Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How Zero Trust Makes the Mission Simple & Secure

727 views

Published on

Dug Song, VP & GM, Cisco & Co-Founder, Duo Security
Zero Trust Security Summit 2020
01.28.2020 International Spy Museum

Published in: Government & Nonprofit
  • Be the first to comment

How Zero Trust Makes the Mission Simple & Secure

  1. 1. How Zero Trust Makes the Mission Simpler & Secure Dug Song, Duo Security
  2. 2. © 2020 Cisco and/or its affiliates. All rights reserved. 2010 A Decade of Data Breaches Source: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  3. 3. CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC. 2010
  4. 4. © 2020 Cisco and/or its affiliates. All rights reserved. RSA Breach & Impact 2011
  5. 5. © 2020 Cisco and/or its affiliates. All rights reserved. 2014 If an adversary has the credentials of a user on the network, then they can access data even if it's encrypted, just as the users on the network have to access data, and that did occur in this case. So encryption in this instance would not have protected this data.
  6. 6. © 2020 Cisco and/or its affiliates. All rights reserved. 2015 In the next 30 days we know there is a set of things we can do that will fairly dramatically improve our security profile... liketwo-factor authentication, patching, minimizing the number of system administrators that you have and so on. Tony Scott’s 30-day Cyber Sprint
  7. 7. © 2020 Cisco and/or its affiliates. All rights reserved. Google to Obama: Nation’s Cybersecurity Priorities ✓ Strong Authentication ✓ Up-to-Date Devices ✓ End-to-End Encryption
  8. 8. © 2020 Cisco and/or its affiliates. All rights reserved. ✓ Strong Authentication ✓ Up-to-Date Devices ✓ CDM & Monitoring 2016
  9. 9. © 2020 Cisco and/or its affiliates. All rights reserved. People TechnologySecurity
  10. 10. © 2020 Cisco and/or its affiliates. All rights reserved.
  11. 11. © 2020 Cisco and/or its affiliates. All rights reserved.
  12. 12. © 2020 Cisco and/or its affiliates. All rights reserved. 2013
  13. 13. © 2020 Cisco and/or its affiliates. All rights reserved. 2016
  14. 14. © 2020 Cisco and/or its affiliates. All rights reserved. BeyondCorp (2014) 800-207: Zero Trust Architecture (2019) Zero Trust Architecture (2019) Connecting from a particular network must not determine which services you can access All communication is secure regardless of network location Don’t trust the network, including the local network Access to services is granted based on what we know about you and your device Access to resources is determined by policy, including the observable state of user identity and the requesting system, and may include other behavioral attributes Create a single strong user identity Create a strong device identity Know the health of your devices and services Set policies according to value of the service or data All access to services must be authenticated, authorized, and encrypted All data sources and computing services are considered resources Know your architecture including users, devices, and services Access to individual enterprise resources is granted on a per-connection basis Control access to your services and data Choose services designed for zero trust User authentication is dynamic and strictly enforced before access is allowed Authenticate everywhere The enterprise ensures all owned and associated systems are in the most secure state possible and monitors systems to ensure that they remain in the most secure state possible Focus your monitoring on devices and services
  15. 15. © 2020 Cisco and/or its affiliates. All rights reserved. Securing the enterprise User and device access Application and workload access Network access Workforce Workload Workplace SaaS & Public cloud Access happens everywhere – how do you get visibility and ensure secure, trusted access?
  16. 16. © 2020 Cisco and/or its affiliates. All rights reserved. User and device access Zero Trust for the Workforce What to do: How to do it: Verify users’ identities Multifactor Authentication Gain device visibility and establish trust Endpoint health and management status Enforce access policies for every app Adaptive and role-based access controls
  17. 17. © 2020 Cisco and/or its affiliates. All rights reserved. Application and workload access Zero Trust for the Workload What to do: How to do it: Gain visibility into what’s running and what’s critical Identify workload dependencies Contain breaches and minimize lateral movement Application segmentation Alert or block communication if policy is violated Continuous monitoring & response to indicators of compromise
  18. 18. © 2020 Cisco and/or its affiliates. All rights reserved. Zero Trust for the Workplace Network access What to do: How to do it: Discover and classify users, devices and apps on your network Network authentication, profiling authorization Grant the right level of network access based on user and device context Network segmentation Contain infected endpoints and restrict network access Continuous monitoring and responding to threats
  19. 19. © 2020 Cisco and/or its affiliates. All rights reserved. Workforce Duo Workload Tetration Workplace SD-Access Security ensured today and for the future with Zero Trust
  20. 20. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco is a leader in Zero Trust The Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 Tools And Technology: The Zero Trust Security Playbook October 29, 2019 The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

×