Zero Trust Network Access (ZTNA) is an important part of the NIST cybersecurity framework, the NIST Zero Trust Architecture.
ZTNA provides powerful cybersecurity protection for many businesses with features that include multi-factor authentication, phishing detection and blocking, and intrusion alerting. Zero Trust appliances and software are available from several manufacturers.
Recently AI has been added to Zero Trust appliances using embedded AI (eAI) technology. The purpose of eAI is to initially learn the network access pattern of each device and user. After the learning period, eAI will monitor the network traffic of each device and user, seeking deviations from the expected access procedures. Some deviations must be flagged for the supervisor to investigate the cause of the deviations. There are deviations however that will require the eAI to block network access for a device. Examples of this type of deviation might be that a device begins accessing a server at night when the business is closed. This might indicate that the device is infected with a remote access Trojan (RAT) and that a hacker is attempting to remotely access a server. Another indication of a RAT infection is a workstation that begins accessing a server many more times than the expected rate of access.
The following points sum up the benefits of eAI:
- Proactively monitoring all network traffic 24x7x365.
- Isolating a device when a possible attack is detected, preventing damage to the business data and infrastructure.
- Alerting the infrastructure supervisor so that immediate remedial action can be initiated.
The widespread use of eAI in cybersecurity applications will significantly reduce the number of business attacks, which include data theft, blackmail and extortion through installing ransomware.