SlideShare a Scribd company logo

Fal conunite2019 complete_zero_trust_final

B
Bryan Fite

Everything old is new again or so goes the cliché. This presentation will take the attendee through the industry’s “re-discovery” journey of the principles associated with Zero Trust and help them weather the coming tsunami of FUD and marketing hype, while enjoying the security benefits the approach provides. Disappearing perimeters and workloads that are migrating to the cloud necessitate a change. Complete Zero Trust might be the way forward. The speaker will discuss “latent” capabilities that exist in most environments and field proven techniques for exploiting them for the benefit of the organization without the need to purchase more “stuff".

Technology
1 of 16
Download to read offline
TRUST VS CONTROL - COMPLETE ZERO TRUST “TRUST NO ONE THING”
SPEAKER  Host of the annual Dayton Security Summit http://www.day-con.org  Creator of Packetwars™ the world’s first cyber sport  Facilitated Innovation & Structured Choice practice lead  SANS GIAC/GSEC Gold published author  Trusted Advisor & “Herder of Cats”  @BryanFite Global Account CISO at BT BRYAN K. FITE ©2019CROWDSTRIKE
SYSTEM CONFIDENCE ©2019CROWDSTRIKE TRUST & CONTROL CONFIDENCE=
“THE PERIMETER IS DEAD…” ©2019CROWDSTRIKE Radical Thinking? (Digital)Identity is the new perimeter
“LONG LIVE THE NEW PERIMETER” ©2019CROWDSTRIKE Radical Thinking? (Digital)Identity is the new perimeter
“EVERYTHING OLD IS NEW AGAIN” ©2019CROWDSTRIKE 2000 2010 2005 2015
DRAFT NIST SPECIAL PUBLICATION 800-207 - ZERO TRUST ARCHITECTURE ©2019CROWDSTRIKE An operative definition of ZTA is as follows: “Zero Trust Architecture (ZTA) provides a collection of concepts, ideas, and component relationships (architectures) designed to eliminate the uncertainty in enforcing accurate access decisions in information systems and services.” https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207- draft.pdf
THE SECURITY MATURITY JOURNEY ©2019CROWDSTRIKE Naked SDWANNaked SDNBusiness Transforms with No Security Investment Traditional Security Investment with No Business Transformation Traditional Security Investment + Business Transformation Micro Segmentation, & Maturing CICD with virtualisation & containerisation + Business Transformation Naked SDWAN/DIA Naked BYOD / Mobility Complete Zero Trust Architecture + Business Transformation Cloud-based SecurityInvestment + Business Transformation 100% Protected, 0% Attack Surface *Theoretical! Cloud Adoption Mobility Adoption …Business Transformation done to you …Security Transformation done by you Complete Zero Trust OT Networks No Naked Networks On-prem approach Low Cloud Uptake Medium Cloud Uptake High Cloud Uptake On-Prem Virtualised Multi-Cloud Architecture Cloud First / Cloud Native Corporate Servers only Corporate Laptops Corporate Mobiles BYOD
