SlideShare uma empresa Scribd logo

Zero Trust Model Presentation

G
Gowdhaman Jothilingam

Short Presentation on Zero Trust Architecture

Tecnologia
1 de 19
Baixar para ler offline
#RSAC SESSION ID: Zero Trust Security Gowdhaman Jothilingam
Topics Covered Understand what Zero Trust is and why it is important. What comprises a Zero Trust network and how to create architecture Conditions and Controls Understand how identity, device health Benefits of Zero Trust Discover how to apply these conditions to line of business SaaS apps or on-premises web apps. Examples and Demo (If time permits)
TRADITIONAL MODEL Trusted Zone Untrusted Zone
The challenge with perimeter-based networks…
It was a walled garden (castle/moat approach) Perimeter-based networks operate on the assumption that all systems (and users) within a network can be trusted. Not able to accommodate modern work styles such as Bring Your Own Device (BYOD) and Bring Your Own Cloud (BYOC) Attacker can compromise single endpoint within trusted boundary and quickly expand foothold across entire network.
Users cannot be trusted! (Neither can the network!) https://enterprise.verizon.com/resources/reports/dbir/ 28%of attacks involved inside actors¹ 4%Of end-users will click on anything¹ 17%Of breaches had errors as casual events¹
What is a Zero Trust network? Eliminates the concept of trust based on network location within a perimeter. Leverages device and user trust claims to get access to data and resources. John Kindervag
What comprises a Zero Trust network? Identity provider to keep track of users and user-related information. Device directory to maintain a list of devices that have access to corporate resources, along with their corresponding device information (e.g., type of device, integrity etc.) Policy evaluation service to determine if a user or device conforms to the policy set forth by security admins Access proxy that utilizes the above signals to grant or deny access to an organizational resource Anomaly detection and machine learning
Example: Basic components of a Zero Trust network model
Designing a Zero Trust architecture
Approach: Start with asking questions Who are your users? What apps are they trying to access? How are they doing it? Why are they doing it that way? What conditions are required to access a corporate resource? What controls are required based on the condition?
Consider an approach based on set of conditions What is the user’s role and group membership? What is the device health and compliance state? What is the SaaS, on-prem or mobile app being accessed? What is the user’s physical location? What is the time of sign-in? What is the sign-in risk of the user’s identity? (i.e. probability it isn’t authorized by the identity owner) What is the user risk? (i.e. probability a bad actor has compromised the account?
Followed by a set of controls (if/then statement) Allow/deny access Require MFA Force password reset Control session access to the app (i.e. allow read but not download, etc)
Device Health Conditions Determine the machine risk level (i.e. is it compromised by malware, Pass-the-Hash (PtH), etc) Determine the system integrity and posture (i.e. hardware-rooted boot- time and runtime checks) Integrity checks: – Drivers – Kernel – Firmware – Peripheral firmware – Antimalware driver code Verify boot state of machine Compliance policy checks (i.e. is an OS security setting missing/not configured?) Integrity at system start-up Integrity as system is running Validate integrity as OS is running
Identity Conditions What is the user’s risk level? Is the sign in coming from: – A known botnet IP address? – An anonymous IP address? – Unauthorized browser? (i.e. Tor) – An unfamiliar location? – Impossible travel to atypical locations? Is the sign in suspicious? – High number of failed attempts across multiple accounts over a short period of time – Matches traffic patterns of IP addresses used by attackers Are the user’s credentials (username/password pair) leaked? – Up for sale on the dark web / black sites
Zero Trust based on conditional access controls
Zero Trust based on conditional access controls
Benefits of a Zero Trust model Allow conditional access to certain resources while restricting access to high-value resources on managed/compliant devices. Prevent network access and lateral movement using stolen credentials and compromised device. Enables users to be more productive by working however they want, where they want, when they want. Identity is everything, make it the control plane. Consider an “if-this-then-that” automated approach to Zero Trust. Zero Trust can enable new business outcomes that were not possible before.
Thank You! Reference: http://aka.ms/ZeroTrustDemos Matt Soseman – Presentation Security Architect Microsoft

Recomendados

Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 

Recomendados

Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
n|u - The Open Security Community
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Cloud security
Cloud securityCloud security
Cloud security
BikashPokharel3
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
SlideTeam
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
Security Testing
Security TestingSecurity Testing
Security Testing
ISsoft
 

Mais conteúdo relacionado

Mais procurados

Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
SlideTeam
 

Mais procurados (20)

Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
 

Semelhante a Zero Trust Model Presentation

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
Security Testing
Security TestingSecurity Testing
Security Testing
ISsoft
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
Michael Hidalgo
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
Karen Oliver
 

Semelhante a Zero Trust Model Presentation (20)

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
P3 m2
P3 m2P3 m2
P3 m2
 
The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!
 
