Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Zero Trust Framework for Network Security​

211 views

Published on

Forrester Privacy & Security 2018​
September 25-26 2018, Washington DC​

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Zero Trust Framework for Network Security​

  1. 1. Zero Trust Framework for Network Security Forrester Privacy & Security 2018 September 25-26 2018, Washington DC
  2. 2. 2 | ConfidentialSource: The Zero Trust eXtended (ZTX) Ecosystem 2018 ZERO TRUST
  3. 3. ZERO TRUST NETWORK FRAMEWORK PRINCIPLES - CHALLENGES Visibility Automation Segmentation Compliance API Integration 3 | Confidential GUIDANCE Challenge Requirements Use Case CISO Business Analyst Network Security Manager ComponentsAnglesPersonas
  4. 4. VISIBILITY – GUIDANCE • “Visibility is the key to defending any valuable asset” • “Zero Trust mandates significant investment in visibility” • “You can’t protect the invisible” 4 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018 You can’t combat a threat you can’t see or understand. Visibility is essential for achieving Zero Trust
  5. 5. VISIBILITY – CHALLENGES 5 | Confidential Large and complex heterogenous and hybrid networks Cisco, Checkpoint, PAN, etc. Multiple firewall vendors AWS, Azure, Google Public cloud providers VMWare NSX, Cisco ACI etc. Private cloud, SDN platforms
  6. 6. VISIBILITY – REQUIREMENTS 6 | Confidential Full visibility into your entire network security estate with a live topology map Single pane of glass to manage cloud, SDN and on-premise security controls Unified management of security policy across hybrid environments and mixed environments Discovery and mapping of business application connectivity requirements to the network infrastructure
  7. 7. ? VISIBILITY – USE CASE
  8. 8. ? VISIBILITY – ANOTHER USE CASE
  9. 9. AUTOMATION – GUIDANCE • “Critical for organizations and S&R leadership to leverage and use tools and technologies” • “Enable automation and orchestration across the enterprise” 9 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
  10. 10. AUTOMATION – CHALLENGES 10 | Confidential Defining and maintaining a Zero Trust network involves many security policy changes. Change processes, when done manually, inevitably lead to errors and misconfigurations. • Risk assessment for each proposed change • Multiple disparate teams and stakeholders (security, networking, business owners). With different languages, different objectives. Slow process as even a single change in a complex enterprise environment takes time, X hundreds of changes per month.
  11. 11. AUTOMATION – REQUIREMENTS 11 | Confidential Process firewall changes with zero-touch automation Eliminate mistakes and rework Accountability for change requests • Assess impact of network changes to ensure security and continuous compliance • Automate rule-recertification processes • Introduce intelligent change management • Enforce compliance • Deliver automatic documentation across the entire change management lifecycle
  12. 12. ? AUTOMATION – USE CASE
  13. 13. AUTOMATION – ANOTHER USE CASE
  14. 14. SEGMENTATION – GUIDANCE “The ability to segment, isolate, and control the network continues to be a pivotal point of control for Zero Trust.” 14 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
  15. 15. SEGMENTATION – CHALLENGES 15 | Confidential • Security policy change is slow, taking days or weeks to process in a complex enterprise environment • Change process involves multiple disparate teams and stakeholders (security, networking, business owners) who speak different languages and have different objectives Detection, assessment and decisions about which applications should be segmented and their placement within the Zero Trust network Risk assessment of proposed changes in Zero Trust network Misconfiguratons happen Misconfigurations happen often and introduce unnecessary risks and cause outages that disrupt business operations
  16. 16. SEGMENTATION – REQUIREMENTS 16 | Confidential Define and enforce your Zero Trust segmentation strategy inside the data center. Automatic identification of changes that violate the Zero Trust strategy Single pane of glass to manage both cloud and on-premise security controls and segments • Meet compliance requirements • Identify unprotected network flows • Automatic implementation of network security changes • Automatic validation of changes aligned with strategy • Avoid blockage of critical business services.
  17. 17. SEGMENTATION – USE CASE
  18. 18. SEGMENTATION – ANOTHER USE CASE
  19. 19. SEGMENTATION – ANOTHER USE CASE
  20. 20. COMPLIANCE – GUIDANCE • “Security teams that have used Zero Trust as a key driver of their strategic security vision have met many compliance requirements with far greater ease.“ • “Segmenting the network frequently reduces the scope of compliance initiatives because many regulations, such as PCI, only have certain data types in scope” • “Zero Trust networks far exceed the security required by compliance directives, and that’s a good thing.” 20 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
  21. 21. COMPLIANCE – CHALLENGES 21 | Confidential Managing a Zero Trust network is a significant overhead, more segments you have the more firewalls you need to deploy and manage. Firewall audit preparation process is manual, time consuming and costly. Compliance takes time away from strategic initiatives. Regulations require continuous compliance Compliance documentation is tedious and time consuming
  22. 22. COMPLIANCE – REQUIREMENTS 22 | Confidential Instant generation of audit-ready reports for major regulations, including PCI, GDPR, HIPAA, SOX, NERC etc. Generate custom reports for internal compliance mandates Proactive checks of every change for compliance and/or network segmentation violations • Changes to remediate problems and ensure compliance • Audit trail of all firewall changes and approval processes • Easily define allowed traffic between network segments • Support software-defined micro-segmentation on multiple platforms.
  23. 23. ? COMPLIANCE – USE CASE
  24. 24. ? COMPLIANCE – ANOTHER USE CASE
  25. 25. APIINTEGRATION Business driven Security Management “Advanced API integration available for your team to use for development purposes as well as to integrate other security solutions into your Zero Trust ecosystem.”
  26. 26. ZERO TRUST NETWORK - SUMMARY 26 | Confidential Visibility Automation Segmentation API IntegrationCompliance
  27. 27. Thank You 27 | Confidential

×