THREATS EVOLVE – ORGANIZATIONS MUST TOO ©2019CROWDSTRIKE $3.92m 34% Average total cost of data breach1 Percentage of breaches due to insider threat 25,575 Average number of records stolen1 Endpoint Workload Outside = Untrusted Work- load Work -load Work -load VPN Proxy NGFW IDS/IPS MPLS Sandbox SD-WAN Virtualisation Flow-based AnalyticsIR/Forensics Endpoint Workload Inside = Trusted Workload WorkloadWorkload Current approach: Perimeter-based security Security procrastinators Workload Inside = Untrusted Workload Workload Workload Workload EndpointEndpoint Workload Workload Workload Endpoint Workload Outside = Untrusted Work-load Work- load Work- load Complete Zero Trust
TIME FOR A CHANGE: COMPLETE ZERO TRUST ©2019CROWDSTRIKE Trust no one & nothing Authenticate & Validate Complete & Dynamic Access Policy Workloa d protectio n End point protectio n Visibility Analytics Control Authentica tion The new realities Zero Trust tenets The BT way: Complete Zero Trust Network is always hostile Effectively no perimeter Static rules vs. dynamic threats
REASONABLE RESPONSE ©2019CROWDSTRIKE Detect & predict threats to safety/quality, security & privacy Gain visibility (& control) Reduce your attack surface Deny adversaries the ability to pivot Respond in real- time Protect what matters most
WORDS OF WARNING: PAUL SIMMONDS @RSA2019 ©2019CROWDSTRIKE
CRITICAL SECURITY CONTROLS & “LATENT CAPABILITIES” ©2019CROWDSTRIKE CIS 20 CSC Workload Protection NGFW IAM PAM DLP Encryption URL Filtering Proxy EPP/EDR CASB IDS/IPS Anti-DDoS Application Shielding Threat Modeling Effective GRC SD-WAN Controls Inventory of authorized devices 0.75 0.75 0.5 0 0.25 0.25 0.25 0.25 Inventory of authorized software 0.25 Vulnerability Assessment & Remediation 0.25 Controlled Use of Adminstrative Privileges 0.25 Secure Configurations 0.25 Audit Logs 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.25 0.5 0 0.5 0.5 Email & Browswer Proections 0.25 Malware Defenses 1 1 1 0.25 Ports, Protocols and Services 1 0.25 Data Recovery 0.25 Secure Configurations for Network Devices 1 1 Boundary Defense 0.75 0.75 0.5 1 1 0.25 Data Protection 0.5 0.75 0.25 1 0.25 Controlled Access Based on the Need to Know 0.25 Wireless Access Control 0.25 Account Monitoring and Control 0.75 0.25 1 0 0.25 0.25 0.25 0.25 0.75 0.25 0 0.75 0.5 0.1 0.25 Security Skills Assessment 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 Application Software Security 1 0.25 Incident Response and Management 0.5 0.25 Penetration Tests 1 0.5 0.25 0.1 0.25 Visibility & Control BASIC Foundational Organizational Control Affinity Effectiveness Factor - 0, 0.1, 0.2…0.9, 1.0 Draft Version 2.0 - Bryan K. Fite CIS20 CSC– Control Census & Maturity• Threat Catalog –Threat Modelling&Simulation • RBAC (Groups &Directories) • ACLS &White Lists • Netflow • Segmentation, VPN’s, SSH& Micro segmentation • Bastion Host • Routing • IPV6 Logs are yourfriend!
CROWDSTRIKE’S ROLE IN ZERO TRUST ©2019CROWDSTRIKE Workload protection End point protection Visibility Analytics Control Authenticati on • EndPoint Protection • Zero Breach Mindset/Vision/ Guarantee • Threat Intelligence andContext • Machine Learning &AI • Indicators of Attack (IOA) • Force Multiplier • IR: Containment andRemediation • Visibility & Control
CONCLUSIONS
THANK YOU. ANY QUESTIONS? ©2019CROWDSTRIKE

