TRƯỜNG ĐẠI HỌC CÔNG NGHỆ

ĐẠI HỌC QUỐC GIA HÀ NỘI

------

FINAL PROJECT REPORT

COURSE: Special Problems in Computer Science
SUBJECT:
Zero Trust Network

CLASS : INT3121 21
GROUP : Trần Văn Sơn (22028245)
Bùi Hồng Quân (22028016)
Nguyễn Đình Tuấn Anh (22028136)

HANOI, 2024
Abstract

This survey provides a comprehensive examination of the zero trust (ZT) security
paradigm, which is gaining increasing adoption in critical infrastructure risk
management. It outlines the fundamental principles of ZT and reviews the various
options available for successfully implementing zero trust architectures (ZTA).
The role of authentication and access control in ZTAs is described in depth, along
with an analysis of state-of-the-art techniques for authentication and access control
across different scenarios. The survey also discusses conventional approaches to
encryption, micro-segmentation, and security automation that can enable
instantiation of ZTAs. Additionally, it highlights the challenges associated with
contemporary authentication mechanisms, access control schemes, trust and risk
computation techniques, micro-segmentation approaches, and software-defined
perimeters, which can impact the full realization of ZT. Based on this
comprehensive analysis, the survey identifies potential future research directions to
facilitate the successful implementation of zero trust security in critical
infrastructure environments.
Keywords: Zero trust (ZT), Security paradigm, Zero trust architectures (ZTA),
Risk management , Encryption, Access control schemes
1 TABLE OF CONTENTS
2 Introduction.........................................................................................................1
2.1 Problem Statement........................................................................................1
2.2 Difficulties And Challenges..........................................................................1
2.3 Contributions Of Our Methods.....................................................................3
2.4 Structure Of The Report................................................................................4
3 Basic Concept of Zero Trust...............................................................................5
3.1 Zero Trust/Application Segmentation...........................................................5
3.1.1 The Evolution of Network Security: From Perimeter Defense to Zero
Trust 5
3.1.2 Zero trust dimension...............................................................................6
3.2 Dark Services................................................................................................7
3.2.1 Routers....................................................................................................7
3.2.2 Network Tunneling.................................................................................8
3.3 End-to-End Encryption.................................................................................9
4 Zero Trust Architecture...................................................................................11
4.1 Principle......................................................................................................11
4.2 Philosophy...................................................................................................12
4.2.1 Identities dimension..............................................................................13
4.2.2 Endpoints / devices dimension.............................................................15
4.2.3 Applications & workload dimension....................................................15
4.2.4 Infrastructure dimension.......................................................................16
4.2.5 Data dimension.....................................................................................17
4.2.6 Networks dimension.............................................................................17
4.2.7 Visibility & analytics dimension..........................................................18
4.2.8 Automation & orchestration dimension...............................................19
4.3 Technology.................................................................................................20
4.3.1 Previous Technology ??? ( Điền tên lại giúp t – bí :v).........................20
 4.3.2 Zero trust network access.....................................................................21
5 Comparison & Ensemble.................................................................................23
5.1 Access Control............................................................................................23
5.2 Thiếu chủ đề................................................................................................24
6 Experiments and Results.................................................................................25
6.1 Features.......................................................................................................25
6.1.1 Security.................................................................................................25
6.1.2 Performance and Reliability.................................................................26
6.1.3 Easy Management.................................................................................27
6.2 Implementation and Configurations...........................................................28
6.3 Result and Discussion.................................................................................29
7 Conclusions.....................................................................................................31
8 References.......................................................................................................32
Acronym
ZTA Zero Trust Architecture

ZTNA Zero Trust Network Access

CSF Critical Success Factor

CSPs Cloud Service Provider

APTs Advance persistent threats

US United States

IDS Intrusion Detection Systems

VPN Virtual Private Network

E2EE End-to-end encryption

MFA Multi-factor authentication

SSO Single sign-on

2 INTRODUCTION

2.1 PROBLEM STATEMENT

The rapid growth of cloud computing and the increasing adoption of distributed systems have
necessitated a paradigm shift in cybersecurity approaches. Traditional perimeter-based security
models, which relied on the concept of a trusted internal network and an untrusted external
network, have become inadequate in the face of modern threats and the blurring of network
boundaries.
The global cloud services industry has witnessed remarkable growth, reaching a valuation of
USD 370 billion in 2020, a staggering 380 percent increase from 2010. Consequently, by 2022,
over 60 percent of corporate data was stored in the cloud, a figure that had increased by almost
30 percent since 2015 [1,2]. As organizations rapidly migrate their resources and business
applications to cloud environments, they seek to improve security, reliability, and operational
efficiency. However, this digital transformation has also brought about new challenges and risks.
The expansion of networks and the frequent transmission of data have increased the potential for
internal threats. According to a report by FireEye [3], the proportion of internal threats rose from
6% in 2011 to 53% in 2021, while external threats decreased from 94% to 47% during the same
period. This shift highlights the growing risks posed by insider threats and the need for more
robust network security measures.
Zero Trust Security has emerged as a cybersecurity strategy to address these challenges. It is a
data-centric approach that abandons the traditional notion of trusted and untrusted networks.
Instead, it operates under the principle of "never trust, always verify," treating all users, devices,
and applications as potential threats, regardless of their location or network connection.

2.2 DIFFICULTIES AND CHALLENGES

The dramatic expansion of cloud computing and internet-connected devices has introduced
significant security challenges for corporate and government networks hosted on cloud
platforms. These networks often employ a diverse array of proprietary security mechanisms,
such as service-level agreements (SLAs), identity management, access controls, intrusion
detection systems (IDS), and application service management. However, this complex security
landscape has not prevented cloud platforms and networks from being exploited by threats like
ransomware, botnets, and advanced persistent threats (APTs), primarily due to poor security
practices, misconfiguration, and internal vulnerabilities. [4]
Compounding the issue, third-party applications introduced into cloud networks can
inadvertently introduce unforeseen bugs and even zero-day vulnerabilities, potentially exposing

1
sensitive customer data to attackers. Furthermore, unless organizations rigorously verify sources,
these third-party applications could originate from anyone within the network, including APTs.
Alarmingly, a study by Palo Alto Network's Unit 42 revealed that approximately 96% of
application containers in cloud infrastructure have known exploits and vulnerabilities. [5].

