Invention Title:

Zero Trust System Architecture

Publication number:

US20240129321

Publication date:
Section:

Electricity

Class:

H04L63/126

Inventors:

Applicant:

Drawings (4 of 52)

Smart overview of the Invention

The zero trust system architecture introduces a method for enhancing network security by initially blocking any entity attempting to connect to network resources. This approach ensures that no user or device is trusted by default, requiring verification before access is granted. The process involves detecting connection attempts, conducting identity and context verification, and implementing control measures for malicious content and sensitive data.

Verification and Control Procedures

Upon detecting an initial connection attempt, the system blocks the entity from accessing network resources. A verification procedure follows, assessing the identity of the entity and the context surrounding the connection attempt. Additionally, a control procedure is executed to manage potential threats such as malicious content and sensitive data exposure, ensuring a robust security posture.

Enforcement Mechanism

Results from the verification and control procedures inform an enforcement mechanism that determines how to proceed with the initial connection attempt. If the criteria for trust are met, access may be granted to the entity. This structured approach helps mitigate risks associated with unauthorized access and enhances overall network security.

Cloud-Based System Architecture

The architecture supports a cloud-based system that acts as a secure intermediary between users and online resources. It offers services like secure internet gateways, access control, threat prevention, and data protection. This multi-tenant model allows for real-time updates and threat remediation across all users, significantly enhancing security responsiveness.

Traffic Management Techniques

To facilitate secure connections, various traffic forwarding techniques are utilized, including tunneling protocols like GRE and IPsec. These methods ensure that user traffic is routed through the cloud-based system, providing comprehensive visibility for monitoring and security functions. By leveraging this architecture, organizations can maintain effective security without relying on traditional perimeter defenses.