SlideShare a Scribd company logo

The 1st Step to Zero Trust: Asset Management for Cybersecurity

N
nathan-axonius

Eight years after former Forrester analyst John Kindervag introduced the Zero Trust model, the concept has hit the mainstream. As current Forrester analyst Chase Cunningham says, 85% of his calls involve zero trust. With the amount of interest in the concept, many organizations are rushing to understand how to implement the zero-trust model. In this guide, we’ll look at the first step to implementing zero trust: asset management.

Business
1 of 22
Download to read offline
T H E 1 S T S T E P T O Z E R O T R U S T The 1st Step to Zero Trust: Asset Management for Cybersecurity “If I have 20 calls, 17 are about Zero Trust. CISOs, CIOs and CEOs are all interested, and companies of various sizes are interested. And in three years, I think Zero Trust will be cited as one of the big-time frameworks in cyber security. Period.” Chase Cunningham Principal Analyst, Forrester O V E R V I E W Eight years after former Forrester analyst John Kindervag introduced the Zero Trust model, the concept has hit the mainstream. As current Forrester analyst Chase Cunningham says, 85% of his calls involve zero trust. With the amount of interest in the concept, many organizations are rushing to understand how to implement the zero-trust model. In this guide, we’ll look at the first step to implementing zero trust: asset management.
T H E 1 S T S T E P T O Z E R O T R U S T Table of Contents The 1st Step to Zero Trust: Asset Management for Cybersecurity ....................................... 1 Overview........................................................................................................................................................1 The Evolution of Zero Trust........................................................................................................... 3 What is Zero Trust? .......................................................................................................................... 3 Technologies Associated with Zero Trust .................................................................................. 5 Active directory............................................................................................................................................6 Endpoint Protection....................................................................................................................................7 Vulnerability Assessment..........................................................................................................................8 Identity and Access Management ...........................................................................................................9 Mobile Device Management....................................................................................................................10 Switches and Routers...............................................................................................................................11 Cybersecurity Asset Management.........................................................................................................12 Implementing the Zero Trust Model..........................................................................................13 Understand What Devices You have.....................................................................................................13 Distinguish Between Managed and Unmanaged Devices................................................................13 Address the Gaps in Security Solution Coverage ..............................................................................14 Establish Ongoing User Access Auditing ............................................................................................14 Implement Security Policy Validation...................................................................................................14 Cybersecurity Asset Management – The 1st Step to Zero Trust..........................................15 Connecting to Existing Security and IT Management Solutions....................................................15 Creating a Comprehensive View of All Devices.................................................................................16 Identifying Unmanaged Devices............................................................................................................17 Understanding Security Solution Coverage ........................................................................................18 Creating Alerts...........................................................................................................................................19 Enhancing Device and User Data...........................................................................................................20 About Axonius ................................................................................................................................21 Get Started .......................................................................................................................................21 Support and Questions .................................................................................................................21 Thank You........................................................................................................................................21 Sources Cited ..................................................................................................................................22
T H E 1 S T S T E P T O Z E R O T R U S T The Evolution of Zero Trust Wendy Nather, Director, Advisory CISOs at Duo security in a video interview during RSA 2018 concisely explained the following evolution of the Zero Trust model: • 2003 - “The Jericho Forum - a bunch of financial services CISOs - got together in the UK and started talking about how we really shouldn’t trust anything just because it’s inside the perimeter. They proposed a collaborative architecture, and I remember at the time reading about it and saying, ‘that sounds great, but how in the world would you do that?’." • 2009 - “John Kindervag (when he was a principal analyst at Forrester) coined the term ‘Zero Trust’ and how you might implement that according to his model within the enterprise.” • 2014 - “Google had figured out how to implement the model inside of their organization and started issuing white papers and doing talks about how the implemented it, and they called their model BeyondCorp. Especially when Google sat up and said ’this is how we did it,’ people started to see that it was within reach in their organizations as well, and it gained steam from there." What is Zero Trust? Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. While traditional information security approaches used the castle-and-moat analogy that focuses on defending a perimeter and assumes anything on the inside is safe, the Zero Trust model makes no assumption based on position relative to perimeter. Just because a user or asset has made it onto the corporate network does not automatically infer a level of confidence. Examples about to show that the castle-and-moat approach doesn’t work. From the smart fish tank that left a casino vulnerable to cyber criminals to the oft-cited Target breach caused by compromised credentials from an HVAC company, examples abound showing how much damage can be caused by trusting users and systems that have crossed the moat and were considered trustworthy.
