MS
Uploaded byMark Simos
PPTX, PDF812 views

The Open Group - ZT Commandments and Reference Model.pptx

The document provides an overview of zero trust concepts including: - Zero trust commandments that establish rules and cultural tenets for a zero trust strategy. - A zero trust reference model that outlines key zero trust components and capabilities for designing and implementing zero trust. - Case studies that illustrate how organizations can map their initiatives and technologies to zero trust capabilities.

Embed presentation

Downloaded 81 times
Zero Trust Commandments THE rules of the road Mark Simos Zero Trust Architecture Forum Co-Chair Lead Cybersecurity Architect, Microsoft aka.ms/markslist Also co-authors of Zero Trust Playbook (ZeroTrustPlaybook.com) 20% Discount: 20ZERO Nikhil Kumar Zero Trust Architecture Forum Co-Chair Founder and President, ApTSi email: nikhil@ap-tech-solns.com LinkedIn: https://www.linkedin.com/in/nikhilkumar/
Agenda • Zero Trust Overview • Core Challenges of Security and Zero Trust • Zero Trust Commandments Applying them in practice across IT/OT/IoT Enabling sustainability and sustainable security
Why are we having a Zero Trust conversation? 3. Assets increasingly leave the network • BYOD, WFH, Mobile, and SaaS 4. Attackers shift to identity attacks • Phishing and credential theft • Security teams often overwhelmed Note: These limitations have been known for a long time (and documented by The Jericho Forum), but only recently is there widespread momentum to solve them
Zero Trust Changes Assumptions trust must be explicitly validated
Key Industry Guidance The Open Group Focused on integration with business and IT/Enterprise/Security architecture US National Institute of Standards and Technology (NIST) Focused on architecture and implementation with available technology Many other organizations are contributing valuable perspectives and guidance like the Cybersecurity and Infrastructure Security Agency (CISA), Cloud Security Alliance (CSA), and some technology vendors
Key Challenges for Security and Zero Trust • Attackers - phishing, credential theft, application/device specific vulns, and more • Technology - Cloud, Generative AI, mobile devices, and more • Business requirements - including digital business, sustainability, and more • Full of cross-cutting functions - security operations, posture management, governance, endpoint, etc. • Must be integrated with business & technology teams (with different cultures, languages, assumptions, goals, etc.) • Must be agile to manage continuous changes (threats, platforms, business requirements) • Chaotic ‘definitions’ of zero trust • Extremely narrow definitions (around single discipline, single technology, or single product) • Sometimes even narrowed to specific technology areas
1. Classic security doesn’t work 3. Security is inherently complex 2. Zero Trust often represented or defined poorly Zero Trust Commandments provide clarity Definition, scope, rules, alignment with business Solved by a Zero Trust approach Asset-centric and agile security for continuous change: • Business opportunities and risk • Attackers • Technology Zero Trust Reference Model Outcome-driven capabilities start planning process Why Zero Trust? What is Zero Trust? How do I do Zero Trust?
Assumptions • Assume Failure • Assume breach/compromise • Assume human errors • Assume Success • Assume the mission and business will continue (despite these failures) Security equivalent of “fail safe” in engineering Zero Trust Commandments
Zero Trust Commandments Standardized Rules for Zero Trust security Practice Deliberate Security Establishes pragmatic view of ‘trust’ in today’s world of continuous threats + how to prioritize applying that in a world of complex and continuously changing requirements • Secure Assets by Risk • Validate Trust Explicitly Develop a Security-Centric Culture Guides the application of security across all teams • Practice Accountability • Enable Pervasive Security • Utilize Least Privilege • Deploy Simple (User-Friendly) Security Support Business Objectives Aligns security explicitly to business priorities and assets (vs. networks) and considers long term implications • Enable the Organization’s Mission • Implement Asset-Centric Controls • Enable Sustainable Security Deploy Agile and Adaptive Security Ensures security can keep up with continuous change • Make Informed Decisions • Improve and Evolve Security Controls • Utilize Defense in Depth • Enable Resiliency pubs.opengroup.org/security/zero-trust-commandments/ Assume Failure Assume Success
Practice Deliberate Security Secure Assets by Risk Security controls shall be designed to protect business assets appropriate to required security posture, business value, and associated risk. 1. Map Technology to Business 2. Classify Information Assets – 3. Increase Security for Sensitive Assets 4. Reduce Unneeded Sensitivity 5. Stay Current Validate Trust Explicitly Security assurance shall rely on explicitly validating trust decisions using all relevant available information and telemetry 1. Verify Access Control 2. Verify Application Development. 3. Verify Technology Supply Chain 4. Verify Asset Configuration 5. Verify Incident Processes
Support Business Objectives Enable the Organization’s Mission Security discipline shall enable productivity and manage risk as the organizational capabilities, goals, environment, and infrastructure continuously evolve. 1. Enable Modern Work 2. Align Security to Mission 3. Align Security to Risk Management 4. Align Security to Compliance Management Implement Asset-Centric Controls Asset-specific security controls shall be implemented whenever available to minimize disruption of productivity, increase precision of security/business visibility, and improve the data used to drive security compliance metrics. 1. Augment or Evolve Existing Infrastructure-Level Security Controls 2. Implement Data-Centric Controls 3. Implement Application-Centric Controls 4. Determine Trust beyond the Network Enable Sustainable Security Security controls shall be sustainable across the full lifecycle of the business asset. 1. Secure for the Full Lifecycle 2. Provide End-to-End Data Security 3. Ensure the Architecture is Coherent 4. Ensure the Ongoing Monitoring of Security Controls 5. Continuously Manage All Assets
Develop a Security-Centric Culture Practice Accountability The entities responsible for accessing and handling assets shall be responsible for their protection and survival throughout their lifetime. 1. Assign Asset Ownership 2. Ensure Understanding of Ownership 3. Define Security Impact Correctly 4. Assign Security Risk to Organizational Leadership 5. Assign Security Risk to Asset Owners Enable Pervasive Security Security discipline shall be explicitly included in the culture, norms, and processes throughout the organization. 1. Integrate in Business Environment 2. Integrate in Technical Environment 3. Incorporate Security Education and Awareness Training 4. Apply Security to the Organization's Ecosystem Utilize Least Privilege Access to systems and data shall be provided only as required, and access shall be removed when no longer required. 1. Grant Just Enough Access 2. Grant Just-in-Time Access 3. Utilize Adaptive Access Deploy Simple (User-Friendly) Security Security mechanisms shall be as simple and user-friendly as possible while retaining functionality and remaining pervasive, practicable, and scalable. 1. Simplify Human Experience 2. Simplify Security 3. Provide Clarity 4. Configure before Customize 5. Enable Salability 6. Combine Building Blocks
Make Informed Decisions Security teams shall make decisions based on the best available information. 1. Decide with Data 2. Constantly Gather Telemetry 3. Prioritize using Data 4. Combine Data with Human Wisdom 5. Constantly Grow your Telemetry 6. Plan for the Future Improve and Evolve Security Controls Security teams shall continuously evolve and improve to remain successful in an environment that constantly changes. 1. Consider People, Process, and Technology 2. Consider Business Evolution 3. Consider Technical Evolution Utilize Defense in Depth Security mechanisms and controls shall be layered to enhance resilience and preserve integrity. 1. Ensure Independence 2. Utilize Different Control Types 3. Support Resiliency 4. Ensure Diversity of controls Enable Resiliency Security systems shall ensure the organization can operate normally under adverse conditions. 1. Anticipate Attacks 2. Withstand Attacks 3. Recover from Attacks 4. Adapt to Adverse Conditions Deploy Agile and Adaptive Security