Fig. 1: Cost of data breach by country or region

The graph vividly illustrates the substantial financial consequences of data breaches across
various countries and regions. Measured in US millions, the average cost of a data breach reveals
a stark reality: no region is immune to the economic repercussions of compromised data. The
United States leads with the highest average cost, reaching a staggering $8.9 million per breach.
This highlights the vulnerability of organizations in the US and the potential for devastating
financial losses in the event of a security incident. The Middle East follows closely behind, with
an average cost of $5.97 million. This emphasizes the growing concern for data security in the
region, as businesses and governments increasingly rely on digital infrastructure. Other
developed countries, such as Germany, Canada, France, and the United Kingdom, also face
substantial costs, ranging from $4.78 million to $3.88 million. This underscores the global nature
of the data security challenge and the need for robust cybersecurity measures across all industries
and regions.
This current threat landscape underscores the need for a trust-based authorization mechanism
within cloud network environments that can monitor and assist different nodes while also

2
granting users access to services and distributing responsibilities based on the authenticity of
their identities. This is the core principle behind the zero-trust network model, where no entity
inside the network is implicitly trusted. Instead, for each action involving mission-critical data or
services, the network management authority must first grant clearance, leveraging existing
technologies like IDS, real-time resource management, resource segmentation, and behavior
tracking to provide visibility, granular control, and access management for endpoint devices.
Unfortunately, organizations face numerous challenges in implementing a fully functional zero-
trust environment, such as issues with legacy hardware, lack of applications to manage endpoint
devices, and the need to train employees on complex virtualization software. Moreover, the
widespread use of hybrid cloud platforms, where business-critical data is stored both on-site and
on the cloud, increases the overall threat surface area.
In response, government institutions, private companies, and cloud service providers (CSPs)
have made continuous efforts to streamline various rules and guidelines into adaptable
frameworks and models for zero-trust adoption. For instance, the National Institute of Standards
and Technology (NIST) released a special publication on Zero-Trust Architecture in 2020 [6] ,
and the Office of Management and Budget (OMB) released a federal strategy in 2022 to move
the U.S [7]. Government toward a zero-trust approach to cybersecurity, aligning with Executive
Order 14028 on improving the nation's cybersecurity. Private firms have also developed and
offered state-of-the-art zero-trust network security solutions.
However, the adoption of such frameworks and technologies has been overlooked by smaller and
medium-sized firms and institutions that lack sufficient resources, time, or inclination to
implement a zero-trust framework within their cloud ecosystems. Therefore, it is crucial to
survey and compare the current implementations of zero-trust-based cloud network models,
focusing on the different methods and approaches used to validate identities and authorize the
use of critical services in trust-based cloud networks. This will help firms, institutions, and
governments achieve Zero-Trust Maturity for their cloud networks and improve their overall
cybersecurity posture.

2.3 CONTRIBUTIONS OF OUR METHODS

Stunet, a project built upon the OpenZiti framework, emerges as a powerful solution for
organizations seeking to establish secure remote access to critical server resources. By
harnessing the core principles of Zero Trust Network Access (ZTNA), Stunet elevates security
measures and provides granular control, catering specifically to the needs of modern businesses
with distributed workforces.
At its core, Stunet leverages OpenZiti's unique overlay network, creating a secure pathway that
exists independently of the public internet. This effectively shields servers from the prying eyes
of potential attackers, rendering them invisible and significantly reducing the attack surface. By
operating on this overlay network, Stunet ensures that access to server resources remains
restricted and protected, mitigating the risks associated with unauthorized access attempts.

3
Furthermore, Stunet embraces the principle of "never trust, always verify" inherent to ZTNA.
Every access request, regardless of origin, undergoes rigorous authentication and authorization
processes. This eliminates the inherent trust associated with traditional perimeter-based security
models and ensures that only verified users with the appropriate permissions can access specific
server resources. This granular control minimizes the risk of lateral movement within the
network and effectively contains potential breaches.
Beyond its robust security features, Stunet offers a seamless user experience. Remote workers
can access necessary resources without the less-security of traditional VPN configurations.
Additionally, Stunet's flexible architecture allows for seamless integration with existing IT
infrastructure, minimizing disruption and facilitating a smooth transition to a more secure remote
access environment.

2.4 STRUCTURE OF THE REPORT

The remaining of this report is organized as follows:
Chapter 2 Basic Concept of Zero Trust introduces the fundamental concepts of Zero Trust and
related terms
Chapter 3 Zero Trust Architecture explores the principles and core components of Zero Trust
Architecture, emphasizing the shift from traditional perimeter-based security to a model built on
continuous verification and least privilege access.
Chapter 4 Comparison & Ensemble describes the differences between traditional VPN and
ZTNA and the technologies related to ZTNA.
Chapter 5: Experiments and Results focuses on illustrating a completed project and the results
achieved from that project in relation to current security issues.
Conclusions. This Chapter concludes the report by summarizing the important contributions and
highlights benefits of our project, while also point out further potential extensions in future work.

4
3 BASIC CONCEPT OF ZERO TRUST

3.1 ZERO TRUST/APPLICATION SEGMENTATION

3.1.1 The Evolution of Network Security: From Perimeter Defense to Zero Trust

The traditional approach to network security relied heavily on the concept of a secure perimeter,
utilizing tools like firewalls to protect the internal network, often referred to as the intranet. This
approach assumed that anything within the perimeter was safe and anything outside was a threat.
However, with the increasing adoption of mobile devices, cloud services, and the evolving
landscape of cyber threats, maintaining a secure perimeter has become increasingly challenging.
The boundaries of the organization's network have blurred, and the intranet is no longer
inherently secure. Attackers who breach the perimeter can easily gain access to sensitive
resources, highlighting the limitations of this traditional model.
Zero Trust: A Paradigm Shift in Security
In response to the shortcomings of perimeter-based security, the concept of “Zero Trust”
emerged. Popularized by John Kindervag in 2010, Zero Trust operates on the principle of "never
trust, always verify." This means that no user or device, regardless of location or network, is
automatically trusted. Instead, access to resources is granted on a need-to-know basis, with
continuous verification and authentication.
Zero Trust offers several advantages over traditional cybersecurity strategies. By focusing on
protecting resources rather than the network perimeter, it provides more granular control and
reduces the attack surface. Additionally, it promotes a more dynamic and adaptable security
posture, capable of responding to the evolving threat landscape.
The Roots of Zero Trust and its Implementations
The idea of continuous trust evaluation in network security has been around for some time, with
early concepts like the Black Core network architecture developed by the U.S. Department of
Defense. However, it was Kindervag who formally coined the term "Zero Trust" and emphasized
its data-centric approach to network design. Since then, the concept has gained traction, with
various implementations emerging across the cloud industry and academia.
These implementations can be categorized into three main types: frameworks for building Zero
Trust models, practical models deployed in real-world scenarios, and theoretical proof-of-
concepts demonstrating specific technologies within the Zero Trust framework. This diversity
reflects the adaptability of the Zero Trust approach, allowing organizations to tailor their security
strategies to their specific needs and risk profiles.

