O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

(SACON) Vandana Verma - Living In A World of Zero Trust

582 visualizações

Publicada em

As now everything is moving to cloud, all the applications are accessible from anywhere and everywhere. However, No one wants their private information to be compromised and openly available for the world. We have been taking so many precautions, however breaches continue to happen. How should we fix this?

Organisations have been talking about Zero Trust lately and this has become a buzzword. The talk will explore Zero Trust beyond the buzzword and describe what exactly is Zero Trust and why it is so important to keep organisations safe. How can we implement or deploy Zero Trust in an organisation while keeping the current and future state of an organization in mind. What should be the business model to move any organisation towards Zero Trust Architecture and what all policies need to be implemented to achieve the same.

In the end, certain recommendations will be shared with the participants as a takeaway from my own experiences while working towards implementing the Zero Trust.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

(SACON) Vandana Verma - Living In A World of Zero Trust

  1. 1. SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Life in the world of Zero Trust Vandana Verma Sehgal Infosecvandana
  2. 2. SACON 2020 WHO AM I ● OWASP Global Board ● Speaker/Trainer at Defcon(AppSec Village), Asst. Trainer at Black Hat, OWASP AppSec Conferences and others ● Member of Review Board at Grace Hopper, BSides Ahmedabad, ● Global AppSec, etc. ● Diversity Initiatives: ○ InfoSec Girls, OWASP WiA, WoSec ○ Free Trainings at Conferences ○ Webinars, Personal Mentoring, etc.
  3. 3. SACON 2020
  4. 4. SACON 2020
  5. 5. SACON 2020 Digital Transformation
  6. 6. SACON 2020 Traditional Security Model
  7. 7. SACON 2020 Traditional Security Model Access control lists (ACLs) Role-based access controls (RBAC) Principles of least privilege Zero Trust model
  8. 8. SACON 2020 History • First in 2010 by John Kindervag • Late Google as a part of their “Beyond Corp” • Means different for different people
  9. 9. SACON 2020 Why Zero Trust? • Cybersecurity Ventures predicts “cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015” • Ponemon Institute and sponsored by IBM- Data Breach Study found that the global average cost of a data breach is $3.62 million. • “More than 40% of companies have more than a quarter of their employees working remotely. More than 25% have more than 40% of their employees working remotely.” • Additionally, “More than 67% of workers use their own devices at work.” • Beyond that, “80% of all BYOD is completely unmanaged.”
  10. 10. SACON 2020 Gartner Zero-trust network access “provides adaptive, identity-aware, precision access” and “enables digital ecosystems to work without exposing services directly to the internet.”
  11. 11. SACON 2020 Forrester estimates “80% of data breaches are caused by privileged access abuse”
  12. 12. SACON 2020 Zero Trust Model By Forrester Ø Ensure all resources are accessed securely regardless of location Ø Adopt a Principle of least privilege strategy and strictly enforce Access Control. Ø Inspect and perform logging all traffic.
  13. 13. SACON 2020 Never Trust, Always Verify •Never trust the client •Never Trust the server •Never Trust the network
  14. 14. SACON 2020 Zero Trust Architecture
  15. 15. SACON 2020https://www.oreilly.com/library/view/zero-trust-networks/9781491962183/ch01.html
  16. 16. SACON 2020https://www.oreilly.com/library/view/zero-trust-networks/9781491962183/assets/ztnw_0102.png
  17. 17. SACON 2020 Provide Users With Application-Only Access, Not Network Access
  18. 18. SACON 2020 Isolate Your Network Infrastructure From the Public Internet
  19. 19. SACON 2020 Enable WAF to Protect Corporate Applications
  20. 20. SACON 2020 Put Identity, Authentication, and Authorization in Place Before Providing Access
  21. 21. SACON 2020 Use Advanced Threat Protection to Defend Against Phishing, Zero-Day Malware, and DNS-Based Data Exfiltration
  22. 22. SACON 2020 Monitor Internet-Bound Traffic and Activity
  23. 23. SACON 2020 Support Integration with Security Information and Event Management (SIEM) and Orchestration Through RESTful APIs
  24. 24. SACON 2020 Applied in the Cloud
  25. 25. SACON 2020 Attacker Response to ZTA “The best offense is a good defense” https://securityboulevard.com/2019/10/countdown-to-zero-why-zero-trust-is-in- the-spotlight/
  26. 26. SACON 2020 Key Takeaways
  27. 27. SACON 2020 Zero Trust security is no longer just a concept. It has become an essential security strategy that helps organizations protect their valuable data in a “perimeter-everywhere” world.
  28. 28. SACON 2020 "Trust is a dangerous vulnerability that can be exploited” - John Kindervag
  29. 29. SACON 2020 The new security perimeter is identity
  30. 30. SACON 2020 Deploying Trusting Zero • Identify the protect surface • Identify roles and assign people to a single role • Map the transaction flows • Build a Zero Trust architecture • Create Zero Trust policy • Monitor and maintain, inspect and log the traffic based on your behaviour analytics
  31. 31. SACON 2020 Reach Me!! ● Twitter: @InfosecVandana ● LinkedIn: vandana-verma ● Email: vandana.infosec@gmail.com
  32. 32. SACON 2020 • https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture • https://www.csoonline.com/article/3247848/what-is-zero-trust-a-model-for-more-effective-security.html • https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft.pdf • https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/ • https://ldapwiki.com/wiki/Zero%20Trust • https://www.youtube.com/watch?v=-Why_ZjJUhg • https://www.forbes.com/sites/louiscolumbus/2019/02/07/digital-transformations-missing-link-is-zero- trust/#6be166fe727f • https://www.akamai.com/us/en/multimedia/documents/white-paper/how-to-guide-zero-trust-security- transformation.pdf • https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft.pdf • https://www.youtube.com/watch?v=1D5mg9an19o References
  33. 33. SACON 2020 Thank you!