Key Takeaways Zero Trust Commandments • Align Organization (architectural rules and cultural tenets) • Guardrails for your Strategy • Establish a shared understanding of what is and what is not Zero Trust Zero Trust Reference Model • Design and implement Zero Trust with 3 pillar model • Plan and Prioritize your organization’s Zero Trust Capabilities • Align Security with Risk Management • Align operational implementation with Information Security Management
Zero Trust Definitions An information security approach that focuses on the entire technical estate – including data/information, APIs, and Operational Technology/Industrial Control Systems – throughout their lifecycle and on any platform or network. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned).
Security is the opposite of productivity Business Enablement Align security to the organization’s mission, priorities, risks, and processes Assume Compromise Continuously reduce blast radius and attack surface through prevention and detection/response/recovery All attacks can be prevented Shift to Asset-Centric Security Strategy Revisit how to do access control, security operations, infrastructure and development security, and more Explicitly Validate Account Security Require MFA and analyze all user sessions with behavior analytics, threat intelligence, and more Network security perimeter will keep attackers out Passwords are strong enough IT Admins are safe IT Infrastructure is safe Goal: Zero Assumed Trust Reduce risk by finding and removing implicit assumptions of trust Developers always write secure code The software and components we use are secure Plan and Execute Privileged Access Strategy Establish security of accounts, workstations, and other privileged entities (aka.ms/spa) Validate Infrastructure Integrity Explicitly validate trust of operating systems, applications, services accounts, and more Integrate security into development process Security education, issue detection and mitigation, response, and more Supply chain security Validate the integrity of software and hardware components from open source. vendors, and others False Assumptions of implicit or explicit trust Zero Trust Mitigation Systematically Build & Measure Trust With 30+ years of backlog at most organizations, it will take a while to burn down the backlog of assumed trust
Security is simple in concept… …but complex in execution
Improving Resiliency Enable business mission while continuously increasing security assurances IDENTIFY PROTECT DETECT RESPOND RECOVER GOVERN ‘Left of Bang’ Prevent or lessen impact of attacks ‘Right of Bang’ Rapidly and effectively manage attacks NIST Cybersecurity Framework v2
Security reduces risk Security risk affects the whole organization, not just an individual workload/project Security reduces chances that bad things happen + reduces damage when they do Security problems are created by human attackers Adversaries have a motivation (mission, profit, recognition/promotion/etc. from boss) Adversaries have a model (espionage, data theft, extortion, ransomware, multiple, etc.) Security teams have unique culture and history Mission driven, deeply care about the organization, and often ignored  …but have been overly technical/network focused for a long time Overview – Security Truths and Observations
Zero Trust Reference Model Mark Simos Zero Trust Architecture Forum Co-Chair Lead Cybersecurity Architect, Microsoft aka.ms/markslist Also co-authors of Zero Trust Playbook (ZeroTrustPlaybook.com) 20% Discount: 20ZERO Nikhil Kumar Zero Trust Architecture Forum Co-Chair Founder and President, ApTSi email: nikhil@ap-tech-solns.com LinkedIn: https://www.linkedin.com/in/nikhilkumar/
Agenda • Security Challenges • Zero Trust Components • Zero Trust Capabilities • Zero Trust Integration and Adoption • Early Case Studies: Microsoft, Zero Trust Playbook • Key Takeaways
1. Classic security doesn’t work 3. Security is inherently complex 2. Zero Trust often represented or defined poorly Zero Trust Commandments provide clarity Definition, scope, rules, alignment with business Solved by a Zero Trust approach Asset-centric and agile security for continuous change: • Business opportunities and risk • Attackers • Technology Zero Trust Reference Model Solution starts with outcome-driven capabilities Why Zero Trust? What is Zero Trust? How do I do Zero Trust?
Zero Trust Reference Model Digital Ecosystems Zero Trust Components Data/Information Apps & Systems Security Zones Distributed Policy Enforcement Points (PEPs)
Key Zero Trust Capabilities Increase security and flexibility for continuously changing business, technology, threats, and regulations Posture Management – continuous improvement of attack prevention measures Asset-Centric Protection (Data-Centric & System-Centric) Risk Controls - establish overall security framework based on organizational risk Asset-Centric Security Operations – rapid and complete detection, response, and recovery from attacks Digital Ecosystems Data/Information Apps & Systems Security Zones Adaptive Access Control • Centralized policy control • Distributed enforcement Digital Identity Decentralized portable identities Zero Trust Governance – continuous monitoring and audit on demand to meet risk and compliance Security Zones Asset Centricity - foundational capability to identify, classify, and maintain the asset
Implementation Model (3 pillars) Operational Operating Model Strategic • Mission, Vision, Goals, and Capabilities • Align strategic models to market • Build & update agile roadmaps • Provide products (goods) and services • Set up organizational structure • Set up functions to enable capabilities • Governance (translate goals to principles and policies & monitor) • Organizational culture
People Security Education, Insider Risk Access Control Technical Estate (Dev  Test  Production) Security Operating Model Posture Management Manage potential security risk (vulnerabilities) Security Operations / SOC Manage realized security risk (attacks) IT Operations & Data Governance Detect Respond Recover Prevent Identify • Accountable for Productivity and Operational Uptime • Responsible for change implementation and lifecycle management Collaboration Security Governance Risk, Architecture, Compliance, Threat Intelligence (Strategic) People Employees, Partners, Customers Innovation Security Application Security Citizen Developers DevOps Teams Asset Protection (Data and Systems)
PostureManagement Continuously Learning to Reduce Risk Collaborative approach to mitigate potential and realized risk No threat Found threat Security Collaboration Quick Fix Major/New incidents Note: Threat Intelligence and Security Engineering (automation) is a supporting function for all security activities
Case Studies illustrate early/emerging use cases for standard • Planning modernization initiatives • Evaluating technology coverage • Establishing/updating capabilities • Guiding role participation
Mapping Microsoft Modernization Initiatives to Zero Trust Capabilities Cross-cutting elements apply to all asset types (strategy, architecture, security operations, posture management, governance, etc.) Secure Identities and Access Modern Security Operations (SecOps/SOC) Infrastructure & Development Security Data Security & Governance IoT and OT Security Security Strategy and Program Zero Trust Architecture Risk Controls - establish overall security framework based on organizational risk Asset Centricity - foundational capability to identify, classify, and maintain the asset Asset-Centric Protection (Data-Centric & System-Centric) Security Zones Posture Management – continuous improvement of attack prevention measures Asset-Centric Security Operations – rapid and complete detection, response, and recovery from attacks Zero Trust Governance – continuous monitoring and audit on demand to meet risk and compliance Adaptive Access Control Digital Identity
Asset Protection Classification, Protection, Tokenization Digital Ecosystems Microsoft Security Capability Mapping The Open Group Zero Trust Components Rapid Threat Detection, Response, and Recovery Asset-Centric Security Operations Governance Visibility and Policy Data/Information Apps & Systems Security Zones Access Control Identity and Network - Multi-factor Authentication Innovation Security Microsoft Entra Conditional Access Defender for Endpoint Endpoint Detection and Response (EDR) Intune Device Management Microsoft Sentinel • Security Information and Event Management (SIEM) • Security Orchestration, Automation, and Response (SOAR) Microsoft Defender Defender for Identity Defender for Cloud Defender for Cloud Apps Defender for Endpoint Defender for Office 365 Security telemetry from across the environment Microsoft Purview 65+ Trillion signals per day of security context Microsoft Entra Conditional Access Azure Firewall (Illumio partnership) Defender for APIs (preview) GitHub Advanced Security & Azure DevOps Security Secure development and software supply chain Entra Internet Access Entra Private Access Defender for Cloud Azure Arc Microsoft Purview Microsoft Priva Distributed Policy Enforcement Points (PEPs) Microsoft Entra ID Entra ID Governance ID Protection Workload ID Defender for Identity