5
 Fig.2: Fundamental Requirements for Achieving a Zero Trust Environment
The diagram you provided accurately depicts the core principles necessary for establishing a
robust Zero Trust environment. Let's delve into each of these fundamental requirements:
Achieving a Zero Trust environment necessitates a multifaceted approach that centers around
robust authentication and access control mechanisms, ensuring only authorized users and devices
gain entry. Network segmentation and software-defined networking (SDN) further fortify the
environment by limiting lateral movement and enabling granular control over traffic flow.
Encryption plays a pivotal role in safeguarding data both in transit and at rest, preventing
unauthorized access to sensitive information. Additionally, automating security processes and
orchestrating responses through integrated tools streamlines threat detection and mitigation.
Finally, comprehensive visibility and analytics empower organizations to proactively identify
and address potential threats, ensuring continuous monitoring and improvement of the security
posture.

3.1.2 Zero trust dimension

As summarized in Table 1, several industry players, i.e., Forrester, Netskope, Microsoft,

Cybersecurity and Infrastructure Security Agency (CISA) and American Council for
Technology-Industry Advisory Council (ACT-IAC) put forward their respective zero trust
models and corresponding dimensions. However, their models are not based on rigorous and
systematic research, nor there is data or evidence to support the models. Nonetheless, these
works serve as a foundation for further study into the CSFs for implementing zero trust.

6
Dimension Identity/ Data Network Endpoint Applic Workload Infrastr Visibility Automation
Organization People / Device ation ucture & &
Analytics Orchestration

Forrester X X X X X X X
Netskope X X X X X X X
Microsoft X X X X X X
CISA X X X X X X X X
ACT-IAC X X X X X X
This paper X X X X X X X X X
Table 1. Matrix Table of Zero Trust Dimensions

3.2 DARK SERVICES

3.2.1 Routers

A virtual router is essentially a software-based routing framework that replicates the

functionalities of a hardware device. It performs the core routing services of an Internet Protocol
(IP) router within a virtual environment. By doing so, it enhances flexibility, scalability and
reduces infrastructure costs.
Virtual routers can be deployed on VM instances of x86 hardware servers to provide routing,
switching, security, VPN, and other functions through a virtualization platform and offer
network communication services for users. They can turn your desktop or laptop PC into a router
itself. By doing this, other devices can connect to your PC, much like a mobile hotspot on your
smartphone.

7
 Fig.3: System architecture of the AR1000V
A virtual router works similarly to a traditional router. It runs routing protocol instances, has its
own dedicated I/O ports, buffer, address space, routing table, and network management software,
and connects to devices to forward data packets between networks. With the development of
networks, the basic architecture of virtual routers is evolving. [8]

3.2.2 Network Tunneling

Network tunneling is a method of transmitting data from one network to another. It’s often used
in situations where certain network protocols are not supported by the network, or when data
needs to be sent securely over a public network.
Tunneling works by encapsulating packets, which means wrapping a packet inside another
packet. A typical packet has two parts: the header, which indicates the packet’s destination and
which protocol it uses, and the payload, which is the packet’s actual contents. In an encapsulated
packet, the header and payload of the first packet go inside the payload section of the
surrounding packet. The original packet itself becomes the payload.
Tunneling is used in Virtual Private Networks (VPNs). A VPN is a secure, encrypted connection
over a publicly shared network. Tunneling is the process by which VPN packets reach their
intended destination, which is typically a private network.

8
 Fig. 4: The tunneling process
A tunneler intercepts traffic destined for Ziti services and forwards that traffic over the Ziti
overlay instead of the underlay network. This is an example of network tunneling, where the
tunneler encapsulates the original data packets within new packets to be sent over the Ziti
network. The tunneler also configures a Ziti nameserver for resolving Ziti service addresses and
associated Ziti IP routes in a device’s OS, which is a part of the tunneling process.

3.3 END-TO-END ENCRYPTION

End-to-End Encryption (E2EE) is a method of secure communication that prevents third-parties
from accessing data while it’s transferred from one end system to another. In E2EE, the data is
encrypted on the sender’s system or device and only the recipient is able to decrypt it. No one
else, including cybercriminals, internet service providers, and even the service providers that
facilitate the communication, can decrypt and read the information.
Here’s how it works:
 The originating party encrypts data so only the intended recipient can decrypt it.

9
  The encrypted data is sent over the internet.
 The intended recipient receives the encrypted data and decrypts it.
This method is widely used in many applications, including messaging apps, email services, and
file storage services. It’s considered one of the most secure encryption methods because it
prevents any eavesdropping on the communication channel.
In the context of Ziti, it ensures that when you connect to a service using a Ziti network, your
connection is encrypted from start to finish. Each connection is secured through public-private-
key cryptography provided by libsodium. This means that even if your service data is not
encrypted on its own, the connection between the SDKs will be encrypted and only readable by
the intended parties. This feature is available in all applications that use Ziti’s SDKs, including
Ziti’s tunneler, desktop, and mobile applications.
It’s important to note that while E2EE can provide a high level of security, it’s not a silver bullet.
For example, if a device is compromised, then the encryption keys can be stolen and used to
decrypt the communication. Therefore, it’s crucial to keep your devices secure and regularly
update your software to protect against the latest threats.

10
4 ZERO TRUST ARCHITECTURE
The provided diagram effectively depicts a layered approach to Zero Trust security. It highlights
"Least Privilege" as the fundamental principle, followed by the core philosophy of the "Zero
Trust Security Model." The red arrow labeled "Methodology" signifies the implementation
process, leading to the "Technology" layer where Zero Trust Network Access (ZTNA) is
presented as a solution. This visual representation underscores the hierarchical nature of Zero
Trust, emphasizing the need for both guiding principles and practical implementation strategies
to achieve a robust security posture.

