problem No One Talks About
Cyber Attackers Strike X »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

OneSpan

OneSpan

OneSpan (formerly Vasco Data Security) is a global leader in digital identity security, transaction security and business productivity.

Digittrade

Digittrade

Digittrade develop and produce external encrypted hard disks and secure communications apps.

Romanian Accreditation Association (RENAR)

Romanian Accreditation Association (RENAR)

RENAR is the national accreditation body for Romania. The directory of members provides details of organisations offering certification services for ISO 27001.

Digital Beachhead

Digital Beachhead

Digital Beachhead has the expertise to provide a range of Cyber Risk Management and other Professional Services with specifically tailored solutions at competitive prices.

Mindmajix Technologies

Mindmajix Technologies

Mindmajix is a live and interactive e-learning platform that offers professional online IT training in areas including cyber security.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Open Data Security (ODS)

Open Data Security (ODS)

Open Data Security is a market leader in the information security sector, offering services to companies, governments and individuals, helping them shield from hackers and cyber attacks.

Cyber Security Canada

Cyber Security Canada

Cyber Security Canada is an accredited Certification Body for government-backed Cyber Security Certification Programs, designed specifically for small and medium-sized Canadian businesses.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.

SOC-E

SOC-E

SOC-E is a leading technology provider for high-availability and deterministic networking, sub-microsecond synchronization and cybersecurity solutions for critical sectors.