T H E 1 S T S T E P T O Z E R O T R U S T “In working with some of the largest companies on earth, I’ve seen countless cases where a trusted user or device could completely take down a corporate environment,” said Dean Sysman, CEO and Co- Founder at Axonius. “For example, I’ve seen Fortune 500 companies that have service accounts with full admin access to every machine in the organization. Coming from an offensive background, I can tell you with confidence that if a malicious actor gained those credentials, it’s game over. You would literally need to start over and rebuild the network from scratch.” The threat of bad actors and high-profile breaches alone are compelling reasons to consider the zero- trust approach. But FUD aside, the most pragmatic driver is the change in the way we work. In the not-so-distant past, work was a place where people sat in a building with Windows desktops connected to a physical network via ethernet cable. These were people that were trusted employees using corporate sanctioned devices to access information necessary to perform their work. In that world, the castle-and-moat approach made sense: only those workers with physical access to the network were allowed to touch what was within the firewall. And then things changed. Trends like cloud, virtualization, BYOD, work-from-home, mobile devices, and IoT have completely transformed the way we work and, in the process, removed the perimeter. Right now, I’m writing this paper on an Amtrak train in route to New York City while logged in to my corporate email running on Google Apps. I’ll finish writing using my personal laptop on my home network. Where’s the perimeter? A vastly different computing environment creates a massively distributed attack surface that requires a fundamental rethinking of our security framework.
T H E 1 S T S T E P T O Z E R O T R U S T Technologies Associated with Zero Trust A quick Google search will tell you that nearly every cybersecurity vendor is on the zero-trust bandwagon. With more than 30 million results and rising, the term hasn’t leveled off yet. Let’s take a look at some of the functional areas associated with zero-trust and the technologies that can help. 1. What is the device that is trying to access corporate assets? Is the device in question a laptop? Smart TV? IoT Device? Knowing the type of device is the first in a series of granular questions to ask to determine whether granting access is appropriate. For example, a web-enabled baby monitor probably shouldn’t be trying to request data from a file share. 2. Is the core software up to date? Assuming a device clears the first hurdle, let’s then check to see whether the OS is current. You may not want a laptop running XP to have access to, well, anything really. 3. Which vulnerabilities exist on the device? Aside from the core software, what else is installed? What vulnerabilities come with the additional software resident on the device? 4. Is the device “managed”? Most organizations mandate that a specified endpoint protection solution is installed on each device, usually with an agent. If that agent isn’t installed (or isn’t running), you may want to only allow that device on the guest network, and you may want to force an installation of said agent before accessing anything that isn’t publicly available. 5. What user is logged in? Now that we know about the device, let’s figure out the person using it. Is it a network admin? A member of the finance group? Someone that left the company 6 months ago? 6. Does the user have access? Finally, let’s try to understand whether the user should be able to access what they are requesting. Let’s take a look at some of the technologies that can answer the questions above.
T H E 1 S T S T E P T O Z E R O T R U S T A C T I V E D I R E C T O R Y Active Directory can help us to understand the device and user roles and how each fits in the organizational policy. At the most basic level, AD can tell us whether a user and device are known and have permission to access any corporate asset. At the most granular, AD can tell us which assets are accessible by looking at group membership and policy adherence.
T H E 1 S T S T E P T O Z E R O T R U S T E N D P O I N T P R O T E C T I O N Most organizations mandate that an EDR or EPP solution is installed and running on every endpoint. These solutions can detect, prevent, and remove malicious items like malware before they can move laterally and infect other network assets. Additionally, in a BYOD and remote working environment, cloud-delivered endpoint protection products can be the only way to understand the security status of devices that never connect to a corporate network or VPN. Devices with an Endpoint Protection Platform installed
T H E 1 S T S T E P T O Z E R O T R U S T V U L N E R A B I L I T Y A S S E S S M E N T To understand which vulnerabilities are present on any device, organizations us VA tools to compare lists of known vulnerabilities to the version of each application present. Based on the severity of any vulnerabilities found, actions can be taken to either prevent a device from accessing corporate data, or if a patch is available, force an upgrade before granting access. Although some VA tools have discovery capabilities, many will only scan devices that they know about in a given IP range. Because of this, we cannot rely on a result such as “no known vulnerability detected” as a condition to be met, as that requirement could come from a VA tool simply not knowing that a device exists. Devices that have not been scanned by a Vulnerability Assessment Tool.
T H E 1 S T S T E P T O Z E R O T R U S T I D E N T I T Y A N D A C C E S S M A N A G E M E N T Aside from Active Directory, many organizations are looking to IAM providers that offer multi-factor authentication and single sign-on for added security and for added convenience. These products can also add application-level permissions for cloud-based services. For example, a company may use AD to authenticate users to access files and corporate email but may use an IAM provider to understand which users should have access to the CRM.
T H E 1 S T S T E P T O Z E R O T R U S T M O B I L E D E V I C E M A N A G E M E N T In an increasingly mobile world, organizations cannot just rely on endpoint protection, as employees use mobile devices constantly, switch devices often, and take their devices with them when they leave. MDM lets companies grant and revoke access at any time without needing physical access to an employee’s personal devices.
T H E 1 S T S T E P T O Z E R O T R U S T S W I T C H E S A N D R O U T E R S To understand which devices are unmanaged, we want to look at those devices that are managed (have an agent installed) and compare those to the list of devices known to the switches and routers to find the delta (those IP addresses that are known only to the network without agents installed). This will give us a list of unmanaged devices to create a candidate set to decide which devices should be managed, and those that are unnecessary. Unmanaged devices known only to the network.
T H E 1 S T S T E P T O Z E R O T R U S T C Y B E R S E C U R I T Y A S S E T M A N A G E M E N T A relatively new category, cybersecurity asset management products seek to give a comprehensive view into all assets and users to understand the security posture of each. By connecting to all security and IT products in an organization’s environment, cybersecurity asset management tools can give a continuous view of the relationship between devices, users, and security product coverage to constantly validate each against the organization’s security policy. A few examples: • Which devices are unmanaged, but should have an agent? • What percentage of devices are running our endpoint protection platform? • Which devices aren’t being scanned by our VA tool? • Which users have improper access rights or passwords that never expire? • Which of my IoT devices were manufactured in x country? This new category seeks to use all other security products to correlate data into a single, actionable view.