Capability # Capability Level Architectural Building Block (ABB) Microsoft Technology ACSO-1 Asset-Centric Security Operations 1 Asset-Centric Security Operations Platform (ABB-ACSOP-1) Process Guidance in Security ADS Module 3 ACSO-1.1 Rapid Incident Response 2 Asset-Centric Security Operations Platform (ABB-ACSOP-1) Process Guidance in Security ADS Module 3 ACSO-1.2 Incident Management 2 Case Management (ABB-ACSOP-1.2) Process Guidance in Security ADS Module 3 ACSO-1.2.1 Case Management 3 Case Management (ABB-ACSOP-1.2) Microsoft 365 Defender Microsoft Sentinel ACSO-1.2.2 Major Incident Management 3 Major Incident Management (ABB-ACSOP-1.3) Process Guidance in Security ADS Module 3 ACSO-1.3 SecOps Business Intelligence 2 SecOps Business Intelligence Platform (ABB-ACSOP-1.5) PowerBI ACSO-1.4 Threat Hunting and Detection Tuning 2 Threat Hunting (ABB-ACSOP-1.6) Process Guidance in Security ADS Module 3 ACSO-1.4.1 Threat Hunting 3 Threat Hunting (ABB-ACSOP-1.6) Process Guidance in Security ADS Module 3 ACSO-1.4.2 Detection Tuning 3 Detection Tuning (ABB-ACSOP-1.10) Process Guidance in Security ADS Module 3 ACSO-1.4.3 Purple Teaming 3 Purple Teaming (ABB-ACSOP-1.10.1) Process Guidance in Security ADS Module 3 ACSO-1.4.3.1 Red Teaming 4 Red Teaming (ABB-ACSOP-1.10.1.1) Process Guidance in Security ADS Module 3 ACSO-1.5 Threat Intelligence 2 Threat Intelligence Platform (ABB-ACSOP-1.11) Microsoft Defender Threat Intelligence ACSO-1.6 Asset-type specific attack detection 2 Extended detection and response (XDR) (ABB-ACSOP-1.1) Microsoft 365 Defender Microsoft Defender for Cloud ACSO-1.7 Security Information and Event Management (SIEM) 2 SIEM (ABB-ACSOP-1.7) Microsoft Sentinel ACSO-1.7.1 Security Data Lake Capability 3 Security Data Lake (ABB-ACSOP-1.7.1) Microsoft Azure Data Explorer (ADX) ACSO-1.8 Security orchestration, automation, and response (SOAR) 2 SOAR (ABB-ACSOP-1.4) Microsoft 365 Defender (AutoIR) Microsoft Sentinel ACSO-1.9 Advanced Security Analytics 2 Intelligent Anomaly Detection (ABB-ACSOP-1.8) Intelligent Behavior Analytics (ABB-ACSOP-1.9) Microsoft 365 Defender Microsoft Defender for Cloud Microsoft Sentinel ACSO-1.10 Integrated Threat Intelligence Feeds 2 Extended detection and response (XDR) (ABB-ACSOP-1.1) SIEM (ABB-ACSOP-1.7) Microsoft 365 Defender Microsoft Defender for Cloud Microsoft Sentinel ACSO-1.11 SecOps Custom Development 2 SecOps Custom Development Tools (ABB-ACSOP-1.12) Microsoft Azure DevOps Services GitHub / GitHub Advanced Security
 Role mission and purpose  Role creation and evolution  Key role relationships  Required skills and knowledge  Tooling and capabilities  Zero Trust impact and imperatives for each role  Playbook stage involvement for each role  Day in the life of Zero Trust for each role  Defining and measuring success 50+ roles Mapping ZT capabilities to roles 9 guidance types per role Investigation Analysts
Key Takeaways Zero Trust Commandments • Align Organization (architectural rules and cultural tenets) • Guardrails for your Strategy • Establish a shared understanding of what is and what is not Zero Trust Zero Trust Reference Model • Design and implement Zero Trust with 3 pillar model • Plan and Prioritize your organization’s Zero Trust Capabilities • Align Security with Risk Management • Align Information Security Management (ISM) and operational implementation
Constraints (requirements) Standards Zero Trust Meta Model Describes relationships between entity types Architectural Constraints (Scalability, Maintainability, Simplicity, Automatable, Integratable, etc.) Non-functional Constraints (KPIs, Staffing/Budget Limits, Regulatory/Risk Controls, Data Classification, etc.) Options (Organizational Choices) Business Capability Architecture Decisions Solution Building Block (SBB) Technical Capability Architecture Building Block (ABB) Interaction Pattern (relationship between ABBs) Technical Constraints (Service Level Agreements, Product/Platform Limitations, etc.)
Threats Risk Business Assets Data and Systems Mission and Vision Information Security Management (ISM) People, Policy, and Processes Zero Trust Information Security Management (ISM) Model Manage information security risks to the organization Zero Trust Risk Model Evaluate Risk and Prioritize/Plan Mitigations Zero Trust Capabilities, Roadmap, and Operating Model Enterprise Solution Architecture Zero Trust Implementation Model (3 Pillar Model) Strategy, Implementation, Governance and Change Management Architecture Building Blocks (ABBs) Technical Capabilities Design/Build Run/Operate Zero Trust Technology Reference Model Capabilities and Architectural Building Blocks (ABBs) covering Architecture, Operations, Governance
Zero Trust Implementation Model (3 Pillar Model) Strategy, Implementation, Governance and Change Management Zero Trust Technology Reference Model Capabilities and Architectural Building Blocks (ABBs) covering Architecture, Operations, Governance Zero Trust Information Security Management (ISM) Model Manage information security risks to the organization Zero Trust Risk Model Evaluate Risk and Prioritize/Plan Mitigations Strategy Operational Zero Trust Models Operating Model Continuous Learning & Continuous Improvement Risk Driven Approach
Standard Clearly define the expected outcome, reasons/risks, and scope of the policy Control Procedures describe best practices on how to implement and assess compliance with the standards and requirements. [often grouped into baseline(s)] Risk Register Ensures that security risk is linked to organizational risk management frameworks and methodologies Policy Structure Requirements specify details on how the standard should be interpreted and implemented
Executive Mgmt. Enterprise Risk Information Security Technology Compliance Risk Council Risk Register Controls, Policies, Standards Create/Update/Delete/Maintain Create/Update/Delete/Maintain Risk and Policies Council
Posture Management OT Operations Governance (Policy Management, Compliance, etc.) DevOps Teams IT Operations Security Operations Threat Intelligence Asset Management Enablement (Education, Training, Support, Tooling, etc.) Continuous improvement of security requirements and procedures based on learnings from incidents and other sources
Vulnerability = Any ‘flaw’ that grants attacker control examples and typical point of origin in lifecycle Design/Build Deploy/Configure Operate/Use Operational Vulnerabilities • Logging onto low security device as administrator (leads to Credential Theft / Pass-the-*) • Password on sticky note / spreadsheet • Sharing passwords • Clicking on Phishing Email • Browsing compromised/untrustworthy websites • …and more Configuration Vulnerabilities • Weak configurations • Authentication • cryptographic algorithms • Access Control List (ACL) • Other security setting • Disabling security features • …and more Functional Vulnerabilities • Design flaw in OS/Application code • Implementation flaw in product code • Required functionality (system agent runs arbitrary code as system) • …and more
Posture Management Manage potential security risk (vulnerabilities) Posture management is large and complex Collaboratively enabling many teams to secure a continuously changing technical estate Identity Security DevOps Teams Productivity Team / User Support Security Teams Productivity Team Business Leads Application Developers DevOps Teams Database Teams Productivity Team / User Support Business Leads IT Operations Application Developers DevOps Teams Citizen Developers Productivity Team Network Teams IT Operations (Infrastructure and Endpoint) (Multi-Cloud and Hybrid) Privacy Team(s)
Key Zero Trust Architecture Building Blocks (ABBs) Foundational components to enable technical and business capabilities Posture Management Platform Asset-Centric Protection Platform Risk Controls Platform Asset-Centric Security Operations Platform Digital Ecosystems Data/Information Apps & Systems Security Zones Adaptive Access Control Platform Digital Identity Platform Zero Trust Governance Platform Security Zones Platform Asset Centricity Platform