Network Security
Network SecurityNetwork Security
Network Security
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Application security
Application securityApplication security
Application security
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptx
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
 

Último

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Último (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Zero Trust Model Presentation

  • 1. #RSAC SESSION ID: Zero Trust Security Gowdhaman Jothilingam
  • 2. Topics Covered Understand what Zero Trust is and why it is important. What comprises a Zero Trust network and how to create architecture Conditions and Controls Understand how identity, device health Benefits of Zero Trust Discover how to apply these conditions to line of business SaaS apps or on-premises web apps. Examples and Demo (If time permits)
  • 4. The challenge with perimeter-based networks…
  • 5. It was a walled garden (castle/moat approach) Perimeter-based networks operate on the assumption that all systems (and users) within a network can be trusted. Not able to accommodate modern work styles such as Bring Your Own Device (BYOD) and Bring Your Own Cloud (BYOC) Attacker can compromise single endpoint within trusted boundary and quickly expand foothold across entire network.
  • 6. Users cannot be trusted! (Neither can the network!) https://enterprise.verizon.com/resources/reports/dbir/ 28%of attacks involved inside actors¹ 4%Of end-users will click on anything¹ 17%Of breaches had errors as casual events¹
  • 7. What is a Zero Trust network? Eliminates the concept of trust based on network location within a perimeter. Leverages device and user trust claims to get access to data and resources. John Kindervag
  • 8. What comprises a Zero Trust network? Identity provider to keep track of users and user-related information. Device directory to maintain a list of devices that have access to corporate resources, along with their corresponding device information (e.g., type of device, integrity etc.) Policy evaluation service to determine if a user or device conforms to the policy set forth by security admins Access proxy that utilizes the above signals to grant or deny access to an organizational resource Anomaly detection and machine learning
  • 9. Example: Basic components of a Zero Trust network model
  • 10. Designing a Zero Trust architecture
  • 11. Approach: Start with asking questions Who are your users? What apps are they trying to access? How are they doing it? Why are they doing it that way? What conditions are required to access a corporate resource? What controls are required based on the condition?
  • 12. Consider an approach based on set of conditions What is the user’s role and group membership? What is the device health and compliance state? What is the SaaS, on-prem or mobile app being accessed? What is the user’s physical location? What is the time of sign-in? What is the sign-in risk of the user’s identity? (i.e. probability it isn’t authorized by the identity owner) What is the user risk? (i.e. probability a bad actor has compromised the account?
  • 13. Followed by a set of controls (if/then statement) Allow/deny access Require MFA Force password reset Control session access to the app (i.e. allow read but not download, etc)
  • 14. Device Health Conditions Determine the machine risk level (i.e. is it compromised by malware, Pass-the-Hash (PtH), etc) Determine the system integrity and posture (i.e. hardware-rooted boot- time and runtime checks) Integrity checks: – Drivers – Kernel – Firmware – Peripheral firmware – Antimalware driver code Verify boot state of machine Compliance policy checks (i.e. is an OS security setting missing/not configured?) Integrity at system start-up Integrity as system is running Validate integrity as OS is running
  • 15. Identity Conditions What is the user’s risk level? Is the sign in coming from: – A known botnet IP address? – An anonymous IP address? – Unauthorized browser? (i.e. Tor) – An unfamiliar location? – Impossible travel to atypical locations? Is the sign in suspicious? – High number of failed attempts across multiple accounts over a short period of time – Matches traffic patterns of IP addresses used by attackers Are the user’s credentials (username/password pair) leaked? – Up for sale on the dark web / black sites
  • 16. Zero Trust based on conditional access controls
  • 17. Zero Trust based on conditional access controls
  • 18. Benefits of a Zero Trust model Allow conditional access to certain resources while restricting access to high-value resources on managed/compliant devices. Prevent network access and lateral movement using stolen credentials and compromised device. Enables users to be more productive by working however they want, where they want, when they want. Identity is everything, make it the control plane. Consider an “if-this-then-that” automated approach to Zero Trust. Zero Trust can enable new business outcomes that were not possible before.
  • 19. Thank You! Reference: http://aka.ms/ZeroTrustDemos Matt Soseman – Presentation Security Architect Microsoft