T H E 1 S T S T E P T O Z E R O T R U S T Implementing the Zero Trust Model Going from the traditional perimeter-based approach to zero-trust can seem daunting, but it’s not an all- or-nothing process. Many organizations approach zero-trust as an aspirational future state, making new security purchasing and implementation decisions with eventual zero-trust in mind. A few steps organizations can follow to get started on the path to zero-trust: 1. Understand what devices you have. 2. Distinguish between devices that are managed and unmanaged. Then determine which should be managed. 3. Map out security solution coverage and address the gaps. 4. Establish ongoing user access auditing. 5. Implement security policy validation. U N D E R S T A N D W H A T D E V I C E S Y O U H A V E You can only secure what you can see, and until you know which devices are in your environment, it’s impossible to know whether those devices are satisfactorily secure. Establishing an ongoing device discovery, classification, and inventory process should be the first step in planning for a zero-trust future. D I S T I N G U I S H B E T W E E N M A N A G E D A N D U N M A N A G E D D E V I C E S A Smart TV in a conference room is different from the CEO’s laptop, and they should be treated differently. While the Smart TV doesn’t need an endpoint agent or a patching schedule, the laptop does. Creating a process to take action based on asset classification is critical.
T H E 1 S T S T E P T O Z E R O T R U S T A D D R E S S T H E G A P S I N S E C U R I T Y S O L U T I O N C O V E R A G E In our experience, every organization has devices that are missing security solution coverage. Whether that means AWS instances not known to a VA scanner, R&D machines without an EDR solution, or iPhones without MDM, there are always gaps to be addressed. Addressing these gaps in an ongoing basis is a necessity for any organization thinking about zero-trust. E S T A B L I S H O N G O I N G U S E R A C C E S S A U D I T I N G Are there users in your environment with local admin access to all machines? Users with passwords not required or set to never expire? Service accounts with keys to the kingdom? Even with strict access controls and granular policies, creating an ongoing auditing process is needed to ensure proper access rights. I M P L E M E N T S E C U R I T Y P O L I C Y V A L I D A T I O N Finally, any security policy on paper is only as good as it is enforced and validated in reality. Implementing a security policy validation process is the only way to make sure that nothing is being missed and that exceptions aren’t being exploited.
T H E 1 S T S T E P T O Z E R O T R U S T Cybersecurity Asset Management – The 1st Step to Zero Trust As mentioned earlier, Cybersecurity Asset Management is a new approach to providing comprehensive visibility into all devices, users, and the security products that cover them in order to validate security policies. C O N N E C T I N G T O E X I S T I N G S E C U R I T Y A N D I T M A N A G E M E N T S O L U T I O N S Instead of installing an agent, scanning, or sniffing traffic, Cybersecurity Asset Management solutions connect to the different security and management solutions a customer already uses via adapters. Customers simply provide credentials (API keys, Tokens, etc.), and the system immediately starts collecting and correlating information about assets. This way, there are no agents to install or maintain, no bottlenecks to route traffic through, and there is no limit to scale and no performance degradation.
T H E 1 S T S T E P T O Z E R O T R U S T C R E A T I N G A C O M P R E H E N S I V E V I E W O F A L L D E V I C E S After connecting all relevant adapters, a Cybersecurity Asset Management Platform will create a correlated list of all devices that can be filtered and sorted by any property. As the solution is constantly requesting up-to-date data from every connected solution, the list of devices is always as close to real- time as the connected solutions allow.
T H E 1 S T S T E P T O Z E R O T R U S T I D E N T I F Y I N G U N M A N A G E D D E V I C E S By connecting to the security and management solutions and comparing results to what is known only to the switches and routers, the CSAM solution is able to produce a list of unmanaged devices, allowing customers to distinguish between devices that should not be managed (think of a Smart TV in a conference room or an Amazon Alexa in the reception area), and an AWS instance that the Security and IT teams don’t know about. Unmanaged devices in the Axonius Cybersecurity Asset Management Platform.
T H E 1 S T S T E P T O Z E R O T R U S T U N D E R S T A N D I N G S E C U R I T Y S O L U T I O N C O V E R A G E Even with a security policy that dictates every device needs an endpoint agent and must be scanned by a VA tool, most organizations have gaps in coverage. With a CSAM solution, customers are able to understand which devices are not covered so they can act. Devices not scanned by a Vulnerability Assessment Tool.
T H E 1 S T S T E P T O Z E R O T R U S T C R E A T I N G A L E R T S The core value of Cybersecurity Asset Management Tools is the ability to ask questions that validate a security policy in an ongoing basis and to create alerts to notify staff or other solutions when something does not adhere to the policy. To do that, CSAM solutions allow customers to save any query and to create an alert from a query that can be sent via email, syslog, or through an integration with another system (examples include SIEM solutions and ticketing systems). Example of an alert in the Axonius Cybersecurity Asset Management Platform.
T H E 1 S T S T E P T O Z E R O T R U S T E N H A N C I N G D E V I C E A N D U S E R D A T A In many cases, organizations are already using many different security solutions and do not want yet another system to maintain and staff, but instead want to integrate CSAM data with a system of record. Using the API of the CSAM solution, customers are able to extract additional contextual information about users and devices and push that data into their existing systems. Sample API calls from the Axonius Cybersecurity Asset Management Platform.
T H E 1 S T S T E P T O Z E R O T R U S T About Axonius For organizations that see opportunity in today’s always-on and always-connected reality, Axonius is the Cyber Security Asset Management (CSAM) platform that lets IT and Security teams see devices for what they are in order to manage and secure all. By easily integrating with customers’ existing management and security technologies and using an extensible plugin infrastructure to add custom logic, customers are able to get a unified view of all devices – both known and unknown. Axonius aims to be IT’s favorite Security tool and Security’s favorite IT tool. For more information and to see what’s possible with a universal view of all devices, visit Axonius.com. Get Started Because it integrates natively with the Security and IT solutions customers already have, getting started is painless and fast. To get a demo and to see what you can do with a unified view of all assets, click the button below. Support and Questions We are committed to helping our customers deploy, configure, and start seeing value immediately. The POC deployment process will be hands-on, with any and all support services available to get up and running. Should you have any questions, concerns, or product feedback, please do not hesitate to contact your Axonius account representative at any time. Thank You Finally, we want to thank you for considering working with Axonius. As IT and Security professionals ourselves, we understand the time and effort it takes to consider a new product. Thank you for trusting us to help you.
T H E 1 S T S T E P T O Z E R O T R U S T Sources Cited BeyondCorp - A New Approach to Enterprise security By Rory Ward and Betsy Beyer December, 2014 https://storage.googleapis.com/pub-tools-public-publication-data/pdf/43231.pdf What is Zero Trust? A model for more effective security By Mary K. Pratt January, 2018 https://www.csoonline.com/article/3247848/network-security/what-is-zero-trust-a-model-for-more- effective-security.html Salted Hash Video: Learn what the 'zero trust' security model really means By Steve Ragan and Wendy Nather https://www.idg.tv/video/87016/learn-what-the-zero-trust-security-model-really-means-salted-hash-ep-29