Recommended

Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018
Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018
Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018Radu Vunvulea
 
Global Cybersecurity Blockchain Group
Global Cybersecurity Blockchain GroupGlobal Cybersecurity Blockchain Group
Global Cybersecurity Blockchain GroupMaeva Ghonda
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Priyanka Aash
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Forecast odcau6 100_eb
Forecast odcau6 100_ebForecast odcau6 100_eb
Forecast odcau6 100_ebOpen Data Center Alliance
 
Dev talks 2021 Data Science @crowdstrike
Dev talks 2021 Data Science @crowdstrikeDev talks 2021 Data Science @crowdstrike
Dev talks 2021 Data Science @crowdstrikeRuxandra Burtica
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 

Recommended

Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018
Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018
Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018Radu Vunvulea
 
Global Cybersecurity Blockchain Group
Global Cybersecurity Blockchain GroupGlobal Cybersecurity Blockchain Group
Global Cybersecurity Blockchain GroupMaeva Ghonda
 
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)
Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)Priyanka Aash
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company PresentationShah Sheikh
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trustscoopnewsgroup
 
Forecast odcau6 100_eb
Forecast odcau6 100_ebForecast odcau6 100_eb
Forecast odcau6 100_ebOpen Data Center Alliance
 
Dev talks 2021 Data Science @crowdstrike
Dev talks 2021 Data Science @crowdstrikeDev talks 2021 Data Science @crowdstrike
Dev talks 2021 Data Science @crowdstrikeRuxandra Burtica
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 
Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & SécuritéTechnofutur TIC
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyBKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyNexusguard
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.Moshe Ferber
 
Rethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native eraRethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native eraPriyanka Aash
 
Business Continuity and app Security
Business Continuity and app Security Business Continuity and app Security
Business Continuity and app Security Cristian Garcia G.
 
SecureData GI
SecureData GISecureData GI
SecureData GISecureData Europe
 
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Canada
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTWD Industries AG
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Challenges of Blockchain Technology for the Enterprise
Challenges of Blockchain Technology for the EnterpriseChallenges of Blockchain Technology for the Enterprise
Challenges of Blockchain Technology for the EnterpriseEugene Aseev
 
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudBest Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudAmazon Web Services
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNorth Texas Chapter of the ISSA
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyNetworkCollaborators
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Rama Kolappan – The multi-cloud geared for the digital business
Rama Kolappan – The multi-cloud geared for the digital businessRama Kolappan – The multi-cloud geared for the digital business
Rama Kolappan – The multi-cloud geared for the digital businessVeritas Technologies LLC
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Presales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptxPresales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptxPawachMetharattanara
 

More Related Content

What's hot

[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyBKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyNexusguard
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.Moshe Ferber
 
Rethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native eraRethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native eraPriyanka Aash
 
Business Continuity and app Security
Business Continuity and app Security Business Continuity and app Security
Business Continuity and app Security Cristian Garcia G.
 
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Canada
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTWD Industries AG
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Challenges of Blockchain Technology for the Enterprise
Challenges of Blockchain Technology for the EnterpriseChallenges of Blockchain Technology for the Enterprise
Challenges of Blockchain Technology for the EnterpriseEugene Aseev
 
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudBest Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudAmazon Web Services
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyNetworkCollaborators
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud securityVladimir Jirasek
 
Rama Kolappan – The multi-cloud geared for the digital business
Rama Kolappan – The multi-cloud geared for the digital businessRama Kolappan – The multi-cloud geared for the digital business
Rama Kolappan – The multi-cloud geared for the digital businessVeritas Technologies LLC
 

What's hot (20)

Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & Sécurité
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyBKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.
 
Rethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native eraRethinking Application Security for cloud-native era
Rethinking Application Security for cloud-native era
 
Business Continuity and app Security
Business Continuity and app Security Business Continuity and app Security
Business Continuity and app Security
 
SecureData GI
SecureData GISecureData GI
SecureData GI
 
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
Cisco Connect Vancouver 2017 - Cloud and on premises collaboration security e...
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
 
Challenges of Blockchain Technology for the Enterprise
Challenges of Blockchain Technology for the EnterpriseChallenges of Blockchain Technology for the Enterprise
Challenges of Blockchain Technology for the Enterprise
 
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the CloudBest Practices of IoT Security in the Cloud
Best Practices of IoT Security in the Cloud
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity StrategyCisco Connect 2018 Indonesia - Cybersecurity Strategy
Cisco Connect 2018 Indonesia - Cybersecurity Strategy
 
C-Level tools for Cloud security
C-Level tools for Cloud securityC-Level tools for Cloud security
C-Level tools for Cloud security
 
Rama Kolappan – The multi-cloud geared for the digital business
Rama Kolappan – The multi-cloud geared for the digital businessRama Kolappan – The multi-cloud geared for the digital business
Rama Kolappan – The multi-cloud geared for the digital business
 

Similar to Fal conunite2019 complete_zero_trust_final

Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Presales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptxPresales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptxPawachMetharattanara
 
Presales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptxPresales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptxPawachMetharattanara
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)Vince Garr
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachCA Technologies
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...Amazon Web Services
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Zscaler
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceShah Sheikh
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrZYMR, INC.
 