Fig. 5: Zero Trust Architecture

4.1 PRINCIPLE
The "Principles" layer, with "Least Privilege" at its core, serves as the bedrock of the entire Zero
Trust security model. It signifies a shift from traditional perimeter-based security, where trust
was often implicitly granted within the network. Instead, Least Privilege enforces the concept of
granting minimal access rights to users and systems. This means individuals and entities only
have access to the specific data and resources required to perform their tasks, effectively
minimizing the attack surface and potential damage in case of a security breach.

11
Implementing Least Privilege involves a granular approach to access control. It requires
organizations to meticulously evaluate and assign permissions based on individual roles and
responsibilities. This may entail utilizing tools like role-based access control (RBAC) or
attribute-based access control (ABAC) to enforce strict access policies. Additionally, continuous
monitoring and regular reviews of access rights are crucial to ensure that privileges remain
aligned with current needs and potential risks are mitigated.
By adhering to the principle of Least Privilege, organizations can significantly reduce the risk of
unauthorized access, lateral movement, and data exfiltration. It fosters a more secure and
controlled environment, where the impact of security incidents is minimized, and sensitive
information remains protected.

4.2 PHILOSOPHY
The "Philosophy" layer, embodied by the "Zero Trust Security Model," forms the core ideology
driving the entire security framework. It challenges the traditional notion of implicit trust within
a network perimeter, advocating for a "never trust, always verify" approach. This means that no
user or device, regardless of location or past behavior, is automatically granted access to
resources. Instead, every access request undergoes rigorous verification and authorization
processes.
This philosophy stems from the understanding that modern networks are inherently insecure,
with threats potentially originating from both internal and external sources. The erosion of the
traditional network perimeter, fueled by trends like cloud computing and remote work, further
necessitates a paradigm shift in security thinking. Zero Trust addresses these challenges by
focusing on protecting resources, rather than network segments, and by continuously assessing
trust based on dynamic factors like user identity, device posture, and contextual information.
The Zero Trust philosophy fosters a proactive and adaptive security posture. It enables
organizations to better defend against modern threats, such as sophisticated malware, insider
threats, and compromised credentials, by ensuring that access is granted only to authorized and
verified entities. This ultimately leads to a more resilient and secure environment. [9]

12
 Fig. 6: High-Level CSF Framework Across 8 Dimensions
In view of the large set of CSFs, this section presents the key findings regarding CSFs for
implementing zero trust in organizations. Appendix A presents the list of 43 CSFs within their
respective dimensions. The 8 critical dimensions are identity, endpoint, application and
workload, data, network, infrastructure, visibility and analytics, and automation and
orchestration. The discussion of the key findings is presented by dimension as follows.

4.2.1 Identities dimension

Identities are defined as the common dominator across networks, endpoints, and applications,
such as people, services, or IoT devices. When an identity attempts to access a resource, the
organization needs to verify that the identity's access is compatible, following the principles of
least privilege access (Microsoft, 2021b). Each identity needs to be assured that it has access to
the resources within its privileges at the time it is allowed. The policy engine ultimately decides
whether an identity is granted access, which is a core element of zero trust.

Perform multifactor authentication. All experts agreed that to authenticate a user's identity,
multifactor authentication (MFA) should be used. Multifactor authentication protects the
applications by asking users to verify their identity with a second source of validation before
access is permitted, such as a phone or a token. One interviewee stated, “This meant that we need
to do a lot more when it comes to identity, things like multifactor authentication, things like

13
contextual authorization, where we consider the time of the day and the geolocation of where
authentication is coming from.”
This view was supported by another expert, “I think from an identity perspective in terms of the
controls that you implement around securing the identity, for me, without a doubt, multifactor
authentication is probably number one.”
Implement single sign-on (Ferretti et al., 2021). To better facilitate MFA (Sciarretta et al., 2020),
the expert panel advocated to implement single sign-on (SSO). SSO not only improves security
by eliminating the need to maintain numerous credentials for the same person, but it also
improves the user experience by reducing the number of sign-in prompts. One expert summed up
that the importance of bundling SSO and MFA: “This is one of the ways actually having a single
sign-on in place allowed us to roll out multifactor authentication quickly. If we don't have a
single sign-on, this means that we need to fit the multifactor authentication technology into every
single application [10]. While having a single sign-on that sits in front of all the applications that
we are using means that we only need to fit multifactor authentication to the single sign-on
option. And then basically this opens the gate to more granular control about safety specific
applications. But it makes the implementation of multifactor authentication, which is a very
important control in establishing a better identity protection capability.” Thus, SSO and MFA
should be prioritised and implemented at the same time to achieve zero trust.

Fig. 7: Visualisation of the Self-Assessment Result for “Identity” Dimension.

14
4.2.2 Endpoints / devices dimension

Devices refer to various hardware assets that access data on the Internet, such as smartphones,
IoT devices, laptops, bring your own device (BYOD), partner-managed devices, and cloud-
hosted servers. Their diversity provides a huge surface area for illicit cyber actors to attack.
Organisations should inventory devices (Adahman et al., 2022) and ensure a baseline of device
security protection and visibility of the devices themselves (CISA, 2021).
Register devices with identity providers. To monitor security and risk across multiple endpoints
used by anyone, the experts believed that visibility in all devices and access points that may be
accessing your resources is critical. One interviewee elaborated, “It's critical because ultimately
with zero trust, when you actually have that sort of access, the perfect world would be that your
devices are trusted, you can access from anywhere, you trust your users that are also connecting
as well.”
Establish endpoint detection and response (EDR) mechanisms. Experts asserted that
organizations should enforce proactive threat detection for endpoints and promptly activate
device response mechanisms to block cyber threats and generate alerts. [11] As explained by one
interviewee, “You want to have the right level of detection and response for your endpoints, and
you want to be able to protect those endpoints and those devices, regardless of where they're
connecting from.”

Another interviewee also consented to this by saying, “You should be doing that for your
corporate assets. You should be doing it for BYOD. And if you're doing it for both of them to a
level that says, hang on a sec, if I need more assurance that he is allowed access to this
information, you should be raising your levels of assurance regardless of the endpoint.”

