ZTNA - Back To Basics

Uploaded on 2025-03-10 in TECHNOLOGY--Resilience, FREE TO VIEW

As digital threats are growing increasingly sophisticated, Zero Trust Network Architectures (ZTNA) are stepping into the spotlight as a game-changing cybersecurity model. 

Spearheaded by mandates like those from the former Biden administration in the U.S., Zero Trust is rapidly gaining adoption as organisations strive to protect their digital assets in an ever-evolving threat landscape.

Zero Trust: A Refreshing Return To Basics

The philosophy behind Zero Trust is strikingly simple yet extremely effective: "Never trust, always verify." By emphasising strict access controls and thorough verification processes for all network interactions, Zero Trust serves as a comprehensive framework for safeguarding sensitive data and minimising both attack vectors and the impact of the breaches.

At its core, ZTNA redefines cybersecurity by treating every user, device, and connection as inherently untrustworthy. Access is always on a need-to-know basis, effectively compartmentalising every asset, service and data object.

It builds on five key pillars, giving comprehensive control and protection across all facets of an organisation’s IT infrastructure: Identity, Device, Network, Application, and Data. Across the five pillars, Visibility and Analytics, Automation and Orchestration, and Governance play a vital role in cross-pillar coordination. This approach drastically reduces the risk of unauthorised access and lateral movement within a network.

A Double-Edged Sword: Enhanced Detection & Increased Alert Volumes

One of the consequences of implementing Zero Trust is its impact on detection rates and alert volumes. By its nature, ZTNA generates a massive amount of telemetry data as security systems meticulously log and analyse every interaction within the network. 

Organisations adopting Zero Trust are equipping their networks with more granular access controls.

Any activity both permitted and denied is captured and can serve as the basis for detection. In addition, activity that deviates from established norms, unexpected authentications or anomalous traffic flows, creates a clear signal for analysts. However, this increased visibility comes with a cost: a surge in alert volumes.

According to a recent study, false positives already account for 20% of all incidents in Security Operations Centres (SOCs), leading to alert fatigue among analysts. With Zero Trust's heightened focus on telemetry, SOC teams face even greater challenges in sorting through the noise to identify genuine threats.

Leveraging security analytics to detect behavioural anomalies and reduce false positives is possible using advanced tools capable of identifying unusual patterns in network activity. This can dramatically improve detection capabilities, providing early warnings of potential threats.

AI & Automation: Strengthening Zero Trust With Hypergraphs

Traditional security models struggle to keep up with modern threats. Attackers don’t rely on static malware anymore, they use built-in system tools, blend in with normal activity, and move laterally within networks. Zero Trust is the right approach to counter these threats, but access controls alone aren’t enough. To be effective, Zero Trust needs a deeper understanding of attack progression, better correlation between security signals, and automated response capabilities.

AI and hypergraphs (a mathematical model that shows how multiple objects are related) provide this missing layer, enabling security teams to move from isolated alerts to a complete picture of an attack.

Security teams today deal with fragmented data across SIEM, EDR, NDR, IAM, and other tools. Each system generates detections independently, making it difficult to see how different events relate to each other. Hypergraphs solve this by linking detections across tools, creating a structured representation of attack paths. This helps security teams understand how an attack is unfolding, rather than treating each detection as a separate event. With hypergraphs, it becomes easier to spot the progression of an attack, identify gaps in visibility, and prioritize incidents that require immediate action. Instead of relying on simple correlation rules, which often fail to capture the complexity of modern attacks, hypergraphs offer a dynamic way to map attacker behaviour across multiple security layers.

AI plays a crucial role in making this approach work at scale. By analyzing threat intelligence, security logs, and detection data, AI can match attack techniques to real-world detections, helping security teams identify gaps in their defences.

It also improves incident investigation by reconstructing attack timelines and filtering out noise, making it clear whether an event is part of a real attack or just background activity. Beyond detection, AI enhances automated response by triggering containment actions based on the progression of an attack, reducing the time it takes to react to threats.

This combination of AI, automation, and hypergraphs makes Zero Trust security more practical and effective. Instead of relying on rigid rules and static detection models, security teams can continuously adapt to new attack techniques. AI shifts detection from simple signature-based alerts to a behaviour-based approach, reducing false positives and improving accuracy. Automated workflows allow analysts to focus on high-priority threats rather than manually sorting through massive amounts of security data. Integrated threat intelligence ensures that defences stay ahead of emerging attack patterns.

By managing detection logic at scale, organisations can maintain consistent security coverage without overwhelming their teams.

Zero Trust is not just about restricting access, it’s about understanding threats in real time. AI and hypergraphs transform fragmented detections into actionable intelligence, allowing organisations to respond faster and more effectively. As attackers continue to evolve, security teams need tools that can keep up. AI and automation provide that capability, making Zero Trust a functional security model rather than just a theoretical framework.

Looking Ahead At Zero Trust

The adoption of Zero Trust to control access represents a fundamental shift in how organisations approach cybersecurity. By emphasising visibility, granular control, and continuous verification, ZTNA not only enhances security but also aligns with broader trends like remote work and cloud computing.

As organisations embrace Zero Trust, they must be prepared to navigate the complexities of increased telemetry and alert volumes. However, with the right combination of AI-driven tools, strategic planning, and ongoing training, the benefits far outweigh the challenges.

Zero Trust is not just a buzzword; it’s fast becoming a necessity. By addressing these challenges with a strategic and phased approach, organisations can unlock the full potential of Zero Trust, strengthening their cybersecurity posture and building resilience against modern attacks.

Christian Have is CTO at Logpoint

Image: Ideogram

You Might Also Read:

Can Shortening The Cyber Stack Increase Stability?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Shadow IT Problem No One Talks About
Cyber Attackers Strike X »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Digital Beachhead

Digital Beachhead

Digital Beachhead has the expertise to provide a range of Cyber Risk Management and other Professional Services with specifically tailored solutions at competitive prices.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

Triovega

Triovega

Triovega are a leading provider for production security and efficiency. Our solutions enhance OT security, and reduce production downtime.