More Related Content

PDF
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
byMark Simos
 
PPTX
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
PDF
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
byMark Simos
 
PDF
Zero Trust : How to Get Started
byEyesOpen Association
 
PPTX
Adopting A Zero-Trust Model. Google Did It, Can You?
byZscaler
 
PDF
Micro segmentation and zero trust for security and compliance - Guardicore an...
byYouAttestSlideshare
 
PPTX
Cost of Attack
byMark Simos
 
PPTX
Forcepoint Corporate Presentation_Short.pptx
bycaesar92
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
byMark Simos
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
byMark Simos
 
Zero Trust : How to Get Started
byEyesOpen Association
 
Adopting A Zero-Trust Model. Google Did It, Can You?
byZscaler
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
byYouAttestSlideshare
 
Cost of Attack
byMark Simos
 
Forcepoint Corporate Presentation_Short.pptx
bycaesar92
 

What's hot

PPTX
Roadmap to security operations excellence
byErik Taavila
 
PPTX
Security Operation Center - Design & Build
bySameer Paradia
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PPT
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
PPTX
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
bySteve Lodin
 
PDF
Cloud-Enabled: The Future of Endpoint Security
byCrowdStrike
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
PPTX
Zero Trust Model
byYash
 
PPTX
Security operation center (SOC)
byAhmed Ayman
 
PDF
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
byMITRE - ATT&CKcon
 
PPTX
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
PDF
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
byMITRE ATT&CK
 
PDF
Threat Hunting
bySplunk
 
PPTX
What is Threat Hunting? - Panda Security
byPanda Security
 
PDF
Microsoft 365 Compliance and Security Overview
byDavid J Rosenthal
 
PDF
Blueprint for Security Architecture & Strategy.pdf
byFetri Miftach
 
PDF
Security architecture
byDuncan Unwin
 
PDF
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
PDF
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
byRaffael Marty
 
Roadmap to security operations excellence
byErik Taavila
 
Security Operation Center - Design & Build
bySameer Paradia
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
Threat Intelligence 101 - Steve Lodin - Submitted
bySteve Lodin
 
Cloud-Enabled: The Future of Endpoint Security
byCrowdStrike
 
Effective Threat Hunting with Tactical Threat Intelligence
byDhruv Majumdar
 
Zero Trust Model
byYash
 
Security operation center (SOC)
byAhmed Ayman
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
byMITRE - ATT&CKcon
 
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
Exploring how Students Map Social Engineering Techniques to the ATT&CK Framew...
byMITRE ATT&CK
 
Threat Hunting
bySplunk
 
What is Threat Hunting? - Panda Security
byPanda Security
 
Microsoft 365 Compliance and Security Overview
byDavid J Rosenthal
 
Blueprint for Security Architecture & Strategy.pdf
byFetri Miftach
 
Security architecture
byDuncan Unwin
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
byRaffael Marty
 

Similar to The Open Group - ZT Commandments and Reference Model.pptx

PPTX
MS. Cybersecurity Reference Architecture
byangelohammond
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
bySilvioHayashi
 