4.2.3 Applications & workload dimension

Applications and workloads in this context consist of computer programs, systems, and services
(whether executed on-premises or in the cloud). Organizations have appropriate policies in place
to ensure the protection and management of applications and workloads, and to enable a secure
application delivery (CISA, 2021).
Enforce adaptive and policy-based access control for applications. As remote work becomes
more accepted for most, adaptive access policies should be applied to the application as well.
Enterprises are supposed to make access control decisions based on risk appetite through policy
engines, such as allowing access and limiting access. One expert remarked, “It kind of all comes
back to access as well, right, because you need your applications to be secure and have the right
level of access and people have the right. So, verifying the people that are accessing those
applications have the rights to access it. And I have the right level of privilege as well. So it's all
sort of in and part of that whole strategy. And obviously from an application development
perspective, you want to be securely developing your apps in the perfect world. As part of your

15
software development lifecycle, you're securely embedding security as you develop it so your
developers know what they need to adhere to make secure applications.”
Another interviewee from the higher education industry provided an example of this, “If a
student is on the network, they will not be able to actually see all the applications that are on the
network. They won't see them or even try to access them. So that's an element of at least need to
know, sort of access control or at least privileged access. ”
Monitor and block unauthorized access to applications. One expert pointed out, “There is access
control within the application as well. And the final bit of the access control when it comes to
applications is the monitoring of user transactions. So, there's an element of zero trust that comes
after the fact in my view. Where can you report and monitor what someone has done on the
system? In my view, this fits under the zero trust model and without monitoring, you can't
provide an assurance that your zero trust model is working.”

4.2.4 Infrastructure dimension

Infrastructure can be described as the hardware, software (open source, first-and third-party),
microservices (functions, APIs), networking infrastructure, facilities and so forth necessary to
develop, test, deliver, monitor, or support IT services, whether local or multi-cloud (Microsoft,
2021a). As infrastructure becomes a critical threat vector, enterprises need to develop
comprehensive capabilities to secure it (Microsoft, 2021b).
Manage privileged access. The expert panel stated firmly that managing privileged access is a
key step to protect the organizations’ critical infrastructure in the zero trust journey. Speaking to
this point, an interviewee emphasized that, “You're essentially ensuring that you're providing the
level of trust and security needed to access your infrastructure, whether that's on prem or whether
that's in the cloud. So, once you've implemented, in a perfect world, your zero trust strategy and
capability to support that. Actually, the infrastructure, the access, the control and the security and
the verification are done on the sort of the device and the user. So that in itself means that access
in the infrastructure is secure because you've already got that authentication.”
Another expert commented on this view by comparing infrastructure with applications, “So it's
similar to what we do with the applications which is granular access control and also some
defence.”
Develop a cloud infrastructure protection plan. Having a comprehensive view across all cloud
workloads is critical to keeping organizational resources safe in a highly distributed
environment. One interviewee argued that “You've now got the concept of cloud, you got the
concept of PaaS, SaaS, Blob storage. There's a whole load of stuff that comes into play and
making sure all that is still taken into account when you build infrastructure and focus on zero
trust. It becomes more important as well.”

16
4.2.5 Data dimension

In a zero trust environment, data security is primarily concerned with managing data, classifying
data, designing data classification schemas, and encrypting data both in transit and at rest
(Cunningham, 2018). Data is often the ultimate target for attackers, so the zero trust framework
is centred on protecting data. Organizations must understand where data is stored, how it is
classified, who has access to it, and monitor and control data access by using policy engines.
Implement data loss prevention (DLP). The expert panel stressed that organizations must take
measures to protect user information from malicious or inadvertent disclosure, such as
establishing data loss prevention mechanisms. This is corroborated by one participant, “When it
comes to zero trust, you want to make sure that there's no risk of data leakage and that you're
sufficiently handling that data as well. So, if people are connecting to cloud applications, you
want to make sure that you've got the right level of security. Essentially, you need to ensure that
you've got some controls in place, like DLP. So again, data is a fundamental element of the zero
trust strategy.”
Govern access decisions based on sensitivity. According to interviewees, the level of protective
controls and enforcement is directly proportional to the sensitivity of the data. For example,
personal data can be protected by ensuring that only authorized users can access the data through
encryption policies. One interviewee shared his views on sensitive data, “We actually merged
our entire strategy to be a data-centric security strategy. And that did a number of really, really
beneficial things. It sets the importance of where the value is and indeed the inherent risk is for
the organization. In our world, we deal with people's most sensitive of sensitive information.”
This view was echoed by another participant, who suggested that “There are controls to protect
the network. But putting controls on the network and the infrastructure to protect the data can be
ineffective in some cases. So, the controls should be closer to the data as much as possible.”

4.2.6 Networks dimension

The network dimension of a zero trust implementation involves essentially segmentation,

isolation, and control of the network. It is considered a crucial point of zero trust strategies
because once an attacker has access to the network, they have access to the whole network.
Likewise, network segmentation limits the “blast radius” of a potential ransomware attack.
Enterprises need to use advanced technology to segment, isolate and control networks to make
cyber attacks as difficult as possible (ACT-IAC, 2019). The network perimeter should be as
close as possible to the data itself, which drives down to deeper micro-segmentation.
Segment networks. Applying software-defined perimeters with granular controls facilitates
limiting the attacker's ability to propagate and spread through the network, thereby greatly
reducing the lateral movement of threats and devastating assets after the initial intrusion
(Microsoft, 2021a). One interviewee shared a practical example of what his organization has

17
implemented, “We have technologies in place that enable and allow isolation and segmentation
of critical network areas. We can enforce network segmentation with strong security controls
such as a next-generation firewall, virtual network infrastructure, or other software-based
approaches that strictly enforce access control.”
Encrypt all network traffic. Encrypting network traffic safeguards confidential data in transit
from attacks such as man-in-the-middle attacks, eavesdropping, and session hijacking.
As supported by one of the interviewees, “When it comes to zero trust, because especially with
us all working in a distributed fashion now and working from home, obviously there's the sort of
overhead that puts on the VPN. And so, when you move into a zero trust architecture, you've got
an opportunity to essentially encrypt all network traffic.”
Likewise, one interview highlighted that “Basically this is based on the fact that, how
communication is encrypted from one point to it to the other, right? So, intercepting the
communication in transit is not going to provide anyone who intercepts communication with any
value because the communication is encrypted, that it's too hard to decrypt that traffic in line.”

4.2.7 Visibility & analytics dimension

Visibility and analytics refer to making all security-relevant activities occurring in the network
visible and understanding them through analytics. Enterprises leverage analytics tools (such as
platforms to perform advanced security analysis, security user behaviour analysis) to understand
the situation in the network in real time to intelligently defend against and locate attackers. Data
analysis of network events can help proactively develop security measures before an actual event
occurs (ACT-IAC, 2019).