Recommended

Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityRohit Kapoor
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...Max Justice
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 

Recommended

Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityRohit Kapoor
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...An in depth understanding in the application of the zero-trust security model...
An in depth understanding in the application of the zero-trust security model...Max Justice
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 
Forrester zero trust_dna
Forrester zero trust_dna Forrester zero trust_dna
Forrester zero trust_dnaCristian Garcia G.
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Securescoopnewsgroup
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityCentrify Corporation
 
Don't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceDon't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceEnterprise Technology Management (ETM)
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxAccuKnox
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Management Associates
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustFrans Sauermann
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019Advanced Technology Consulting (ATC)
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Dana Gardner
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 

More Related Content

What's hot

“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Securescoopnewsgroup
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityCentrify Corporation
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxAccuKnox
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Management Associates
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustFrans Sauermann
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 

What's hot (20)

“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
 
Forrester zero trust_dna
Forrester zero trust_dna Forrester zero trust_dna
Forrester zero trust_dna
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
 
Don't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceDon't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_compliance
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnoxZero Trust Run-time Kubernetes Security made easy with AccuKnox
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
 
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
Enterprise Zero Trust Networking Strategies: Secure Remote Access and Network...
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 

Similar to The 1st Step to Zero Trust: Asset Management for Cybersecurity

Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Dana Gardner
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
Staying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters NowStaying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters NowCapgemini
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxCNSHacking
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMRick Bouter
 
Cyber security basics for law firms
Cyber security basics for law firmsCyber security basics for law firms
Cyber security basics for law firmsRobert Westmacott
 
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...Dana Gardner
 
Will factory cybersecurity keep up with the accelerating IoT.docx
Will factory cybersecurity keep up with the accelerating IoT.docxWill factory cybersecurity keep up with the accelerating IoT.docx
Will factory cybersecurity keep up with the accelerating IoT.docxVirha Tiku
 
Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...
Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...
Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...Mighty Guides, Inc.
 
TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015sllongo3
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330Jim Kramer
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 

Similar to The 1st Step to Zero Trust: Asset Management for Cybersecurity (20)

Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
Cloud Security Crosses the Chasm, How IT Now Goes to the Cloud for Better Sec...
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
Staying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters NowStaying Ahead in the Cybersecurity Game: What Matters Now
Staying Ahead in the Cybersecurity Game: What Matters Now
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Buckle Up
Buckle UpBuckle Up
Buckle Up
 
Internet
InternetInternet
Internet
 
expert tips
expert tipsexpert tips
expert tips
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBM
 
Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation
 
Cyber security basics for law firms
Cyber security basics for law firmsCyber security basics for law firms
Cyber security basics for law firms
 
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
Expert Panel Explores Heightened Role of Security for Cloud and Mobile Apps D...
 
Will factory cybersecurity keep up with the accelerating IoT.docx
Will factory cybersecurity keep up with the accelerating IoT.docxWill factory cybersecurity keep up with the accelerating IoT.docx
Will factory cybersecurity keep up with the accelerating IoT.docx
 
Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...
Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...
Carbon Black: Moving to a Cloud Based Next Generation Platform for Endpoint S...
 
TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
 

Recently uploaded

BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...lizamodels9
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedKaiNexus
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 

Recently uploaded (20)

BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 

The 1st Step to Zero Trust: Asset Management for Cybersecurity

  • 1. T H E 1 S T S T E P T O Z E R O T R U S T The 1st Step to Zero Trust: Asset Management for Cybersecurity “If I have 20 calls, 17 are about Zero Trust. CISOs, CIOs and CEOs are all interested, and companies of various sizes are interested. And in three years, I think Zero Trust will be cited as one of the big-time frameworks in cyber security. Period.” Chase Cunningham Principal Analyst, Forrester O V E R V I E W Eight years after former Forrester analyst John Kindervag introduced the Zero Trust model, the concept has hit the mainstream. As current Forrester analyst Chase Cunningham says, 85% of his calls involve zero trust. With the amount of interest in the concept, many organizations are rushing to understand how to implement the zero-trust model. In this guide, we’ll look at the first step to implementing zero trust: asset management.
  • 2. T H E 1 S T S T E P T O Z E R O T R U S T Table of Contents The 1st Step to Zero Trust: Asset Management for Cybersecurity ....................................... 1 Overview........................................................................................................................................................1 The Evolution of Zero Trust........................................................................................................... 3 What is Zero Trust? .......................................................................................................................... 3 Technologies Associated with Zero Trust .................................................................................. 5 Active directory............................................................................................................................................6 Endpoint Protection....................................................................................................................................7 Vulnerability Assessment..........................................................................................................................8 Identity and Access Management ...........................................................................................................9 Mobile Device Management....................................................................................................................10 Switches and Routers...............................................................................................................................11 Cybersecurity Asset Management.........................................................................................................12 Implementing the Zero Trust Model..........................................................................................13 Understand What Devices You have.....................................................................................................13 Distinguish Between Managed and Unmanaged Devices................................................................13 Address the Gaps in Security Solution Coverage ..............................................................................14 Establish Ongoing User Access Auditing ............................................................................................14 Implement Security Policy Validation...................................................................................................14 Cybersecurity Asset Management – The 1st Step to Zero Trust..........................................15 Connecting to Existing Security and IT Management Solutions....................................................15 Creating a Comprehensive View of All Devices.................................................................................16 Identifying Unmanaged Devices............................................................................................................17 Understanding Security Solution Coverage ........................................................................................18 Creating Alerts...........................................................................................................................................19 Enhancing Device and User Data...........................................................................................................20 About Axonius ................................................................................................................................21 Get Started .......................................................................................................................................21 Support and Questions .................................................................................................................21 Thank You........................................................................................................................................21 Sources Cited ..................................................................................................................................22
  • 3. T H E 1 S T S T E P T O Z E R O T R U S T The Evolution of Zero Trust Wendy Nather, Director, Advisory CISOs at Duo security in a video interview during RSA 2018 concisely explained the following evolution of the Zero Trust model: • 2003 - “The Jericho Forum - a bunch of financial services CISOs - got together in the UK and started talking about how we really shouldn’t trust anything just because it’s inside the perimeter. They proposed a collaborative architecture, and I remember at the time reading about it and saying, ‘that sounds great, but how in the world would you do that?’." • 2009 - “John Kindervag (when he was a principal analyst at Forrester) coined the term ‘Zero Trust’ and how you might implement that according to his model within the enterprise.” • 2014 - “Google had figured out how to implement the model inside of their organization and started issuing white papers and doing talks about how the implemented it, and they called their model BeyondCorp. Especially when Google sat up and said ’this is how we did it,’ people started to see that it was within reach in their organizations as well, and it gained steam from there." What is Zero Trust? Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. While traditional information security approaches used the castle-and-moat analogy that focuses on defending a perimeter and assumes anything on the inside is safe, the Zero Trust model makes no assumption based on position relative to perimeter. Just because a user or asset has made it onto the corporate network does not automatically infer a level of confidence. Examples about to show that the castle-and-moat approach doesn’t work. From the smart fish tank that left a casino vulnerable to cyber criminals to the oft-cited Target breach caused by compromised credentials from an HVAC company, examples abound showing how much damage can be caused by trusting users and systems that have crossed the moat and were considered trustworthy.
