ZTNA - Back To Basics

Uploaded on 2025-03-10 in TECHNOLOGY--Resilience, FREE TO VIEW

As digital threats are growing increasingly sophisticated, Zero Trust Network Architectures (ZTNA) are stepping into the spotlight as a game-changing cybersecurity model. 

Spearheaded by mandates like those from the former Biden administration in the U.S., Zero Trust is rapidly gaining adoption as organisations strive to protect their digital assets in an ever-evolving threat landscape.

Zero Trust: A Refreshing Return To Basics

The philosophy behind Zero Trust is strikingly simple yet extremely effective: "Never trust, always verify." By emphasising strict access controls and thorough verification processes for all network interactions, Zero Trust serves as a comprehensive framework for safeguarding sensitive data and minimising both attack vectors and the impact of the breaches.

At its core, ZTNA redefines cybersecurity by treating every user, device, and connection as inherently untrustworthy. Access is always on a need-to-know basis, effectively compartmentalising every asset, service and data object.

It builds on five key pillars, giving comprehensive control and protection across all facets of an organisation’s IT infrastructure: Identity, Device, Network, Application, and Data. Across the five pillars, Visibility and Analytics, Automation and Orchestration, and Governance play a vital role in cross-pillar coordination. This approach drastically reduces the risk of unauthorised access and lateral movement within a network.

A Double-Edged Sword: Enhanced Detection & Increased Alert Volumes

One of the consequences of implementing Zero Trust is its impact on detection rates and alert volumes. By its nature, ZTNA generates a massive amount of telemetry data as security systems meticulously log and analyse every interaction within the network. 

Organisations adopting Zero Trust are equipping their networks with more granular access controls.

Any activity both permitted and denied is captured and can serve as the basis for detection. In addition, activity that deviates from established norms, unexpected authentications or anomalous traffic flows, creates a clear signal for analysts. However, this increased visibility comes with a cost: a surge in alert volumes.

According to a recent study, false positives already account for 20% of all incidents in Security Operations Centres (SOCs), leading to alert fatigue among analysts. With Zero Trust's heightened focus on telemetry, SOC teams face even greater challenges in sorting through the noise to identify genuine threats.

Leveraging security analytics to detect behavioural anomalies and reduce false positives is possible using advanced tools capable of identifying unusual patterns in network activity. This can dramatically improve detection capabilities, providing early warnings of potential threats.

AI & Automation: Strengthening Zero Trust With Hypergraphs

Traditional security models struggle to keep up with modern threats. Attackers don’t rely on static malware anymore, they use built-in system tools, blend in with normal activity, and move laterally within networks. Zero Trust is the right approach to counter these threats, but access controls alone aren’t enough. To be effective, Zero Trust needs a deeper understanding of attack progression, better correlation between security signals, and automated response capabilities.

AI and hypergraphs (a mathematical model that shows how multiple objects are related) provide this missing layer, enabling security teams to move from isolated alerts to a complete picture of an attack.

Security teams today deal with fragmented data across SIEM, EDR, NDR, IAM, and other tools. Each system generates detections independently, making it difficult to see how different events relate to each other. Hypergraphs solve this by linking detections across tools, creating a structured representation of attack paths. This helps security teams understand how an attack is unfolding, rather than treating each detection as a separate event. With hypergraphs, it becomes easier to spot the progression of an attack, identify gaps in visibility, and prioritize incidents that require immediate action. Instead of relying on simple correlation rules, which often fail to capture the complexity of modern attacks, hypergraphs offer a dynamic way to map attacker behaviour across multiple security layers.

AI plays a crucial role in making this approach work at scale. By analyzing threat intelligence, security logs, and detection data, AI can match attack techniques to real-world detections, helping security teams identify gaps in their defences.

It also improves incident investigation by reconstructing attack timelines and filtering out noise, making it clear whether an event is part of a real attack or just background activity. Beyond detection, AI enhances automated response by triggering containment actions based on the progression of an attack, reducing the time it takes to react to threats.

This combination of AI, automation, and hypergraphs makes Zero Trust security more practical and effective. Instead of relying on rigid rules and static detection models, security teams can continuously adapt to new attack techniques. AI shifts detection from simple signature-based alerts to a behaviour-based approach, reducing false positives and improving accuracy. Automated workflows allow analysts to focus on high-priority threats rather than manually sorting through massive amounts of security data. Integrated threat intelligence ensures that defences stay ahead of emerging attack patterns.

By managing detection logic at scale, organisations can maintain consistent security coverage without overwhelming their teams.

Zero Trust is not just about restricting access, it’s about understanding threats in real time. AI and hypergraphs transform fragmented detections into actionable intelligence, allowing organisations to respond faster and more effectively. As attackers continue to evolve, security teams need tools that can keep up. AI and automation provide that capability, making Zero Trust a functional security model rather than just a theoretical framework.

Looking Ahead At Zero Trust

The adoption of Zero Trust to control access represents a fundamental shift in how organisations approach cybersecurity. By emphasising visibility, granular control, and continuous verification, ZTNA not only enhances security but also aligns with broader trends like remote work and cloud computing.

As organisations embrace Zero Trust, they must be prepared to navigate the complexities of increased telemetry and alert volumes. However, with the right combination of AI-driven tools, strategic planning, and ongoing training, the benefits far outweigh the challenges.

Zero Trust is not just a buzzword; it’s fast becoming a necessity. By addressing these challenges with a strategic and phased approach, organisations can unlock the full potential of Zero Trust, strengthening their cybersecurity posture and building resilience against modern attacks.

Christian Have is CTO at Logpoint

Image: Ideogram

You Might Also Read:

Can Shortening The Cyber Stack Increase Stability?:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Shadow IT Problem No One Talks About
Cyber Attackers Strike X »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DLA Piper

DLA Piper

DLA Piper is a global law firm with offices throughout the Americas, Asia Pacific, Europe and the Middle East. Practice areas include Cybersecurity.

ShmooCon

ShmooCon

ShmooCon is an annual east coast hacker convention offering three days of demonstrations and discussions of critical infosec issues.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Subex

Subex

Subex leverages its award-winning telecom analytics solutions in areas such as Revenue Assurance, Fraud Management, Asset Assurance and Partner Management, and IoT Security.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

NetSecurity

NetSecurity

NetSecurity is a Brazilian company specializing in Information Security. We provide Managed Security Services (MSS), network security solutions and other specialist services.

Next47

Next47

Next47 is a global venture firm, backed by Siemens, committed to turning today's impossible ideas into tomorrow's indispensable industries.

Cyturus Technologies

Cyturus Technologies

Cyturus Technologies delivers cybersecurity business risk quantification services using our proprietary Adaptive Risk Model (ARM).

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

Knownsec

Knownsec

Knownsec provides customers with cloud defense, cloud monitoring, and cloud mapping products and services with "AI + security big data" as the underlying capability.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.