Ensure visibility and improve situational awareness [ 12]. It was proposed by the expert panel
that visibility should be achieved by establishing a centralized platform dedicated to
investigation, monitoring, and response. An interviewee commented, “It's crucial. It's absolutely
vital. What I normally say to people is you can't manage what you can't see. You need visibility
of everything. But the caveat is, once you have that visibility, what you're really talking about is
drawing knowledge and insight from that information. So simply having the information is not
good enough.”

Another expert added up, “From the monitoring point of view as well, one is from the usage
point of view, so you should have the full landscape view of what's going around in my
environment so that I can make better decisions for trend signals, for usage, for monitoring, for
any kind of abnormalities.”

18
Collect threat data and analyse them across other dimensions. Visibility and analysis are based
on the other dimensions above (such as identities, endpoints, network, and infrastructure) and it
is a by-product of them. The expert panel agreed that visibility and analysis of data help to make
effective risk-based decisions. As explained by this interviewee, “So I would say that visibility
and analytics come from all those data points we've just spoken about. It doesn't exist without
those other dimensions. I actually don't think it's necessarily a specific dimension. I think it's a
by-product of those other data points that we're looking at. We need to be able to see those data
points, bring that in, aggregate that information, make decisions or inferences and carry out
activities based on that. And of course, if you don't have the visibility where you need, if you
have blind spots, we're going to be making risk-based decisions on incomplete data. So, you
might not have all the data you need to make the effective decision.”

4.2.8 Automation & orchestration dimension

Automation and Orchestration comprise the utilization of tools and technologies to automate and
orchestrate processes across organizations. Automation and orchestration provide unrivalled
capabilities for delivering more efficient and productive security operations, for example, the use
of STIX/TAXII systems to automate the transfer and ingestion of Indicators of Compromise
(IOC) into intrusion prevention systems. Through automation, organizations can identify and
resolve specific threats at an accelerated rate with an accuracy that is unachievable by humans
(Netskope, 2020).
Enable automated investigation and response. Automation and scheduling enable machines to
perform defined tasks according to defined procedures, thereby increasing efficiency and saving
labour. The interviewees believed automated investigation and response mechanisms should be
included in zero trust implementation, which will enhance the efficiency of the entire zero trust
architecture in terms of execution. One participant highlighted, “I think automation is essential
because with zero trust, you want to make decisions automatically rather than manually.”
Meanwhile, another expert gave an example about this, “We have around 100,000 devices
connecting on the network on any day, sometimes more. Actually, we were averaging 150,000
devices connected on the network last month on a daily basis. So, imagine if this is not
automated decision making, it would be impossible to assess each authentication attempt and
determine if this is allowed or not. And the same applies to automating the technology
deployment, because this ensures consistency. So, automation also, apart from improving
operational effectiveness, it also ensures consistency of how we do certain things and the fact
that the policy is always applied.”

19
4.3 TECHNOLOGY

4.3.1 Previous Technology ??? ( Điền tên lại giúp t – bí :v)

Technology Description Purpose Strengths Weaknesses

Requires
multiple
Adds an Significantly improves Vulnerable to
verification
extra layer login security, easy to phishing if users
factors to
MFA of security implement, can be aren't cautious, may n
authenticate
to user combined with other ot protect against
users (e.g.,
accounts. methods. other attack vectors.
password +
security token).

Manages
digital identities Ensures the Centralizes access contr
Requires careful
and controls right people ol, improves compliance,
planning, can be
access to have the reduces risk of
IAM complex to manage,
resources right access unauthorized access,
needs regular
based on roles to the right r streamlines user
updates.
and esources. management.
permissions.

Provides
Aggregates real-time Offers comprehensive
and analyzes threat visibility, identifies Expensive, requires s
security event d detection, patterns and anomalies, killed personnel,
SIEM
ata from incident aids in investigations, may generate false
various analysis, can automate responses positives.
sources. and .
reporting.

Grants access Reduces Improves security Requires significant

Zero Trust
based on user the attack posture, enhances changes to
Network
identity and surface by flexibility for remote infrastructure,
Access
context, eliminating work, reduces reliance complex to
regardless of implicit trust. on VPNs, minimizes implement, may

20
 location or lateral movement within t impact user
network. he network. experience.

4.3.2 Zero trust network access

User and Device Verification:

The journey begins with the user attempting to access an application. Before granting access, the
ZTNA system meticulously verifies the user's identity and the device's security posture. This
may involve multi-factor authentication, device health checks, and compliance assessments.
Only after successful verification can the user proceed.
Trust Broker as the Gatekeeper:
The Trust Broker acts as the central control point, orchestrating the entire ZTNA process. It
receives access requests from users, evaluates the context of each request, and enforces granular
access policies. The Trust Broker considers factors like user identity, device security posture,
application sensitivity, and real-time threat intelligence to determine whether access should be
granted.
Secure Connection and Micro-segmentation:
Upon approval, the Trust Broker establishes a secure connection between the user and the
specific application. This connection is typically encrypted and isolated, preventing lateral
movement within the network. Micro-segmentation further enhances security by dividing the
network into smaller, isolated segments, limiting the potential impact of a breach.
Continuous Monitoring and Dynamic Policy Adjustment:
ZTNA is not a one-time check; it's a continuous process. The system constantly monitors user
activity and device behavior, adapting access permissions as needed. For instance, if a device's
security posture changes or suspicious activity is detected, the Trust Broker can dynamically
adjust access privileges or even revoke access altogether.

21
Fig. 8: ZTNA Diagram

22
5 COMPARISON & ENSEMBLE

5.1 ACCESS CONTROL

VPN: The Traditional Gatekeeper
The image on the left depicts the traditional security approach using a Virtual Private Network
(VPN). Imagine a VPN as a secure tunnel that allows remote users to access an organization's
internal network. Once inside, users can generally reach various applications and data, regardless
of whether they need access to all of them. While VPNs offer a convenient way to connect
remote workers, they operate on a perimeter-based security model. This means that once an
attacker breaches the outer defenses, they potentially have free rein to move laterally within the
network, accessing sensitive information and causing significant damage. The image illustrates
this vulnerability, showing how an attacker who has infiltrated the network can reach various
applications and databases.
ZTNA: Trust No One
The right side of the image introduces a modern security approach called Zero Trust Network
Access (ZTNA). ZTNA operates on the principle of "never trust, always verify," dismantling the
idea of a secure perimeter altogether. Instead of granting broad access upon entry, ZTNA
meticulously verifies each user and device before granting access to specific applications and
resources. This access is determined based on factors like identity, device, location, and even
time of day. Even if an attacker manages to get a foot in the door, their movement is severely
restricted, preventing them from exploring the network and causing widespread damage. The
image clearly demonstrates this, showing how the attacker, despite being inside the network, is
completely cut off from applications and databases due to the lack of explicit authorization.

