SlideShare a Scribd company logo
1 of 19
© 2019 Adobe.
A Path to Achieving Network Security ZEN
Den Jones, Aron Anderson, Carlos Martinez
© 2019 Adobe. xxx
Zero-Trust: Why Do We Need It?
We mistakenly
consider the corporate
network safe
Network perimeter
no longer a security
boundary
Evolving tactics,
techniques & procedures
(TTP’s)
External (SaaS) Resources
Authentication ignored the
device
© 2019 Adobe. xxx
Defining Zero Trust – What Is It?
All networks
considered untrusted
Authentication
is now based on user
and device posture
Security boundary
evolved
© 2019 Adobe. xxx
Internal Applications
Defining Zero Trust – What Is It?
Security boundary
evolved
All networks
considered untrusted
ZEN
Platform
Authentication
is now based on user
and device posture
External (SaaS) Resources
© 2019 Adobe. xxx
Purpose
§ Transform our network and applications to a “cloud-like” state
§ Enable application access without the need to be internal or use VPN
§ Secure network level access based on user and device posture
5
© 2019 Adobe. xxx
Leverages Existing Investments In…
Authentication
Network Access Control
Logging
Endpoint Detection & Response
Device Management
© 2019 Adobe.
ZEN Overview
LEGEND
Client challenged for certificate
Active Directory
Compliance check to
Access Policy Engine
AuthN request to IdP
Client challenged for certificate
Compliance check to
Access Policy Engine
Allow access if all
conditions met
1
2
3
4a
4b
4c
5
xxx
© 2019 Adobe.
ZEN Overview
LEGEND
Request goes to web app
App makes AuthN request
to Okta
Okta delegates AuthN request
to vIDM
vIDM challenges client
for certificate
Certificate sent for authentication
CRL/OCSP Check
CRL/OCSP Response
Compliance Check
Response (Compliant)
If cert valid, vIDM generates
SAML response and send to Okta
Okta validates SAML, challenges
for MFA generates new SAML
response and sends to app
App validates SAML and if valid,
redirects user to protected
application content
1
2
3
4
5
6
7
8
9
10
11
12
xxx
© 2019 Adobe. xxx
Demo – compliant device
9
© 2019 Adobe. xxx
Demo – non-compliant device
10
© 2019 Adobe. xxx
User Behavior Analytics (UBA)
§ Applying data science and algorithms to identify anomalous activity
© 2019 Adobe. xxx
Purpose
§ Scale detection and prioritize analysis
§ Identification of anomalous events based on ML and statistical analysis
§ Leverage existing investments
§ Built using existing log and data sources (user auth events, endpoint posture)
§ Engage the user in the security process
§ User notification with call to action
§ Programmatic activity based on user response
§ Device posture published to central portal (Trust Score Engine)
12
© 2019 Adobe. xxx
User Analytics Overview
13
API call to log
sources
• Logon events for
specified window
• User or device specific
info (travel data
example)
• Data filtering to specific
employee and event
types
Generate features
based on checks
• Examples:
• IP correlation (Adobe
owned)
• Match based on
threat intel (UAS, Geo,
IP)
• Inclusion of known
travel data
• Comparison with
attribute whitelists
• Statistical and ML
analysis using
historical data
Data tracking and
escalation
• Add features to dataset
(including DB)
• Escalation to users using
email and portal (API
based)
• Parsing of user
responses (Escalation or
updates to user
whitelist)
© 2019 Adobe.
Progress To Date
§ Certificates deployed to over 42,000 devices
§ 2000+ ZEN enabled applications
§ 30+ applications available via proxy
§ Trust Score Engine in production
§ Positive user response and interactions
§ 17,000+ employees don't have to change passwords every 90 days
§ Increased business process and user visibility
§ Identification of previously undetected malicious activity
§ Support for user workflow improvements
xxx
© 2019 Adobe.
Lessons Learned
§ No single off-the-shelf solution exists
§ Bringing vendors together is time consuming
§ Technology overlap
© 2019 Adobe.
IDSA Participation Benefits
§ Forum for pushing cross-vendor initiatives
§ Provides reality to the vendor ’echo-chamber’
§ Exposure to vendors, technologies, use cases, best practices
§ Improves knowledge and effectiveness of the team
§ Help drive innovation in the industry with vendors and solution providers
© 2019 Adobe.
IDSA-DP-002
17
© 2019 Adobe. xxx
Resources
§ Adobe Zero-Trust Whitepaper
https://adobe.com/go/projectZEN
§ Trust Center
https://trust.adobe.com
§ Open Source CCF v2.0
https://www.adobe.com/go/open-source-ccf
§ Security @ Adobe blog
https://blogs.adobe.com/security/
§ Advisories and updates
https://www.adobe.com/support/security
§ Twitter: @AdobeSecurity, @DenJonesCyber (Den Jones)
© 2019 Adobe.

