Skip to main content

Zero Trust: The benefits of a collaborative multi-vendor approach

By

Steve Gill,

Ryan Lewis

collaborative-approach.jpg

As US government agencies work to implement Zero Trust architectures to meet the 2027 mandate, taking a collaborative approach is essential. No technology vendor can meet all 152 of the DoD’s controls for both “target” and “advanced” compliance levels on its own. Instead, public and private organizations need to partner in order to break down silos, deliver all the necessary capabilities, and build a strong, resilient defense against sophisticated cybersecurity threats.

Elastic’s open source platform is purpose-built for collaboration and serves as an essential element in a Zero Trust architecture. In fact, the DoD CIO recommended the Elastic Common Schema as part of their preferred approach to Zero Trust interoperability. 

In addition to supporting the DoD’s five Zero Trust pillars through its security technology, Elastic’s ability to ingest all data types — across systems, clouds, and regions — serves as a connective function between disparate systems that weren’t originally designed for Zero Trust. Elastic does this by focusing on data; the only commonality that exists between Zero Trust systems is the data that they produce. Once data is ingested, Elastic acts as a unifying data layer that enables agencies to see across the entire architecture, analyze data, and create visual dashboards at the speed of search.

An agile proof of concept for collaborative Zero Trust

At a previous DoDIIS event, the industry was challenged by DoD leadership to not only collaborate but also modernize their messaging at industry events around Zero Trust. They urged vendors to demonstrate clear paths toward delivering a Zero Trust framework.

In response, Elastic joined forces with Vectra, Gigamon, and CrowdStrike as well as the Technology Advancement Center (TAC) as a facilitator. This collaboration allowed us to build a Zero Trust proof of concept (POC) by combining each vendor’s capabilities and forging an integrated, agile approach to Zero Trust.

Together, we devised a fictional agency with simulated users, virtualized workstations, infrastructure, and workloads to represent typical operations — all hosted in the TAC’s AWS cloud infrastructure and demonstrated in the video above.

This POC used CrowdStrike for endpoint protection, Elastic for data analytics, Gigamon for network visibility, and Vectra for AI-driven network detections. This multi-vendor architecture combined forces to create a robust cybersecurity defense.

Through the use of existing Elastic APIs and integrations, all components of the architecture flow together — gathering data, evaluating the network and endpoints, and taking preemptive action. The POC focused on network, endpoint, data visibility, orchestration, response, and logging. With this came recognition that there are additional capabilities and vendors needed in other areas, such as privileged access management, data tagging, and data loss prevention. Throughout the process, the TAC tested the solutions against real-world simulations in order to validate outcomes. 

Outcomes and next steps

As noted by the TAC, “this end-to-end testing in a controlled, yet realistic, environment provides a clear path for US government agencies to deploy Zero Trust solutions at scale.” While the TAC is vendor-agnostic and does not recommend specific companies or technology, the group emphasizes the importance of private-public partnerships when implementing Zero Trust strategies.

Going forward, it’s clear that a Zero Trust architecture cannot rely on just one vendor or solution provider. A strategic, collaborative, and vendor-agnostic approach can provide end-to-end security defenses — but only if agencies have a way to see across their entire environment holistically. 

This is the value of Elastic. 

With our extensive ecosystem of partners and integrations, we can easily unify your existing technology and systems. No matter where data comes from, what format it’s in, or what Zero Trust pillar it supports, Elastic can connect it all so that agencies have a single source of information and ensure there are no gaps where threats can go undetected. 

Contact us to learn more about how Elastic can serve as a unifying data layer across your existing Zero Trust architecture

Resources:

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

Sign up for Elastic Cloud free trial

Spin up a fully loaded deployment on the cloud provider you choose. As the company behind Elasticsearch, we bring our features and support to your Elastic clusters in the cloud.

Start free trial