Fig. 9: Visualizing Access Control: VPN and ZTNA

23
5.2 THIẾU CHỦ ĐỀ

Feature Prisma Access Cloudflare OpenZiti

Type Cloud Service Cloud Service Self-hosting

Model SaaS SaaS Self-managed

Architecture Cloud-delivered Sec Globally distributed Zero Trust Network Overlay

urity network
Platform

Advantages Comprehensive, Easy to use, Highly customizable, feature-

integrated widespread, high rich
performance

Disadvantages High cost Limited customization Complex, requires good

, web-focused performance

Suitable Comprehensive Businesses focused Businesses needing extensive

for security on web, simple control, open-source
solutions, high security
security needs

24
6 EXPERIMENTS AND RESULTS

6.1 FEATURES

Fig.10: Access Control of Openziti

OpenZiti superpowers are distinguished between security, performance/reliability, and ease of
management.

6.1.1 Security

Private ‘Dark’ Networking

Applications are increasingly exposed to the public internet (and networks, layer 3/4 in general).
Open ports them vulnerable to threats / subject to vulnerability exploitation, or traditional private
networking (VPNs, firewalls etc.) are cumbersome or unusable. OpenZiti makes them dark and
invisible from the internet, with no holes from the firewalls. It makes it more reliable and
focused management on the server preventing any unauthorized users from entering the server.
Built-In, Not Bolted On
Traditional network security is exposed to the internet with at least some open ports allowing
attackers to scan and potentially find an exploit. OpenZiti provides the ability to be embedded
directly into the app using an SDK removing this threat and making security even stronger – i.e.,
we are not even trusting the host OS network, nor does the developer need to know port/IP.

25
Zero Trust
Traditional systems allow users to connect before they authenticate. Many give access to the
network without using separate firewalls and access control points – which slows down
developers and burdens operators. OpenZiti mandates authentication and authorisation before
any connectivity can be established using a strong identity. When connectivity is created, it can
be micro-segmented using least privilege and attribute-based access control.
Trusting Endpoints
Clients and servers are assumed to be trusted if they comply with higher-level access controls.
OpenZiti, as part of authentication and authorisation before connecting, allows posture checks to
be set up to check endpoints pass certain tests, including MFA, AD domain membership, MAC
address, OS version and required processes.
E2E Encryption
We want to increase the security of our data across the network and, in general, are moving from
TLS to mTLS but need to handle keys, PKI, and distribution. OpenZiti implements its own PKI,
handles bootstrapping trust and provides both mTLS and end-to-end encryption by default (built
on Libsodium). Our approach ensures low overhead, no need for keys, and prevents unintended
users from viewing and modifying data.
Flexible Identity
Other technology stacks require using identity providers (IdP) from massive organisations.
OpenZiti provides its internal system of strong identity using x509 and JWTs. It also allows you
to bring an external IdP.
Private Authenticated DNS
We need to set up and maintain a public DNS which can be queried or attacked while naming
must follow specific IP/DNS specifications. OpenZiti does not need to rely on global DNS;
authenticated and private DNS is implemented and accessed only by enrolled endpoints. You do
not need to name services according to top-level domain etc.
No Port Inference
Attackers can use port sniffing to discern information on data flows (e.g., port 22 is SSH data).
With OpenZiti, everything will be synthesised into port 443, all traffic will appear as Port 443.
Attackers cannot figure out what services you use/immune to port sniffing. No
Source/Destination Inference – Attackers can intercept traffic and determine source and
destination as valuable information for an attack. OpenZiti encrypts metadata as it moves across
the overlay, removing this threat.

6.1.2 Performance and Reliability

The Fabric [Overlay Mesh Network]

26
Traditional connectivity is point-to-point, meaning any issues (e.g., high latency) anywhere on
the underlying networking causes performance and reliability issues. OpenZiti provides an
overlay with high availability and scalability across the mesh combined with active load
balancing combined with smart routing to pick the lowest latency paths automatically.
Service Health
If issues exist in the end-to-end path of an application, it stops working with no knowledge as to
why. OpenZiti implements service dial health metrics to successfully understand which route
responses are returned. This allows us to understand the overall service health of the application
network and where unhealthy connections are to determine the most likely cause rapidly.

6.1.3 Easy Management

Addressability
We are normally subject to the limitation of DNS while having poor visibility on who is
connecting, when, where etc. – especially if a company has a huge number of devices and apps.
OpenZiti builds identity into every connection allowing direct addressability and circumventing
top-level domain naming. Network Management – Large-scale networks are difficult to measure
and report usage, success, and other measurements. OpenZiti uses its embedded identity for each
connection to easily understand, measure and report on services and who ‘exactly’ tries to
connect, utilizations, success rates, latency, and more.
Server to Client
Various means to have a server communicate to the server (e.g., HTTP polling or WebSocket)
have drawbacks and are not zero trust. OpenZiti allows any endpoints to communicate to other
endpoints. There is no concept of client/server. Therefore, applications can be hosted and
accessed by any other participating endpoint (as long as it has passed their authentication and
authorisation checks).
Application Portability
Application operators and users must consider how and where their applications will be hosted
and set up various controls (e.g., firewalls). OpenZiti-powered applications can be hosted
anywhere without worrying about managing ports, IP, DNS etc., while users can access them
from anywhere without thinking about ‘being on the network’ as the network moves wherever
they do.
Easy Integration
Developers need to identify/configure their applications to interact with the networking – e.g.,
specifying the application ports/IP that will be used. OpenZiti is seamless and easy to integrate,
and if using SDKs, developers do not need to specify (or even care about) ports/IPs or the
underlying network.

27
Multiple options of deployment
Deploying software to desktop/server is never an easy task. Applications powered by OpenZiti
enable you to reduce the deployment time & effort. You can integrate the SDK directly into the
application that's already being deployed. If you can't integrate, you can use Pre-built tunnelers
and proxies for a variety of operating systems, including mobile to allow existing applications
and networks to take advantage of an OpenZiti deployment.

6.2 IMPLEMENTATION AND CONFIGURATIONS

Key players in this architecture include the client, the webserver, and the tunneller software
present on both ends. The client, equipped with a browser, seeks access to the webserver, which
hosts the desired content or application. Acting as intermediaries, the tunnellers on each side
establish secure connections with the Stunet Network. These tunnels serve as encrypted conduits,
ensuring data remains confidential and protected as it traverses the network. [fig 10]
Orchestrating the flow of information is the Edge Router, a vital component within the Stunet
Network. It efficiently directs traffic between tunnelled connections, ensuring smooth and secure
communication between the client and server. This intricate interplay of components creates a
resilient and protected environment for data exchange.
Implementing this architecture involves a series of well-defined steps. The Stunet Network itself
forms the foundation and requires careful deployment and configuration of controllers, routers,
and edge routers. Next, tunneller software is installed and configured on both the client and
server machines, creating endpoints for secure communication. Once the network is established
and enrolled, the client can access the webserver through their browser, with all traffic
seamlessly routed through the secure Stunet Network.

Fig. 11: Usage of Tunnel

28
6.3 RESULT AND DISCUSSION
The Stunet project offers a refreshing and robust approach to securing remote access, especially
when it comes to protecting server resources accessed by remote workers. It moves away from
the traditional perimeter-based security model and embraces the principles of Zero Trust
Network Access (ZTNA), creating a more secure and flexible environment.
At the heart of Stunet lies the concept of an overlay network. This network operates
independently on top of the existing internet infrastructure, effectively cloaking servers from the
public internet. Servers become invisible to potential attackers, drastically reducing the attack
surface and mitigating the risk of unauthorized access. This invisibility cloak is further fortified
by the use of "tunnelers" installed on both the client and server sides. These tunnelers establish
secure, encrypted tunnels for all communication, ensuring that data remains confidential and
protected from eavesdropping or tampering.
Stunet takes security a step further with its identity-based access control mechanism. Instead of
relying on IP addresses, which can be spoofed or easily changed, access is granted based on
individual identities. This allows for granular control over user permissions, ensuring that only
authorized individuals can access specific server resources, regardless of their location or
network. This level of control minimizes the risk of lateral movement within the network, should
a user's credentials be compromised.
While the security benefits of Stunet are undeniable, there are potential challenges to consider.
Implementing and configuring the platform can be more complex than traditional VPN solutions.
Organizations may need to invest time and resources in understanding the system and adapting it
to their specific needs. Additionally, integrating Stunet with existing IT infrastructure and
workflows might require careful planning and execution to ensure seamless compatibility.
Despite these challenges, Stunet ‘s advantages in securing remote access are substantial. Its
ZTNA framework, coupled with the overlay network and granular access controls, makes it an
attractive solution for organizations seeking to bolster their server security in the era of remote
work. Stunet not only enhances security but can also improve user experience by simplifying
access to resources and eliminating the need for cumbersome VPN configurations. This
combination of security and usability positions Stunet as a powerful tool for organizations
navigating the evolving landscape of remote work and cybersecurity.

29
Fig. 12: Chưa có tiêu đề

30
7 CONCLUSIONS
This report presented a comprehensive discussion of current zero-trust security implementations
along with their strengths and limitations. Zero Trust provides a highly granular and case-
specific solution to network security issues. It is a highly agile approach; however, further
research and commercial use are required to present comprehensive conclusions about its
effectiveness in real-world deployments. The scope of our paper is limited to publicly available
research projects. This paper compares security-based features of recently published zero-trust-
based security models, frameworks and proofs-of-concept employed for network security.
Comparing these models and frameworks used in zero-trust networks will enable future
researchers to focus on security issues and oversights plaguing modern. It allows them to create
robust zero-trust security model and implement intelligent Security Orchestration, Automation
and Response. Commercial software products based on Zero-Trust Architecture exist and require
further extrapolation of their effectiveness.
The scope of this report is such that future researchers would be able to follow the general
timeline and milestones in developing the Zero-Trust Architecture This would be beneficial to
map the actual capabilities and operational needs of their network. It would inhibit feature creep
in their design while allowing their network to become more agile, automated and transparent in
its decision making. With the available premises, the next research results in the coming time
promise to bring a breakthrough and contribute a small part to the development of information
technology and society.

31
8 REFERENCES

[1] L. S. Vailshery, "Share of Corporate Data Stored in the Cloud in

Organizations Worldwide from 2015 to 2022," 8 Sep 2023. [Online].
Available: https://www.statista.com/statistics/1062879/worldwide-cloud-
storage-of-corporate-data/.
[2] M. El-Shrkawey, M. Alalfi and H. Al-Mahdi, "An Enhanced Intrusion
Detection System Based on Multi-Layer Feature Reduction for Probe and
DoS Attacks," JISIS, pp. 61-78, 2021.
[3] 2022. [Online]. Available: https://mandiant.widen.net/s/kxbbdppzzk/m-
trends-2022-executive-summary.
[4] F. Pagano, L. Verderame and A. Merlo, "Understanding Fuchsia Security," J.
Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl., 2021.
[5] T. Gupta, G. Choudhary and V. Sharma, "A survey on the security of
pervasive online social networks," 2018. [Online].
[6] V. Stafford, "Zero trust architecture.," NIST Spec. Publ. , 2020.
[7] T. W. House, "Moving the U.S. Government toward Zero Trust Cybersecurity
Principles," 2022. [Online]. Available:
https://www.whitehouse.gov/omb/briefing-room/2022/01/26/office-of-
management-and-budget-releases-federal-strategy-to-move-the-u-s-
government-towards-a-zero-trust-architecture/.
[8] Huawei, "What Is a Virtual Router?," 19 11 2021. [Online]. Available:
https://info.support.huawei.com/info-finder/encyclopedia/en/Virtual+router.ht
ml.
[9] W. Y., M. L., M. S. and F. J., "Zero trust cybersecurity: Critical success
factors and A maturity assessment framework," Science Direct, 2021.
[10] M. Fanti, Implementing Multifactor Authentication: Protect your applications
from cyberattacks with the help of MFA, Packt Publisher, 2023.
[11] S. -H. Park, "Performance Evaluation of Open-Source Endpoint Detection

32
and Response Combining Google Rapid Response and Osquery for Threat
Detection," IEEE Access, pp. 20259-20269, 2022.

33