More Related Content

What's hot

Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastCloudflare
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit
 

What's hot (20)

Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
ATT&CKcon Intro
ATT&CKcon IntroATT&CKcon Intro
ATT&CKcon Intro
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure Sentinel
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 

Similar to Zero Trust Enterprise Network at Adobe

IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoCristian Garcia G.
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Amazon Web Services
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2jeffirby
 
Developing a Secure and Compliant Cloud Strategy for Financial Services
Developing a Secure and Compliant Cloud Strategy for Financial ServicesDeveloping a Secure and Compliant Cloud Strategy for Financial Services
Developing a Secure and Compliant Cloud Strategy for Financial ServicesBitglass
 
30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love Cloud30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love CloudVuzion
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup SlidesJacksonMorgan9
 
Multi-tenancy In the Cloud
Multi-tenancy In the CloudMulti-tenancy In the Cloud
Multi-tenancy In the Cloudsdevillers
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Standards Customer Council
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Amazon Web Services
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...3camp
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 

Similar to Zero Trust Enterprise Network at Adobe (20)

IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2
 
Developing a Secure and Compliant Cloud Strategy for Financial Services
Developing a Secure and Compliant Cloud Strategy for Financial ServicesDeveloping a Secure and Compliant Cloud Strategy for Financial Services
Developing a Secure and Compliant Cloud Strategy for Financial Services
 
30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love Cloud30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love Cloud
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 
Cloud & Software Terms Defined
Cloud & Software Terms DefinedCloud & Software Terms Defined
Cloud & Software Terms Defined
 
Multi-tenancy In the Cloud
Multi-tenancy In the CloudMulti-tenancy In the Cloud
Multi-tenancy In the Cloud
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Key Capibilities.pptx
Key Capibilities.pptxKey Capibilities.pptx
Key Capibilities.pptx
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmierte...
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 

More from Vishwas Manral

IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SVVishwas Manral
 
0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrityVishwas Manral
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunVishwas Manral
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
Docker security microservices
Docker security  microservicesDocker security  microservices
Docker security microservicesVishwas Manral
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Vishwas Manral
 

More from Vishwas Manral (7)

IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SV
 
0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel Abiodun
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
Docker security microservices
Docker security  microservicesDocker security  microservices
Docker security microservices
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2
 

Recently uploaded

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 

Recently uploaded (20)