  • 4. T H E 1 S T S T E P T O Z E R O T R U S T “In working with some of the largest companies on earth, I’ve seen countless cases where a trusted user or device could completely take down a corporate environment,” said Dean Sysman, CEO and Co- Founder at Axonius. “For example, I’ve seen Fortune 500 companies that have service accounts with full admin access to every machine in the organization. Coming from an offensive background, I can tell you with confidence that if a malicious actor gained those credentials, it’s game over. You would literally need to start over and rebuild the network from scratch.” The threat of bad actors and high-profile breaches alone are compelling reasons to consider the zero- trust approach. But FUD aside, the most pragmatic driver is the change in the way we work. In the not-so-distant past, work was a place where people sat in a building with Windows desktops connected to a physical network via ethernet cable. These were people that were trusted employees using corporate sanctioned devices to access information necessary to perform their work. In that world, the castle-and-moat approach made sense: only those workers with physical access to the network were allowed to touch what was within the firewall. And then things changed. Trends like cloud, virtualization, BYOD, work-from-home, mobile devices, and IoT have completely transformed the way we work and, in the process, removed the perimeter. Right now, I’m writing this paper on an Amtrak train in route to New York City while logged in to my corporate email running on Google Apps. I’ll finish writing using my personal laptop on my home network. Where’s the perimeter? A vastly different computing environment creates a massively distributed attack surface that requires a fundamental rethinking of our security framework.
  • 5. T H E 1 S T S T E P T O Z E R O T R U S T Technologies Associated with Zero Trust A quick Google search will tell you that nearly every cybersecurity vendor is on the zero-trust bandwagon. With more than 30 million results and rising, the term hasn’t leveled off yet. Let’s take a look at some of the functional areas associated with zero-trust and the technologies that can help. 1. What is the device that is trying to access corporate assets? Is the device in question a laptop? Smart TV? IoT Device? Knowing the type of device is the first in a series of granular questions to ask to determine whether granting access is appropriate. For example, a web-enabled baby monitor probably shouldn’t be trying to request data from a file share. 2. Is the core software up to date? Assuming a device clears the first hurdle, let’s then check to see whether the OS is current. You may not want a laptop running XP to have access to, well, anything really. 3. Which vulnerabilities exist on the device? Aside from the core software, what else is installed? What vulnerabilities come with the additional software resident on the device? 4. Is the device “managed”? Most organizations mandate that a specified endpoint protection solution is installed on each device, usually with an agent. If that agent isn’t installed (or isn’t running), you may want to only allow that device on the guest network, and you may want to force an installation of said agent before accessing anything that isn’t publicly available. 5. What user is logged in? Now that we know about the device, let’s figure out the person using it. Is it a network admin? A member of the finance group? Someone that left the company 6 months ago? 6. Does the user have access? Finally, let’s try to understand whether the user should be able to access what they are requesting. Let’s take a look at some of the technologies that can answer the questions above.
  • 6. T H E 1 S T S T E P T O Z E R O T R U S T A C T I V E D I R E C T O R Y Active Directory can help us to understand the device and user roles and how each fits in the organizational policy. At the most basic level, AD can tell us whether a user and device are known and have permission to access any corporate asset. At the most granular, AD can tell us which assets are accessible by looking at group membership and policy adherence.
  • 7. T H E 1 S T S T E P T O Z E R O T R U S T E N D P O I N T P R O T E C T I O N Most organizations mandate that an EDR or EPP solution is installed and running on every endpoint. These solutions can detect, prevent, and remove malicious items like malware before they can move laterally and infect other network assets. Additionally, in a BYOD and remote working environment, cloud-delivered endpoint protection products can be the only way to understand the security status of devices that never connect to a corporate network or VPN. Devices with an Endpoint Protection Platform installed
  • 8. T H E 1 S T S T E P T O Z E R O T R U S T V U L N E R A B I L I T Y A S S E S S M E N T To understand which vulnerabilities are present on any device, organizations us VA tools to compare lists of known vulnerabilities to the version of each application present. Based on the severity of any vulnerabilities found, actions can be taken to either prevent a device from accessing corporate data, or if a patch is available, force an upgrade before granting access. Although some VA tools have discovery capabilities, many will only scan devices that they know about in a given IP range. Because of this, we cannot rely on a result such as “no known vulnerability detected” as a condition to be met, as that requirement could come from a VA tool simply not knowing that a device exists. Devices that have not been scanned by a Vulnerability Assessment Tool.
  • 9. T H E 1 S T S T E P T O Z E R O T R U S T I D E N T I T Y A N D A C C E S S M A N A G E M E N T Aside from Active Directory, many organizations are looking to IAM providers that offer multi-factor authentication and single sign-on for added security and for added convenience. These products can also add application-level permissions for cloud-based services. For example, a company may use AD to authenticate users to access files and corporate email but may use an IAM provider to understand which users should have access to the CRM.
  • 10. T H E 1 S T S T E P T O Z E R O T R U S T M O B I L E D E V I C E M A N A G E M E N T In an increasingly mobile world, organizations cannot just rely on endpoint protection, as employees use mobile devices constantly, switch devices often, and take their devices with them when they leave. MDM lets companies grant and revoke access at any time without needing physical access to an employee’s personal devices.
  • 11. T H E 1 S T S T E P T O Z E R O T R U S T S W I T C H E S A N D R O U T E R S To understand which devices are unmanaged, we want to look at those devices that are managed (have an agent installed) and compare those to the list of devices known to the switches and routers to find the delta (those IP addresses that are known only to the network without agents installed). This will give us a list of unmanaged devices to create a candidate set to decide which devices should be managed, and those that are unnecessary. Unmanaged devices known only to the network.
  • 12. T H E 1 S T S T E P T O Z E R O T R U S T C Y B E R S E C U R I T Y A S S E T M A N A G E M E N T A relatively new category, cybersecurity asset management products seek to give a comprehensive view into all assets and users to understand the security posture of each. By connecting to all security and IT products in an organization’s environment, cybersecurity asset management tools can give a continuous view of the relationship between devices, users, and security product coverage to constantly validate each against the organization’s security policy. A few examples: • Which devices are unmanaged, but should have an agent? • What percentage of devices are running our endpoint protection platform? • Which devices aren’t being scanned by our VA tool? • Which users have improper access rights or passwords that never expire? • Which of my IoT devices were manufactured in x country? This new category seeks to use all other security products to correlate data into a single, actionable view.
  • 13. T H E 1 S T S T E P T O Z E R O T R U S T Implementing the Zero Trust Model Going from the traditional perimeter-based approach to zero-trust can seem daunting, but it’s not an all- or-nothing process. Many organizations approach zero-trust as an aspirational future state, making new security purchasing and implementation decisions with eventual zero-trust in mind. A few steps organizations can follow to get started on the path to zero-trust: 1. Understand what devices you have. 2. Distinguish between devices that are managed and unmanaged. Then determine which should be managed. 3. Map out security solution coverage and address the gaps. 4. Establish ongoing user access auditing. 5. Implement security policy validation. U N D E R S T A N D W H A T D E V I C E S Y O U H A V E You can only secure what you can see, and until you know which devices are in your environment, it’s impossible to know whether those devices are satisfactorily secure. Establishing an ongoing device discovery, classification, and inventory process should be the first step in planning for a zero-trust future. D I S T I N G U I S H B E T W E E N M A N A G E D A N D U N M A N A G E D D E V I C E S A Smart TV in a conference room is different from the CEO’s laptop, and they should be treated differently. While the Smart TV doesn’t need an endpoint agent or a patching schedule, the laptop does. Creating a process to take action based on asset classification is critical.
  • 14. T H E 1 S T S T E P T O Z E R O T R U S T A D D R E S S T H E G A P S I N S E C U R I T Y S O L U T I O N C O V E R A G E In our experience, every organization has devices that are missing security solution coverage. Whether that means AWS instances not known to a VA scanner, R&D machines without an EDR solution, or iPhones without MDM, there are always gaps to be addressed. Addressing these gaps in an ongoing basis is a necessity for any organization thinking about zero-trust. E S T A B L I S H O N G O I N G U S E R A C C E S S A U D I T I N G Are there users in your environment with local admin access to all machines? Users with passwords not required or set to never expire? Service accounts with keys to the kingdom? Even with strict access controls and granular policies, creating an ongoing auditing process is needed to ensure proper access rights. I M P L E M E N T S E C U R I T Y P O L I C Y V A L I D A T I O N Finally, any security policy on paper is only as good as it is enforced and validated in reality. Implementing a security policy validation process is the only way to make sure that nothing is being missed and that exceptions aren’t being exploited.
  • 15. T H E 1 S T S T E P T O Z E R O T R U S T Cybersecurity Asset Management – The 1st Step to Zero Trust As mentioned earlier, Cybersecurity Asset Management is a new approach to providing comprehensive visibility into all devices, users, and the security products that cover them in order to validate security policies. C O N N E C T I N G T O E X I S T I N G S E C U R I T Y A N D I T M A N A G E M E N T S O L U T I O N S Instead of installing an agent, scanning, or sniffing traffic, Cybersecurity Asset Management solutions connect to the different security and management solutions a customer already uses via adapters. Customers simply provide credentials (API keys, Tokens, etc.), and the system immediately starts collecting and correlating information about assets. This way, there are no agents to install or maintain, no bottlenecks to route traffic through, and there is no limit to scale and no performance degradation.
  • 16. T H E 1 S T S T E P T O Z E R O T R U S T C R E A T I N G A C O M P R E H E N S I V E V I E W O F A L L D E V I C E S After connecting all relevant adapters, a Cybersecurity Asset Management Platform will create a correlated list of all devices that can be filtered and sorted by any property. As the solution is constantly requesting up-to-date data from every connected solution, the list of devices is always as close to real- time as the connected solutions allow.
  • 17. T H E 1 S T S T E P T O Z E R O T R U S T I D E N T I F Y I N G U N M A N A G E D D E V I C E S By connecting to the security and management solutions and comparing results to what is known only to the switches and routers, the CSAM solution is able to produce a list of unmanaged devices, allowing customers to distinguish between devices that should not be managed (think of a Smart TV in a conference room or an Amazon Alexa in the reception area), and an AWS instance that the Security and IT teams don’t know about. Unmanaged devices in the Axonius Cybersecurity Asset Management Platform.
  • 18. T H E 1 S T S T E P T O Z E R O T R U S T U N D E R S T A N D I N G S E C U R I T Y S O L U T I O N C O V E R A G E Even with a security policy that dictates every device needs an endpoint agent and must be scanned by a VA tool, most organizations have gaps in coverage. With a CSAM solution, customers are able to understand which devices are not covered so they can act. Devices not scanned by a Vulnerability Assessment Tool.
  • 19. T H E 1 S T S T E P T O Z E R O T R U S T C R E A T I N G A L E R T S The core value of Cybersecurity Asset Management Tools is the ability to ask questions that validate a security policy in an ongoing basis and to create alerts to notify staff or other solutions when something does not adhere to the policy. To do that, CSAM solutions allow customers to save any query and to create an alert from a query that can be sent via email, syslog, or through an integration with another system (examples include SIEM solutions and ticketing systems). Example of an alert in the Axonius Cybersecurity Asset Management Platform.
  • 20. T H E 1 S T S T E P T O Z E R O T R U S T E N H A N C I N G D E V I C E A N D U S E R D A T A In many cases, organizations are already using many different security solutions and do not want yet another system to maintain and staff, but instead want to integrate CSAM data with a system of record. Using the API of the CSAM solution, customers are able to extract additional contextual information about users and devices and push that data into their existing systems. Sample API calls from the Axonius Cybersecurity Asset Management Platform.
  • 21. T H E 1 S T S T E P T O Z E R O T R U S T About Axonius For organizations that see opportunity in today’s always-on and always-connected reality, Axonius is the Cyber Security Asset Management (CSAM) platform that lets IT and Security teams see devices for what they are in order to manage and secure all. By easily integrating with customers’ existing management and security technologies and using an extensible plugin infrastructure to add custom logic, customers are able to get a unified view of all devices – both known and unknown. Axonius aims to be IT’s favorite Security tool and Security’s favorite IT tool. For more information and to see what’s possible with a universal view of all devices, visit Axonius.com. Get Started Because it integrates natively with the Security and IT solutions customers already have, getting started is painless and fast. To get a demo and to see what you can do with a unified view of all assets, click the button below. Support and Questions We are committed to helping our customers deploy, configure, and start seeing value immediately. The POC deployment process will be hands-on, with any and all support services available to get up and running. Should you have any questions, concerns, or product feedback, please do not hesitate to contact your Axonius account representative at any time. Thank You Finally, we want to thank you for considering working with Axonius. As IT and Security professionals ourselves, we understand the time and effort it takes to consider a new product. Thank you for trusting us to help you.
  • 22. T H E 1 S T S T E P T O Z E R O T R U S T Sources Cited BeyondCorp - A New Approach to Enterprise security By Rory Ward and Betsy Beyer December, 2014 https://storage.googleapis.com/pub-tools-public-publication-data/pdf/43231.pdf What is Zero Trust? A model for more effective security By Mary K. Pratt January, 2018 https://www.csoonline.com/article/3247848/network-security/what-is-zero-trust-a-model-for-more- effective-security.html Salted Hash Video: Learn what the 'zero trust' security model really means By Steve Ragan and Wendy Nather https://www.idg.tv/video/87016/learn-what-the-zero-trust-security-model-really-means-salted-hash-ep-29