PPTX
Zero Trust and Data Security
byCareer Communications Group
 
PDF
BATbern48_How Zero Trust can help your organisation keep safe.pdf
byBATbern
 
PPTX
What is zero trust model (ztm)
byAhmed Banafa
 
PDF
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Understanding Zero Trust Network Security_ A Comprehensive Guide.pdf
byshitolesonam7
 
PPTX
Zero-Trust-Architecture-Reimagining-Network-Security.pptx
byyash98012
 
PDF
Zero Trust Network Security- A Modern Approach to Cyber Defense (1).pdf
byjvinay0898
 
PDF
zero trust - how to build zero trust.pdf
byAliAlwesabi
 
PDF
The Zero Trust Security Model for Modern Businesses!
byCaroline Johnson
 
PPTX
zerotrustmodelpresentation-200107094517.pptx
byniyazhasanov35
 
PDF
How Zero Trust Can Protect Your Business from Cyber Attacks
byDataSpace Academy
 
PPTX
The Importance of Zero Trust Security in Modern.pptx
byissahakukuwerej
 
PDF
The 1st Step to Zero Trust: Asset Management for Cybersecurity
bynathan-axonius
 
DOCX
“Verify and never trust”: The Zero Trust Model of information security
byAhmed Banafa
 
PDF
Zero Trust Best Practices for Kubernetes
byNGINX, Inc.
 
DOCX
What is zero trust model of information security?
byAhmed Banafa
 
PPTX
Architecting trust in the digital landscape, or lack thereof
byJonathan Sinclair
 
MS. Cybersecurity Reference Architecture
byangelohammond
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
bySilvioHayashi
 
Zero Trust and Data Security
byCareer Communications Group
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
byBATbern
 
What is zero trust model (ztm)
byAhmed Banafa
 
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Understanding Zero Trust Network Security_ A Comprehensive Guide.pdf
byshitolesonam7
 
Zero-Trust-Architecture-Reimagining-Network-Security.pptx
byyash98012
 
Zero Trust Network Security- A Modern Approach to Cyber Defense (1).pdf
byjvinay0898
 
zero trust - how to build zero trust.pdf
byAliAlwesabi
 
The Zero Trust Security Model for Modern Businesses!
byCaroline Johnson
 
zerotrustmodelpresentation-200107094517.pptx
byniyazhasanov35
 
How Zero Trust Can Protect Your Business from Cyber Attacks
byDataSpace Academy
 
The Importance of Zero Trust Security in Modern.pptx
byissahakukuwerej
 
The 1st Step to Zero Trust: Asset Management for Cybersecurity
bynathan-axonius
 
“Verify and never trust”: The Zero Trust Model of information security
byAhmed Banafa
 
Zero Trust Best Practices for Kubernetes
byNGINX, Inc.
 
What is zero trust model of information security?
byAhmed Banafa
 
Architecting trust in the digital landscape, or lack thereof
byJonathan Sinclair
 

Recently uploaded

PDF
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
PDF
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PPTX
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
PPTX
Accelerate Innovation with Engineering R&D Services
byChetu
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PDF
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
PDF
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PDF
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
PDF
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
Accelerate Innovation with Engineering R&D Services
byChetu
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 

The Open Group - ZT Commandments and Reference Model.pptx

  • 1.
    Zero Trust Commandments THErules of the road Mark Simos Zero Trust Architecture Forum Co-Chair Lead Cybersecurity Architect, Microsoft aka.ms/markslist Also co-authors of Zero Trust Playbook (ZeroTrustPlaybook.com) 20% Discount: 20ZERO Nikhil Kumar Zero Trust Architecture Forum Co-Chair Founder and President, ApTSi email: nikhil@ap-tech-solns.com LinkedIn: https://www.linkedin.com/in/nikhilkumar/
  • 2.
    Agenda • Zero TrustOverview • Core Challenges of Security and Zero Trust • Zero Trust Commandments Applying them in practice across IT/OT/IoT Enabling sustainability and sustainable security
  • 3.
    Why are wehaving a Zero Trust conversation? 3. Assets increasingly leave the network • BYOD, WFH, Mobile, and SaaS 4. Attackers shift to identity attacks • Phishing and credential theft • Security teams often overwhelmed Note: These limitations have been known for a long time (and documented by The Jericho Forum), but only recently is there widespread momentum to solve them
  • 4.
    Zero Trust ChangesAssumptions trust must be explicitly validated
  • 5.
    Key Industry Guidance TheOpen Group Focused on integration with business and IT/Enterprise/Security architecture US National Institute of Standards and Technology (NIST) Focused on architecture and implementation with available technology Many other organizations are contributing valuable perspectives and guidance like the Cybersecurity and Infrastructure Security Agency (CISA), Cloud Security Alliance (CSA), and some technology vendors
  • 6.
    Key Challenges forSecurity and Zero Trust • Attackers - phishing, credential theft, application/device specific vulns, and more • Technology - Cloud, Generative AI, mobile devices, and more • Business requirements - including digital business, sustainability, and more • Full of cross-cutting functions - security operations, posture management, governance, endpoint, etc. • Must be integrated with business & technology teams (with different cultures, languages, assumptions, goals, etc.) • Must be agile to manage continuous changes (threats, platforms, business requirements) • Chaotic ‘definitions’ of zero trust • Extremely narrow definitions (around single discipline, single technology, or single product) • Sometimes even narrowed to specific technology areas
  • 7.
    1. Classic securitydoesn’t work 3. Security is inherently complex 2. Zero Trust often represented or defined poorly Zero Trust Commandments provide clarity Definition, scope, rules, alignment with business Solved by a Zero Trust approach Asset-centric and agile security for continuous change: • Business opportunities and risk • Attackers • Technology Zero Trust Reference Model Outcome-driven capabilities start planning process Why Zero Trust? What is Zero Trust? How do I do Zero Trust?
  • 8.
    Assumptions • Assume Failure •Assume breach/compromise • Assume human errors • Assume Success • Assume the mission and business will continue (despite these failures) Security equivalent of “fail safe” in engineering Zero Trust Commandments
  • 9.
    Zero Trust Commandments StandardizedRules for Zero Trust security Practice Deliberate Security Establishes pragmatic view of ‘trust’ in today’s world of continuous threats + how to prioritize applying that in a world of complex and continuously changing requirements • Secure Assets by Risk • Validate Trust Explicitly Develop a Security-Centric Culture Guides the application of security across all teams • Practice Accountability • Enable Pervasive Security • Utilize Least Privilege • Deploy Simple (User-Friendly) Security Support Business Objectives Aligns security explicitly to business priorities and assets (vs. networks) and considers long term implications • Enable the Organization’s Mission • Implement Asset-Centric Controls • Enable Sustainable Security Deploy Agile and Adaptive Security Ensures security can keep up with continuous change • Make Informed Decisions • Improve and Evolve Security Controls • Utilize Defense in Depth • Enable Resiliency pubs.opengroup.org/security/zero-trust-commandments/ Assume Failure Assume Success
  • 10.
    Practice Deliberate Security SecureAssets by Risk Security controls shall be designed to protect business assets appropriate to required security posture, business value, and associated risk. 1. Map Technology to Business 2. Classify Information Assets – 3. Increase Security for Sensitive Assets 4. Reduce Unneeded Sensitivity 5. Stay Current Validate Trust Explicitly Security assurance shall rely on explicitly validating trust decisions using all relevant available information and telemetry 1. Verify Access Control 2. Verify Application Development. 3. Verify Technology Supply Chain 4. Verify Asset Configuration 5. Verify Incident Processes
  • 11.
    Support Business Objectives Enablethe Organization’s Mission Security discipline shall enable productivity and manage risk as the organizational capabilities, goals, environment, and infrastructure continuously evolve. 1. Enable Modern Work 2. Align Security to Mission 3. Align Security to Risk Management 4. Align Security to Compliance Management Implement Asset-Centric Controls Asset-specific security controls shall be implemented whenever available to minimize disruption of productivity, increase precision of security/business visibility, and improve the data used to drive security compliance metrics. 1. Augment or Evolve Existing Infrastructure-Level Security Controls 2. Implement Data-Centric Controls 3. Implement Application-Centric Controls 4. Determine Trust beyond the Network Enable Sustainable Security Security controls shall be sustainable across the full lifecycle of the business asset. 1. Secure for the Full Lifecycle 2. Provide End-to-End Data Security 3. Ensure the Architecture is Coherent 4. Ensure the Ongoing Monitoring of Security Controls 5. Continuously Manage All Assets
  • 12.
    Develop a Security-CentricCulture Practice Accountability The entities responsible for accessing and handling assets shall be responsible for their protection and survival throughout their lifetime. 1. Assign Asset Ownership 2. Ensure Understanding of Ownership 3. Define Security Impact Correctly 4. Assign Security Risk to Organizational Leadership 5. Assign Security Risk to Asset Owners Enable Pervasive Security Security discipline shall be explicitly included in the culture, norms, and processes throughout the organization. 1. Integrate in Business Environment 2. Integrate in Technical Environment 3. Incorporate Security Education and Awareness Training 4. Apply Security to the Organization's Ecosystem Utilize Least Privilege Access to systems and data shall be provided only as required, and access shall be removed when no longer required. 1. Grant Just Enough Access 2. Grant Just-in-Time Access 3. Utilize Adaptive Access Deploy Simple (User-Friendly) Security Security mechanisms shall be as simple and user-friendly as possible while retaining functionality and remaining pervasive, practicable, and scalable. 1. Simplify Human Experience 2. Simplify Security 3. Provide Clarity 4. Configure before Customize 5. Enable Salability 6. Combine Building Blocks
  • 13.
    Make Informed Decisions Securityteams shall make decisions based on the best available information. 1. Decide with Data 2. Constantly Gather Telemetry 3. Prioritize using Data 4. Combine Data with Human Wisdom 5. Constantly Grow your Telemetry 6. Plan for the Future Improve and Evolve Security Controls Security teams shall continuously evolve and improve to remain successful in an environment that constantly changes. 1. Consider People, Process, and Technology 2. Consider Business Evolution 3. Consider Technical Evolution Utilize Defense in Depth Security mechanisms and controls shall be layered to enhance resilience and preserve integrity. 1. Ensure Independence 2. Utilize Different Control Types 3. Support Resiliency 4. Ensure Diversity of controls Enable Resiliency Security systems shall ensure the organization can operate normally under adverse conditions. 1. Anticipate Attacks 2. Withstand Attacks 3. Recover from Attacks 4. Adapt to Adverse Conditions Deploy Agile and Adaptive Security
  • 14.
