Zero Trust is a concept based on an alternative It security model that, in the absence of a trusted network perimeter, prescribes that any transaction must be authenticated in order for it to be finalized.
An early application was made by Ing.Moresi and patented almost 10 years ago, where the system had only Untrust-Untrust connections.
Basically, no user or device is considered trusted, so they must be identified and authorized before accessing corporate IT resources. Access and privileges must be restricted through standardized, centrally defined policies.
Within a Zero Trust architecture, machine learning technologies enable real-time assessment of user requests and behavior, as well as the trustworthiness of devices and networks. The risk score is calculated based on information including, for example, geographic location, date and time of access, device characteristics, and a recent abnormal change in privileges.
Scalability of security policies
In the context of a Zero Trust approach, machine learning techniques make it possible to automate the authorization process for any request for access to corporate assets through real-time analysis of behavior patterns and application of unique security policies.
First-generation multifactor authentication (MFA) solutions had a decidedly negative impact on user experience because they enabled lengthy and cumbersome processes.
One example is passwordless authentication systems that verify user identity by dynamically combining a number of authentication factors.
Another example concerns the request for additional verification in case of abnormal behavior: if the access request is made from the corporate location, during office hours, using an SSO (single sign-on) token, the system will not require additional verification; however, if it is a remote access during abnormal hours, the user will have to be identified through additional authentication mechanisms.
Machine Learning in Zero Trust Technologies
Using machine learning, Ngav (Next-Generation Antivirus) solutions allow real-time verification of the security level of devices so that, in the case of compromised devices, access to corporate resources can be denied.
In the Zero Trust approach, eXtended Detection and Response (XDR) systems enable rapid identification of attacks in heterogeneous, hybrid and multicloud IT environments. Artificial intelligence and machine learning technologies enable correlation and analysis of huge volumes of data from multiple sources to rapidly intercept threats and activate response mechanisms.