Chapter 9

Zero Trust Enforcement

Chapter Key Points

  • The most practical first step in planning for Zero Trust and segmentation is to discover which entities exist on the network and the policies governing those entities. To do so, the organization should implement a discovery or monitor mode for as long as possible, and in parallel to other enforcement tasks being executed.

  • Monitoring of endpoints is most effective where large varieties of entities exist, to get a better cross section of suspected identities. Having on-site representation can help determine what entities are when they cannot be dynamically classified or classified through tribal knowledge.

  • The enforcement paradigm for endpoints on the network has changed to no longer be focused ...

Get Zero Trust Architecture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial