SlideShare a Scribd company logo

Micro segmentation and zero trust for security and compliance - Guardicore and YouAttest

Y
YouAttestSlideshare

Micro Segmentation for Zero trust security and compliance 1) What is Zero Trust? 2) How does zero trust relate to compliance? 3) Guardicore and Micro Segmentation, 4) YouAttest and Compliance 5) Short Demo and Q&A session

Technology
1 of 36
Download to read offline
YouAttest Cloud-Based Auditing Webinar: AD Best Practices for Audit Featuring: Milton Keath Guardicore Micro-Segmentation and Zero Trust Webinar: Thur, May 27th 10am PT
Guest Speaker Milton Keah, Guardicore Sr. SE
• Introductions • What is Micro-Segmentation and Zero Trust? • How does Zero Trust relate to compliance? • Guardicore and Micro-Segmentation • YouAttest and Compliance • Short Demo • Q & A Agenda
What is Micro-Segmentation and Zero Trust? Milton Keath Guardicore
The Zero Trust Story Arc
Zero Trust Defined • Developed by Forrester in 2010 • Assumes that every user, device, system, or connection is already compromised • Requires extensive segmentation Zero Trust is strategically focused on addressing lateral threat movement within the network by leveraging microsegmentation and granular enforcement, based on user context, data access controls, location, app and the device posture” Dr. Chase Cunningham, Principal Analyst, Forrester @ Forrester Security & Risk 2019 Conference
Why Zero Trust Matters: A Real-World Example Fileless SSH worm P2P Botnet Novel (previously unseen P2P module) Aggressive Efficient
So Why Haven’t More Enterprises Implemented Zero Trust? 43% interested in implementing Zero Trust 63% say their organization’s legacy firewall does not enable Zero Trust across the enterprise 26% Only have already implemented Zero Trust
How Are Security Vendors Adapting? Guardicore is charging into the Zero Trust space, with an approach to enabling Zero Trust that is emblematic of the largest players…” • Zero Trust Workloads • Visibility and Analytics • ZTX Vision and Strategy • ZTX Roadmap and Differentiation • Portfolio Growth Rate Guardicore named “Strong Performer, achieved highest scores possible in 7 criteria, including:
Five Steps to a Systematic Zero Trust Architecture Identify Your Sensitive Data Map the Flows of Your Sensitive Data Architect Your Zero Trust Microperimeters Continuously Monitor Your Zero Trust Ecosystem with Security Analytics Embrace Security Automation and Orchestration 1. 2. 3. 4. 5.
Zero Trust and Compliance Garret Grajek, CEH, CISSP YouAttest, CEO
Tenants of Zero Trust 1. Enforce Authentication and Authorization 2. Maintain data integrity 3. Gather data for improved security 4. Consider every data source and computing device as a resource 5. Keep all communication secured regardless of network location 6. Grant resource access on a per-session basis 7. Moderate access w/ a dynamic policy
Requires regularly schedule user and access reviews. Asset owners should review user’s access rights at regular intervals. Specific Regulations: All Site Access Policies and Mandate Reviews SOX 404B ISO/IEC 27001 A.9.2.2.5 ✔ ✔ ✔ HIPAA requires regularly review of audit logs, access reports, and security incident tracking reports. HIPAA/HITRUST ✔ SOC 2 Type 2 Requires access controls in place for access to data and this access be reviewed. ✔ PCI-DSS PCI Requirement 7.1.1-7.1.4 – requires quarterly reviews of user accounts to verify roles and privileges
PR.AC-4 - Identities and access must be reviewed NIST PROTECT (PR) and Access Reviews Access reviews are performed semiannually by each application or infrastructure owner, to confirm that access is still required. Any exceptions found must be removed within ten business days.. (Appendix A: NIST CSF Internal Controls) Appendix A: https://link.springer.com/content/pdf/bbm%3A978-1-4842-3060-2%2F1.pdf
NIST PROTECT (PR) and Access Reviews The principle of least privilege is also applied to information system processes, ensuring that the processes operate at privilege levels no higher than necessary to accomplish required organizational missions/business functions. Organizations consider the creation of additional processes, roles, and information system accounts as necessary, to achieve least privilege. PR.AC-6 POLP - Principle of Least Privilege
Zero Trust Architecture: NIST Publishes SP 800-207 NIST publishes Special Publication (SP) 800-207, "Zero Trust Architecture." August 11, 2020 • Is a series of cybersecurity measures and guidelines highlighting the core components of Zero Trust principles. • It is NOT currently • A quantifiable list of mandatory to-dos for compliance • This is not what NIST does • NIST creates the standards • Legislatures and industry groups determine to make regulations • Often use NIST standards as guidelines NIST and Zero Trust
What is Micro-Segmentation and Zero Trust? Milton Keath Guardicore
1 – Identify Your Sensitive Data
2 – Map Flows of Your Sensitive Data
It’s Time to Rethink Firewalls Data Center Cloud The old way • Tied to environment and network • Different approaches for different environments / technologies • Slow and difficult to change • Network-centric policies • Software-only approach • One set of security policies that work everywhere • Easy to visualize and change • Workload-centric policies The new way Faster Lower risk Lower costs Physical firewall appliances creating network choke points Virtual firewall appliances creating network choke points Data Center Cloud Software-based policies based on finer-grained attributes (e.g., process, user, fully-qualified domain name) Minimize hardware refresh cycles and overhead It’s Time to Rethink Firewalls
There is Now a Better Alternative Faster 45 applications 6 weeks No downtime Lower Risk Up to 99% attack surface reduction Lower Cost 85% TCO savings over legacy firewalls ere is Now a Better Alternative
3 – Architect Your Zero Trust Microperimeters
4 – Continuously Monitor Your Zero Trust Ecosystem
SECURITY CLOUD 5 – Embrace Security Automation and Orchestration VIRTUAL DESKTOPS AND APPS IOT IT AUTOMATION AND ITSM SOLUTIONS SIEM/SOAR IDENTITY & ACCESS MANAGEMENT INFRASTRUCTURE IGA
In Summary: Five Steps to Zero Trust Identify Your Sensitive Data Map the Flows of Your Sensitive Data Architect Your Zero Trust Microperimeters Continuously Monitor Your Zero Trust Ecosystem with Security Analytics Embrace Security Automation and Orchestration Fast and simple visualization identifies and classifies sensitive data and workloads Automated flow and dependency mapping creates a visual map of all flows to sensitive data Policy Engine and Wizards enable rapid definition of any segmentation/micro-seg mentation policy REST APIs and Orchestration Integration simplifies automation in any environment Real-Time Monitoring and Analysis quickly identifies security incidents and integrates with SIEM. Guidance Guardicore Capabilities
YouAttest and Identity for Micro-Segmentation Austin
Source: https://docs.microsoft.com/en-us/windows/win32/ad/domain-user-accounts A domain user account enables the service to take full advantage of the service security features of Windows and Microsoft Active Directory Domain ServicesWindow. Advantage • Domain user account is the service action are limited by the Access Rights and Privileges associated w/ the account Examples • YouAttest API key is associated to a domain-based service account • Where Read/Write privileges can be quantified Microsoft Recommendation: Domain User Service Accounts
Run a custom powershell script and upload AD Users and Group CSV
AD Audit attestation campaigns on Groups and Individual user.
Audit AD Groups and Users
Advance Reporting
Quick Demo
Best practice is to: • Many enterprises still use AD as store of record • Enforce and audit your network permissions YouAttest and Guardicore: • Repeatable access reviews quantifying • Roles • Groups • Permissions Micro-Segmentation and Zero Trust
Technology partner focused on aligning People, Process, Technology, and Data. • Business Outcomes • Customer Success • Experience / Approach Cloud Ingenuity Contact: shep@cloudingenuity.com www.cloudingenuity.com
Cloud Ingenuity Contact: shep@cloudingenuity.com www.cloudingenuity.com
Questions? Austin Grajek austing@youattest.com 877.452.0496 x1 YouAttest info@youattest.com 877.452.0496

Recommended

Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 

Recommended

Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Vignesh Ganesan I Microsoft MVP
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
Syed Sabhi Haider
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
EyesOpen Association
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
Precisely
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
ChrisaldyChandra
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
Priyanka Aash
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
Career Communications Group
 

More Related Content

What's hot

Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Vignesh Ganesan I Microsoft MVP
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
Syed Sabhi Haider
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
EyesOpen Association
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
Precisely
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
ChrisaldyChandra
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 

What's hot (20)

Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 

Similar to Micro segmentation and zero trust for security and compliance - Guardicore and YouAttest

(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
Priyanka Aash
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
Career Communications Group
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
Thomas Treml
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools
SolarWinds
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for Kubernetes
NGINX, Inc.
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securityAndy Bochman
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & Cyberquest
Adrian Dumitrescu
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 Steps
Omar Khawaja
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
FIDO Alliance
 
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
SolarWinds
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
Jason Bloomberg
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
Nathan Wallace, PhD, PE
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Emrah Alpa, CISSP CEH CCSK
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
Arnold Antoo
 
ISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptx
Yaser330700
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWinds
SolarWinds
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 

Similar to Micro segmentation and zero trust for security and compliance - Guardicore and YouAttest (20)

(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools
 
Zero Trust Best Practices for Kubernetes
Zero Trust Best Practices for KubernetesZero Trust Best Practices for Kubernetes
Zero Trust Best Practices for Kubernetes
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & Cyberquest
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 Steps
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
 
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
ISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptx
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWinds
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 

Micro segmentation and zero trust for security and compliance - Guardicore and YouAttest

  • 1. YouAttest Cloud-Based Auditing Webinar: AD Best Practices for Audit Featuring: Milton Keath Guardicore Micro-Segmentation and Zero Trust Webinar: Thur, May 27th 10am PT
  • 2. Guest Speaker Milton Keah, Guardicore Sr. SE
  • 3. • Introductions • What is Micro-Segmentation and Zero Trust? • How does Zero Trust relate to compliance? • Guardicore and Micro-Segmentation • YouAttest and Compliance • Short Demo • Q & A Agenda
  • 4. What is Micro-Segmentation and Zero Trust? Milton Keath Guardicore
  • 5. The Zero Trust Story Arc
  • 6. Zero Trust Defined • Developed by Forrester in 2010 • Assumes that every user, device, system, or connection is already compromised • Requires extensive segmentation Zero Trust is strategically focused on addressing lateral threat movement within the network by leveraging microsegmentation and granular enforcement, based on user context, data access controls, location, app and the device posture” Dr. Chase Cunningham, Principal Analyst, Forrester @ Forrester Security & Risk 2019 Conference
  • 7. Why Zero Trust Matters: A Real-World Example Fileless SSH worm P2P Botnet Novel (previously unseen P2P module) Aggressive Efficient
  • 8. So Why Haven’t More Enterprises Implemented Zero Trust? 43% interested in implementing Zero Trust 63% say their organization’s legacy firewall does not enable Zero Trust across the enterprise 26% Only have already implemented Zero Trust
  • 9. How Are Security Vendors Adapting? Guardicore is charging into the Zero Trust space, with an approach to enabling Zero Trust that is emblematic of the largest players…” • Zero Trust Workloads • Visibility and Analytics • ZTX Vision and Strategy • ZTX Roadmap and Differentiation • Portfolio Growth Rate Guardicore named “Strong Performer, achieved highest scores possible in 7 criteria, including:
  • 10. Five Steps to a Systematic Zero Trust Architecture Identify Your Sensitive Data Map the Flows of Your Sensitive Data Architect Your Zero Trust Microperimeters Continuously Monitor Your Zero Trust Ecosystem with Security Analytics Embrace Security Automation and Orchestration 1. 2. 3. 4. 5.
  • 11. Zero Trust and Compliance Garret Grajek, CEH, CISSP YouAttest, CEO
  • 12. Tenants of Zero Trust 1. Enforce Authentication and Authorization 2. Maintain data integrity 3. Gather data for improved security 4. Consider every data source and computing device as a resource 5. Keep all communication secured regardless of network location 6. Grant resource access on a per-session basis 7. Moderate access w/ a dynamic policy
  • 13. Requires regularly schedule user and access reviews. Asset owners should review user’s access rights at regular intervals. Specific Regulations: All Site Access Policies and Mandate Reviews SOX 404B ISO/IEC 27001 A.9.2.2.5 ✔ ✔ ✔ HIPAA requires regularly review of audit logs, access reports, and security incident tracking reports. HIPAA/HITRUST ✔ SOC 2 Type 2 Requires access controls in place for access to data and this access be reviewed. ✔ PCI-DSS PCI Requirement 7.1.1-7.1.4 – requires quarterly reviews of user accounts to verify roles and privileges
  • 14. PR.AC-4 - Identities and access must be reviewed NIST PROTECT (PR) and Access Reviews Access reviews are performed semiannually by each application or infrastructure owner, to confirm that access is still required. Any exceptions found must be removed within ten business days.. (Appendix A: NIST CSF Internal Controls) Appendix A: https://link.springer.com/content/pdf/bbm%3A978-1-4842-3060-2%2F1.pdf
  • 15. NIST PROTECT (PR) and Access Reviews The principle of least privilege is also applied to information system processes, ensuring that the processes operate at privilege levels no higher than necessary to accomplish required organizational missions/business functions. Organizations consider the creation of additional processes, roles, and information system accounts as necessary, to achieve least privilege. PR.AC-6 POLP - Principle of Least Privilege
  • 16. Zero Trust Architecture: NIST Publishes SP 800-207 NIST publishes Special Publication (SP) 800-207, "Zero Trust Architecture." August 11, 2020 • Is a series of cybersecurity measures and guidelines highlighting the core components of Zero Trust principles. • It is NOT currently • A quantifiable list of mandatory to-dos for compliance • This is not what NIST does • NIST creates the standards • Legislatures and industry groups determine to make regulations • Often use NIST standards as guidelines NIST and Zero Trust
  • 17. What is Micro-Segmentation and Zero Trust? Milton Keath Guardicore
  • 18. 1 – Identify Your Sensitive Data
  • 19. 2 – Map Flows of Your Sensitive Data
  • 20. It’s Time to Rethink Firewalls Data Center Cloud The old way • Tied to environment and network • Different approaches for different environments / technologies • Slow and difficult to change • Network-centric policies • Software-only approach • One set of security policies that work everywhere • Easy to visualize and change • Workload-centric policies The new way Faster Lower risk Lower costs Physical firewall appliances creating network choke points Virtual firewall appliances creating network choke points Data Center Cloud Software-based policies based on finer-grained attributes (e.g., process, user, fully-qualified domain name) Minimize hardware refresh cycles and overhead It’s Time to Rethink Firewalls
  • 21. There is Now a Better Alternative Faster 45 applications 6 weeks No downtime Lower Risk Up to 99% attack surface reduction Lower Cost 85% TCO savings over legacy firewalls ere is Now a Better Alternative
  • 22. 3 – Architect Your Zero Trust Microperimeters
  • 23. 4 – Continuously Monitor Your Zero Trust Ecosystem
  • 24. SECURITY CLOUD 5 – Embrace Security Automation and Orchestration VIRTUAL DESKTOPS AND APPS IOT IT AUTOMATION AND ITSM SOLUTIONS SIEM/SOAR IDENTITY & ACCESS MANAGEMENT INFRASTRUCTURE IGA
  • 25. In Summary: Five Steps to Zero Trust Identify Your Sensitive Data Map the Flows of Your Sensitive Data Architect Your Zero Trust Microperimeters Continuously Monitor Your Zero Trust Ecosystem with Security Analytics Embrace Security Automation and Orchestration Fast and simple visualization identifies and classifies sensitive data and workloads Automated flow and dependency mapping creates a visual map of all flows to sensitive data Policy Engine and Wizards enable rapid definition of any segmentation/micro-seg mentation policy REST APIs and Orchestration Integration simplifies automation in any environment Real-Time Monitoring and Analysis quickly identifies security incidents and integrates with SIEM. Guidance Guardicore Capabilities
  • 26. YouAttest and Identity for Micro-Segmentation Austin
  • 27. Source: https://docs.microsoft.com/en-us/windows/win32/ad/domain-user-accounts A domain user account enables the service to take full advantage of the service security features of Windows and Microsoft Active Directory Domain ServicesWindow. Advantage • Domain user account is the service action are limited by the Access Rights and Privileges associated w/ the account Examples • YouAttest API key is associated to a domain-based service account • Where Read/Write privileges can be quantified Microsoft Recommendation: Domain User Service Accounts
  • 28. Run a custom powershell script and upload AD Users and Group CSV
  • 29. AD Audit attestation campaigns on Groups and Individual user.
  • 30. Audit AD Groups and Users
  • 33. Best practice is to: • Many enterprises still use AD as store of record • Enforce and audit your network permissions YouAttest and Guardicore: • Repeatable access reviews quantifying • Roles • Groups • Permissions Micro-Segmentation and Zero Trust
  • 34. Technology partner focused on aligning People, Process, Technology, and Data. • Business Outcomes • Customer Success • Experience / Approach Cloud Ingenuity Contact: shep@cloudingenuity.com www.cloudingenuity.com