Zymr Cybersecurity
Zymr Cybersecurity Zymr Cybersecurity
Zymr Cybersecurity Zymr Cloud
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsOpenDNS
 

Similar to Fal conunite2019 complete_zero_trust_final (20)

Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
Presales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptxPresales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptx
 
Presales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptxPresales-Present_GravityZone Products_June2023.pptx
Presales-Present_GravityZone Products_June2023.pptx
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
Network security security landscape-10-11-2016 part i 1200 dpi (vgarr)
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Protecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data BreachProtecting the Software-Defined Data Center from Data Breach
Protecting the Software-Defined Data Center from Data Breach
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
 
Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity Turtles, Trust and The Future of Cybersecurity
Turtles, Trust and The Future of Cybersecurity
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - Zymr
 
Zymr Cybersecurity
Zymr Cybersecurity Zymr Cybersecurity
Zymr Cybersecurity
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower Costs
 
Can I Trust the Cloud?
Can I Trust the Cloud?Can I Trust the Cloud?
Can I Trust the Cloud?
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 

Fal conunite2019 complete_zero_trust_final

  • 1. TRUST VS CONTROL - COMPLETE ZERO TRUST “TRUST NO ONE THING”
  • 2. SPEAKER  Host of the annual Dayton Security Summit http://www.day-con.org  Creator of Packetwars™ the world’s first cyber sport  Facilitated Innovation & Structured Choice practice lead  SANS GIAC/GSEC Gold published author  Trusted Advisor & “Herder of Cats”  @BryanFite Global Account CISO at BT BRYAN K. FITE ©2019CROWDSTRIKE
  • 4. “THE PERIMETER IS DEAD…” ©2019CROWDSTRIKE Radical Thinking? (Digital)Identity is the new perimeter
  • 5. “LONG LIVE THE NEW PERIMETER” ©2019CROWDSTRIKE Radical Thinking? (Digital)Identity is the new perimeter
  • 6. “EVERYTHING OLD IS NEW AGAIN” ©2019CROWDSTRIKE 2000 2010 2005 2015
  • 7. DRAFT NIST SPECIAL PUBLICATION 800-207 - ZERO TRUST ARCHITECTURE ©2019CROWDSTRIKE An operative definition of ZTA is as follows: “Zero Trust Architecture (ZTA) provides a collection of concepts, ideas, and component relationships (architectures) designed to eliminate the uncertainty in enforcing accurate access decisions in information systems and services.” https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207- draft.pdf
  • 8. THE SECURITY MATURITY JOURNEY ©2019CROWDSTRIKE Naked SDWANNaked SDNBusiness Transforms with No Security Investment Traditional Security Investment with No Business Transformation Traditional Security Investment + Business Transformation Micro Segmentation, & Maturing CICD with virtualisation & containerisation + Business Transformation Naked SDWAN/DIA Naked BYOD / Mobility Complete Zero Trust Architecture + Business Transformation Cloud-based SecurityInvestment + Business Transformation 100% Protected, 0% Attack Surface *Theoretical! Cloud Adoption Mobility Adoption …Business Transformation done to you …Security Transformation done by you Complete Zero Trust OT Networks No Naked Networks On-prem approach Low Cloud Uptake Medium Cloud Uptake High Cloud Uptake On-Prem Virtualised Multi-Cloud Architecture Cloud First / Cloud Native Corporate Servers only Corporate Laptops Corporate Mobiles BYOD