    Key Takeaways Zero TrustCommandments • Align Organization (architectural rules and cultural tenets) • Guardrails for your Strategy • Establish a shared understanding of what is and what is not Zero Trust Zero Trust Reference Model • Design and implement Zero Trust with 3 pillar model • Plan and Prioritize your organization’s Zero Trust Capabilities • Align Security with Risk Management • Align operational implementation with Information Security Management
  • 15.
    Zero Trust Definitions Aninformation security approach that focuses on the entire technical estate – including data/information, APIs, and Operational Technology/Industrial Control Systems – throughout their lifecycle and on any platform or network. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned).
  • 16.
    Security is theopposite of productivity Business Enablement Align security to the organization’s mission, priorities, risks, and processes Assume Compromise Continuously reduce blast radius and attack surface through prevention and detection/response/recovery All attacks can be prevented Shift to Asset-Centric Security Strategy Revisit how to do access control, security operations, infrastructure and development security, and more Explicitly Validate Account Security Require MFA and analyze all user sessions with behavior analytics, threat intelligence, and more Network security perimeter will keep attackers out Passwords are strong enough IT Admins are safe IT Infrastructure is safe Goal: Zero Assumed Trust Reduce risk by finding and removing implicit assumptions of trust Developers always write secure code The software and components we use are secure Plan and Execute Privileged Access Strategy Establish security of accounts, workstations, and other privileged entities (aka.ms/spa) Validate Infrastructure Integrity Explicitly validate trust of operating systems, applications, services accounts, and more Integrate security into development process Security education, issue detection and mitigation, response, and more Supply chain security Validate the integrity of software and hardware components from open source. vendors, and others False Assumptions of implicit or explicit trust Zero Trust Mitigation Systematically Build & Measure Trust With 30+ years of backlog at most organizations, it will take a while to burn down the backlog of assumed trust
  • 17.
    Security is simplein concept… …but complex in execution
  • 18.
    Improving Resiliency Enable businessmission while continuously increasing security assurances IDENTIFY PROTECT DETECT RESPOND RECOVER GOVERN ‘Left of Bang’ Prevent or lessen impact of attacks ‘Right of Bang’ Rapidly and effectively manage attacks NIST Cybersecurity Framework v2
  • 19.
    Security reduces risk Securityrisk affects the whole organization, not just an individual workload/project Security reduces chances that bad things happen + reduces damage when they do Security problems are created by human attackers Adversaries have a motivation (mission, profit, recognition/promotion/etc. from boss) Adversaries have a model (espionage, data theft, extortion, ransomware, multiple, etc.) Security teams have unique culture and history Mission driven, deeply care about the organization, and often ignored  …but have been overly technical/network focused for a long time Overview – Security Truths and Observations
  • 20.
    Zero Trust ReferenceModel Mark Simos Zero Trust Architecture Forum Co-Chair Lead Cybersecurity Architect, Microsoft aka.ms/markslist Also co-authors of Zero Trust Playbook (ZeroTrustPlaybook.com) 20% Discount: 20ZERO Nikhil Kumar Zero Trust Architecture Forum Co-Chair Founder and President, ApTSi email: nikhil@ap-tech-solns.com LinkedIn: https://www.linkedin.com/in/nikhilkumar/
  • 21.
    Agenda • Security Challenges •Zero Trust Components • Zero Trust Capabilities • Zero Trust Integration and Adoption • Early Case Studies: Microsoft, Zero Trust Playbook • Key Takeaways
  • 22.
    1. Classic securitydoesn’t work 3. Security is inherently complex 2. Zero Trust often represented or defined poorly Zero Trust Commandments provide clarity Definition, scope, rules, alignment with business Solved by a Zero Trust approach Asset-centric and agile security for continuous change: • Business opportunities and risk • Attackers • Technology Zero Trust Reference Model Solution starts with outcome-driven capabilities Why Zero Trust? What is Zero Trust? How do I do Zero Trust?
  • 23.
    Zero Trust ReferenceModel Digital Ecosystems Zero Trust Components Data/Information Apps & Systems Security Zones Distributed Policy Enforcement Points (PEPs)
  • 24.
    Key Zero TrustCapabilities Increase security and flexibility for continuously changing business, technology, threats, and regulations Posture Management – continuous improvement of attack prevention measures Asset-Centric Protection (Data-Centric & System-Centric) Risk Controls - establish overall security framework based on organizational risk Asset-Centric Security Operations – rapid and complete detection, response, and recovery from attacks Digital Ecosystems Data/Information Apps & Systems Security Zones Adaptive Access Control • Centralized policy control • Distributed enforcement Digital Identity Decentralized portable identities Zero Trust Governance – continuous monitoring and audit on demand to meet risk and compliance Security Zones Asset Centricity - foundational capability to identify, classify, and maintain the asset
  • 25.
    Implementation Model (3pillars) Operational Operating Model Strategic • Mission, Vision, Goals, and Capabilities • Align strategic models to market • Build & update agile roadmaps • Provide products (goods) and services • Set up organizational structure • Set up functions to enable capabilities • Governance (translate goals to principles and policies & monitor) • Organizational culture
  • 26.
    People Security Education, Insider Risk Access Control Technical Estate(Dev  Test  Production) Security Operating Model Posture Management Manage potential security risk (vulnerabilities) Security Operations / SOC Manage realized security risk (attacks) IT Operations & Data Governance Detect Respond Recover Prevent Identify • Accountable for Productivity and Operational Uptime • Responsible for change implementation and lifecycle management Collaboration Security Governance Risk, Architecture, Compliance, Threat Intelligence (Strategic) People Employees, Partners, Customers Innovation Security Application Security Citizen Developers DevOps Teams Asset Protection (Data and Systems)
  • 27.
    PostureManagement Continuously Learning toReduce Risk Collaborative approach to mitigate potential and realized risk No threat Found threat Security Collaboration Quick Fix Major/New incidents Note: Threat Intelligence and Security Engineering (automation) is a supporting function for all security activities
  • 29.
    Case Studies illustrate early/emerginguse cases for standard • Planning modernization initiatives • Evaluating technology coverage • Establishing/updating capabilities • Guiding role participation
  • 30.
    Mapping Microsoft ModernizationInitiatives to Zero Trust Capabilities Cross-cutting elements apply to all asset types (strategy, architecture, security operations, posture management, governance, etc.) Secure Identities and Access Modern Security Operations (SecOps/SOC) Infrastructure & Development Security Data Security & Governance IoT and OT Security Security Strategy and Program Zero Trust Architecture Risk Controls - establish overall security framework based on organizational risk Asset Centricity - foundational capability to identify, classify, and maintain the asset Asset-Centric Protection (Data-Centric & System-Centric) Security Zones Posture Management – continuous improvement of attack prevention measures Asset-Centric Security Operations – rapid and complete detection, response, and recovery from attacks Zero Trust Governance – continuous monitoring and audit on demand to meet risk and compliance Adaptive Access Control Digital Identity
  • 31.
