US20240129321
2024-04-18
Electricity
H04L63/126
The zero trust system architecture introduces a method for enhancing network security by initially blocking any entity attempting to connect to network resources. This approach ensures that no user or device is trusted by default, requiring verification before access is granted. The process involves detecting connection attempts, conducting identity and context verification, and implementing control measures for malicious content and sensitive data.
Upon detecting an initial connection attempt, the system blocks the entity from accessing network resources. A verification procedure follows, assessing the identity of the entity and the context surrounding the connection attempt. Additionally, a control procedure is executed to manage potential threats such as malicious content and sensitive data exposure, ensuring a robust security posture.
Results from the verification and control procedures inform an enforcement mechanism that determines how to proceed with the initial connection attempt. If the criteria for trust are met, access may be granted to the entity. This structured approach helps mitigate risks associated with unauthorized access and enhances overall network security.
The architecture supports a cloud-based system that acts as a secure intermediary between users and online resources. It offers services like secure internet gateways, access control, threat prevention, and data protection. This multi-tenant model allows for real-time updates and threat remediation across all users, significantly enhancing security responsiveness.
To facilitate secure connections, various traffic forwarding techniques are utilized, including tunneling protocols like GRE and IPsec. These methods ensure that user traffic is routed through the cloud-based system, providing comprehensive visibility for monitoring and security functions. By leveraging this architecture, organizations can maintain effective security without relying on traditional perimeter defenses.