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 

Zero Trust Enterprise Network at Adobe

  • 1. © 2019 Adobe. A Path to Achieving Network Security ZEN Den Jones, Aron Anderson, Carlos Martinez
  • 2. © 2019 Adobe. xxx Zero-Trust: Why Do We Need It? We mistakenly consider the corporate network safe Network perimeter no longer a security boundary Evolving tactics, techniques & procedures (TTP’s) External (SaaS) Resources Authentication ignored the device
  • 3. © 2019 Adobe. xxx Defining Zero Trust – What Is It? All networks considered untrusted Authentication is now based on user and device posture Security boundary evolved
  • 4. © 2019 Adobe. xxx Internal Applications Defining Zero Trust – What Is It? Security boundary evolved All networks considered untrusted ZEN Platform Authentication is now based on user and device posture External (SaaS) Resources
  • 5. © 2019 Adobe. xxx Purpose § Transform our network and applications to a “cloud-like” state § Enable application access without the need to be internal or use VPN § Secure network level access based on user and device posture 5
  • 6. © 2019 Adobe. xxx Leverages Existing Investments In… Authentication Network Access Control Logging Endpoint Detection & Response Device Management
  • 7. © 2019 Adobe. ZEN Overview LEGEND Client challenged for certificate Active Directory Compliance check to Access Policy Engine AuthN request to IdP Client challenged for certificate Compliance check to Access Policy Engine Allow access if all conditions met 1 2 3 4a 4b 4c 5 xxx
  • 8. © 2019 Adobe. ZEN Overview LEGEND Request goes to web app App makes AuthN request to Okta Okta delegates AuthN request to vIDM vIDM challenges client for certificate Certificate sent for authentication CRL/OCSP Check CRL/OCSP Response Compliance Check Response (Compliant) If cert valid, vIDM generates SAML response and send to Okta Okta validates SAML, challenges for MFA generates new SAML response and sends to app App validates SAML and if valid, redirects user to protected application content 1 2 3 4 5 6 7 8 9 10 11 12 xxx
  • 9. © 2019 Adobe. xxx Demo – compliant device 9
  • 10. © 2019 Adobe. xxx Demo – non-compliant device 10
  • 11. © 2019 Adobe. xxx User Behavior Analytics (UBA) § Applying data science and algorithms to identify anomalous activity
  • 12. © 2019 Adobe. xxx Purpose § Scale detection and prioritize analysis § Identification of anomalous events based on ML and statistical analysis § Leverage existing investments § Built using existing log and data sources (user auth events, endpoint posture) § Engage the user in the security process § User notification with call to action § Programmatic activity based on user response § Device posture published to central portal (Trust Score Engine) 12
  • 13. © 2019 Adobe. xxx User Analytics Overview 13 API call to log sources • Logon events for specified window • User or device specific info (travel data example) • Data filtering to specific employee and event types Generate features based on checks • Examples: • IP correlation (Adobe owned) • Match based on threat intel (UAS, Geo, IP) • Inclusion of known travel data • Comparison with attribute whitelists • Statistical and ML analysis using historical data Data tracking and escalation • Add features to dataset (including DB) • Escalation to users using email and portal (API based) • Parsing of user responses (Escalation or updates to user whitelist)
  • 14. © 2019 Adobe. Progress To Date § Certificates deployed to over 42,000 devices § 2000+ ZEN enabled applications § 30+ applications available via proxy § Trust Score Engine in production § Positive user response and interactions § 17,000+ employees don't have to change passwords every 90 days § Increased business process and user visibility § Identification of previously undetected malicious activity § Support for user workflow improvements xxx
  • 15. © 2019 Adobe. Lessons Learned § No single off-the-shelf solution exists § Bringing vendors together is time consuming § Technology overlap
  • 16. © 2019 Adobe. IDSA Participation Benefits § Forum for pushing cross-vendor initiatives § Provides reality to the vendor ’echo-chamber’ § Exposure to vendors, technologies, use cases, best practices § Improves knowledge and effectiveness of the team § Help drive innovation in the industry with vendors and solution providers
  • 18. © 2019 Adobe. xxx Resources § Adobe Zero-Trust Whitepaper https://adobe.com/go/projectZEN § Trust Center https://trust.adobe.com § Open Source CCF v2.0 https://www.adobe.com/go/open-source-ccf § Security @ Adobe blog https://blogs.adobe.com/security/ § Advisories and updates https://www.adobe.com/support/security § Twitter: @AdobeSecurity, @DenJonesCyber (Den Jones)