Zero trust model presentation

  1. 1. #RSAC SESSION ID: Zero Trust Security Gowdhaman Jothilingam
  2. Topics Covered Understand what Zero Trust is and why it is important. What comprises a Zero Trust network and how to create architecture Conditions and Controls Understand how identity, device health Benefits of Zero Trust Discover how to apply these conditions to line of business SaaS apps or on-premises web apps. Examples and Demo (If time permits)
  3. TRADITIONAL MODEL Trusted Zone Untrusted Zone
  4. The challenge with perimeter-based networks…
  5. It was a walled garden (castle/moat approach) Perimeter-based networks operate on the assumption that all systems (and users) within a network can be trusted. Not able to accommodate modern work styles such as Bring Your Own Device (BYOD) and Bring Your Own Cloud (BYOC) Attacker can compromise single endpoint within trusted boundary and quickly expand foothold across entire network.
  6. Users cannot be trusted! (Neither can the network!) https://enterprise.verizon.com/resources/reports/dbir/ 28%of attacks involved inside actors¹ 4%Of end-users will click on anything¹ 17%Of breaches had errors as casual events¹
  7. What is a Zero Trust network? Eliminates the concept of trust based on network location within a perimeter. Leverages device and user trust claims to get access to data and resources. John Kindervag
  8. What comprises a Zero Trust network? Identity provider to keep track of users and user-related information. Device directory to maintain a list of devices that have access to corporate resources, along with their corresponding device information (e.g., type of device, integrity etc.) Policy evaluation service to determine if a user or device conforms to the policy set forth by security admins Access proxy that utilizes the above signals to grant or deny access to an organizational resource Anomaly detection and machine learning
  9. Example: Basic components of a Zero Trust network model
  10. Designing a Zero Trust architecture
  11. Approach: Start with asking questions Who are your users? What apps are they trying to access? How are they doing it? Why are they doing it that way? What conditions are required to access a corporate resource? What controls are required based on the condition?
  12. Consider an approach based on set of conditions What is the user’s role and group membership? What is the device health and compliance state? What is the SaaS, on-prem or mobile app being accessed? What is the user’s physical location? What is the time of sign-in? What is the sign-in risk of the user’s identity? (i.e. probability it isn’t authorized by the identity owner) What is the user risk? (i.e. probability a bad actor has compromised the account?
  13. Followed by a set of controls (if/then statement) Allow/deny access Require MFA Force password reset Control session access to the app (i.e. allow read but not download, etc)
  14. Device Health Conditions Determine the machine risk level (i.e. is it compromised by malware, Pass-the-Hash (PtH), etc) Determine the system integrity and posture (i.e. hardware-rooted boot- time and runtime checks) Integrity checks: – Drivers – Kernel – Firmware – Peripheral firmware – Antimalware driver code Verify boot state of machine Compliance policy checks (i.e. is an OS security setting missing/not configured?) Integrity at system start-up Integrity as system is running Validate integrity as OS is running
  15. Identity Conditions What is the user’s risk level? Is the sign in coming from: – A known botnet IP address? – An anonymous IP address? – Unauthorized browser? (i.e. Tor) – An unfamiliar location? – Impossible travel to atypical locations? Is the sign in suspicious? – High number of failed attempts across multiple accounts over a short period of time – Matches traffic patterns of IP addresses used by attackers Are the user’s credentials (username/password pair) leaked? – Up for sale on the dark web / black sites
  16. Zero Trust based on conditional access controls
  17. Zero Trust based on conditional access controls
  18. Benefits of a Zero Trust model Allow conditional access to certain resources while restricting access to high-value resources on managed/compliant devices. Prevent network access and lateral movement using stolen credentials and compromised device. Enables users to be more productive by working however they want, where they want, when they want. Identity is everything, make it the control plane. Consider an “if-this-then-that” automated approach to Zero Trust. Zero Trust can enable new business outcomes that were not possible before.
  19. Thank You! Reference: http://aka.ms/ZeroTrustDemos Matt Soseman – Presentation Security Architect Microsoft

Views: 184

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service