The Zero Trust Model is based on the following principles:
1. Re-examine all default access controls:- The model assumes would-be attackers are present both inside and outside the network. As a result, any request for system access must be verified, approved, and encrypted.
2. Make use of a variety of preventative techniques:- To avoid breaches and minimize their effect, a Zero Trust model employs a variety of preventative techniques like Identity Protection and Device discovery & Multi-factor authentication (MFA).
3. Detect and stop malicious activity by allowing real-time monitoring and controls:- Organizations should also incorporate real-time monitoring capabilities by handling Identity challenges in real-time at the domain controller rather than being logged and sent to a SIEM.