  • 9. THREATS EVOLVE – ORGANIZATIONS MUST TOO ©2019CROWDSTRIKE $3.92m 34% Average total cost of data breach1 Percentage of breaches due to insider threat 25,575 Average number of records stolen1 Endpoint Workload Outside = Untrusted Work- load Work -load Work -load VPN Proxy NGFW IDS/IPS MPLS Sandbox SD-WAN Virtualisation Flow-based AnalyticsIR/Forensics Endpoint Workload Inside = Trusted Workload WorkloadWorkload Current approach: Perimeter-based security Security procrastinators Workload Inside = Untrusted Workload Workload Workload Workload EndpointEndpoint Workload Workload Workload Endpoint Workload Outside = Untrusted Work-load Work- load Work- load Complete Zero Trust
  • 10. TIME FOR A CHANGE: COMPLETE ZERO TRUST ©2019CROWDSTRIKE Trust no one & nothing Authenticate & Validate Complete & Dynamic Access Policy Workloa d protectio n End point protectio n Visibility Analytics Control Authentica tion The new realities Zero Trust tenets The BT way: Complete Zero Trust Network is always hostile Effectively no perimeter Static rules vs. dynamic threats
  • 11. REASONABLE RESPONSE ©2019CROWDSTRIKE Detect & predict threats to safety/quality, security & privacy Gain visibility (& control) Reduce your attack surface Deny adversaries the ability to pivot Respond in real- time Protect what matters most
  • 12. WORDS OF WARNING: PAUL SIMMONDS @RSA2019 ©2019CROWDSTRIKE
  • 13. CRITICAL SECURITY CONTROLS & “LATENT CAPABILITIES” ©2019CROWDSTRIKE CIS 20 CSC Workload Protection NGFW IAM PAM DLP Encryption URL Filtering Proxy EPP/EDR CASB IDS/IPS Anti-DDoS Application Shielding Threat Modeling Effective GRC SD-WAN Controls Inventory of authorized devices 0.75 0.75 0.5 0 0.25 0.25 0.25 0.25 Inventory of authorized software 0.25 Vulnerability Assessment & Remediation 0.25 Controlled Use of Adminstrative Privileges 0.25 Secure Configurations 0.25 Audit Logs 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.25 0.5 0 0.5 0.5 Email & Browswer Proections 0.25 Malware Defenses 1 1 1 0.25 Ports, Protocols and Services 1 0.25 Data Recovery 0.25 Secure Configurations for Network Devices 1 1 Boundary Defense 0.75 0.75 0.5 1 1 0.25 Data Protection 0.5 0.75 0.25 1 0.25 Controlled Access Based on the Need to Know 0.25 Wireless Access Control 0.25 Account Monitoring and Control 0.75 0.25 1 0 0.25 0.25 0.25 0.25 0.75 0.25 0 0.75 0.5 0.1 0.25 Security Skills Assessment 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 0.5 Application Software Security 1 0.25 Incident Response and Management 0.5 0.25 Penetration Tests 1 0.5 0.25 0.1 0.25 Visibility & Control BASIC Foundational Organizational Control Affinity Effectiveness Factor - 0, 0.1, 0.2…0.9, 1.0 Draft Version 2.0 - Bryan K. Fite CIS20 CSC– Control Census & Maturity• Threat Catalog –Threat Modelling&Simulation • RBAC (Groups &Directories) • ACLS &White Lists • Netflow • Segmentation, VPN’s, SSH& Micro segmentation • Bastion Host • Routing • IPV6 Logs are yourfriend!
  • 14. CROWDSTRIKE’S ROLE IN ZERO TRUST ©2019CROWDSTRIKE Workload protection End point protection Visibility Analytics Control Authenticati on • EndPoint Protection • Zero Breach Mindset/Vision/ Guarantee • Threat Intelligence andContext • Machine Learning &AI • Indicators of Attack (IOA) • Force Multiplier • IR: Containment andRemediation • Visibility & Control