    Asset Protection Classification, Protection,Tokenization Digital Ecosystems Microsoft Security Capability Mapping The Open Group Zero Trust Components Rapid Threat Detection, Response, and Recovery Asset-Centric Security Operations Governance Visibility and Policy Data/Information Apps & Systems Security Zones Access Control Identity and Network - Multi-factor Authentication Innovation Security Microsoft Entra Conditional Access Defender for Endpoint Endpoint Detection and Response (EDR) Intune Device Management Microsoft Sentinel • Security Information and Event Management (SIEM) • Security Orchestration, Automation, and Response (SOAR) Microsoft Defender Defender for Identity Defender for Cloud Defender for Cloud Apps Defender for Endpoint Defender for Office 365 Security telemetry from across the environment Microsoft Purview 65+ Trillion signals per day of security context Microsoft Entra Conditional Access Azure Firewall (Illumio partnership) Defender for APIs (preview) GitHub Advanced Security & Azure DevOps Security Secure development and software supply chain Entra Internet Access Entra Private Access Defender for Cloud Azure Arc Microsoft Purview Microsoft Priva Distributed Policy Enforcement Points (PEPs) Microsoft Entra ID Entra ID Governance ID Protection Workload ID Defender for Identity
  • 32.
    Capability # CapabilityLevel Architectural Building Block (ABB) Microsoft Technology ACSO-1 Asset-Centric Security Operations 1 Asset-Centric Security Operations Platform (ABB-ACSOP-1) Process Guidance in Security ADS Module 3 ACSO-1.1 Rapid Incident Response 2 Asset-Centric Security Operations Platform (ABB-ACSOP-1) Process Guidance in Security ADS Module 3 ACSO-1.2 Incident Management 2 Case Management (ABB-ACSOP-1.2) Process Guidance in Security ADS Module 3 ACSO-1.2.1 Case Management 3 Case Management (ABB-ACSOP-1.2) Microsoft 365 Defender Microsoft Sentinel ACSO-1.2.2 Major Incident Management 3 Major Incident Management (ABB-ACSOP-1.3) Process Guidance in Security ADS Module 3 ACSO-1.3 SecOps Business Intelligence 2 SecOps Business Intelligence Platform (ABB-ACSOP-1.5) PowerBI ACSO-1.4 Threat Hunting and Detection Tuning 2 Threat Hunting (ABB-ACSOP-1.6) Process Guidance in Security ADS Module 3 ACSO-1.4.1 Threat Hunting 3 Threat Hunting (ABB-ACSOP-1.6) Process Guidance in Security ADS Module 3 ACSO-1.4.2 Detection Tuning 3 Detection Tuning (ABB-ACSOP-1.10) Process Guidance in Security ADS Module 3 ACSO-1.4.3 Purple Teaming 3 Purple Teaming (ABB-ACSOP-1.10.1) Process Guidance in Security ADS Module 3 ACSO-1.4.3.1 Red Teaming 4 Red Teaming (ABB-ACSOP-1.10.1.1) Process Guidance in Security ADS Module 3 ACSO-1.5 Threat Intelligence 2 Threat Intelligence Platform (ABB-ACSOP-1.11) Microsoft Defender Threat Intelligence ACSO-1.6 Asset-type specific attack detection 2 Extended detection and response (XDR) (ABB-ACSOP-1.1) Microsoft 365 Defender Microsoft Defender for Cloud ACSO-1.7 Security Information and Event Management (SIEM) 2 SIEM (ABB-ACSOP-1.7) Microsoft Sentinel ACSO-1.7.1 Security Data Lake Capability 3 Security Data Lake (ABB-ACSOP-1.7.1) Microsoft Azure Data Explorer (ADX) ACSO-1.8 Security orchestration, automation, and response (SOAR) 2 SOAR (ABB-ACSOP-1.4) Microsoft 365 Defender (AutoIR) Microsoft Sentinel ACSO-1.9 Advanced Security Analytics 2 Intelligent Anomaly Detection (ABB-ACSOP-1.8) Intelligent Behavior Analytics (ABB-ACSOP-1.9) Microsoft 365 Defender Microsoft Defender for Cloud Microsoft Sentinel ACSO-1.10 Integrated Threat Intelligence Feeds 2 Extended detection and response (XDR) (ABB-ACSOP-1.1) SIEM (ABB-ACSOP-1.7) Microsoft 365 Defender Microsoft Defender for Cloud Microsoft Sentinel ACSO-1.11 SecOps Custom Development 2 SecOps Custom Development Tools (ABB-ACSOP-1.12) Microsoft Azure DevOps Services GitHub / GitHub Advanced Security
  • 33.
     Role missionand purpose  Role creation and evolution  Key role relationships  Required skills and knowledge  Tooling and capabilities  Zero Trust impact and imperatives for each role  Playbook stage involvement for each role  Day in the life of Zero Trust for each role  Defining and measuring success 50+ roles Mapping ZT capabilities to roles 9 guidance types per role Investigation Analysts
  • 34.
    Key Takeaways Zero TrustCommandments • Align Organization (architectural rules and cultural tenets) • Guardrails for your Strategy • Establish a shared understanding of what is and what is not Zero Trust Zero Trust Reference Model • Design and implement Zero Trust with 3 pillar model • Plan and Prioritize your organization’s Zero Trust Capabilities • Align Security with Risk Management • Align Information Security Management (ISM) and operational implementation
  • 35.
    Constraints (requirements) Standards Zero TrustMeta Model Describes relationships between entity types Architectural Constraints (Scalability, Maintainability, Simplicity, Automatable, Integratable, etc.) Non-functional Constraints (KPIs, Staffing/Budget Limits, Regulatory/Risk Controls, Data Classification, etc.) Options (Organizational Choices) Business Capability Architecture Decisions Solution Building Block (SBB) Technical Capability Architecture Building Block (ABB) Interaction Pattern (relationship between ABBs) Technical Constraints (Service Level Agreements, Product/Platform Limitations, etc.)
  • 36.
    Threats Risk Business Assets Data andSystems Mission and Vision Information Security Management (ISM) People, Policy, and Processes Zero Trust Information Security Management (ISM) Model Manage information security risks to the organization Zero Trust Risk Model Evaluate Risk and Prioritize/Plan Mitigations Zero Trust Capabilities, Roadmap, and Operating Model Enterprise Solution Architecture Zero Trust Implementation Model (3 Pillar Model) Strategy, Implementation, Governance and Change Management Architecture Building Blocks (ABBs) Technical Capabilities Design/Build Run/Operate Zero Trust Technology Reference Model Capabilities and Architectural Building Blocks (ABBs) covering Architecture, Operations, Governance
  • 37.
    Zero Trust ImplementationModel (3 Pillar Model) Strategy, Implementation, Governance and Change Management Zero Trust Technology Reference Model Capabilities and Architectural Building Blocks (ABBs) covering Architecture, Operations, Governance Zero Trust Information Security Management (ISM) Model Manage information security risks to the organization Zero Trust Risk Model Evaluate Risk and Prioritize/Plan Mitigations Strategy Operational Zero Trust Models Operating Model Continuous Learning & Continuous Improvement Risk Driven Approach
  • 38.
    Standard Clearly define the expectedoutcome, reasons/risks, and scope of the policy Control Procedures describe best practices on how to implement and assess compliance with the standards and requirements. [often grouped into baseline(s)] Risk Register Ensures that security risk is linked to organizational risk management frameworks and methodologies Policy Structure Requirements specify details on how the standard should be interpreted and implemented
  • 39.
    Executive Mgmt. Enterprise Risk Information Security Technology Compliance Risk Council RiskRegister Controls, Policies, Standards Create/Update/Delete/Maintain Create/Update/Delete/Maintain Risk and Policies Council
  • 40.
    Posture Management OT Operations Governance (PolicyManagement, Compliance, etc.) DevOps Teams IT Operations Security Operations Threat Intelligence Asset Management Enablement (Education, Training, Support, Tooling, etc.) Continuous improvement of security requirements and procedures based on learnings from incidents and other sources
  • 41.
    Vulnerability = Any‘flaw’ that grants attacker control examples and typical point of origin in lifecycle Design/Build Deploy/Configure Operate/Use Operational Vulnerabilities • Logging onto low security device as administrator (leads to Credential Theft / Pass-the-*) • Password on sticky note / spreadsheet • Sharing passwords • Clicking on Phishing Email • Browsing compromised/untrustworthy websites • …and more Configuration Vulnerabilities • Weak configurations • Authentication • cryptographic algorithms • Access Control List (ACL) • Other security setting • Disabling security features • …and more Functional Vulnerabilities • Design flaw in OS/Application code • Implementation flaw in product code • Required functionality (system agent runs arbitrary code as system) • …and more
  • 42.
    Posture Management Manage potentialsecurity risk (vulnerabilities) Posture management is large and complex Collaboratively enabling many teams to secure a continuously changing technical estate Identity Security DevOps Teams Productivity Team / User Support Security Teams Productivity Team Business Leads Application Developers DevOps Teams Database Teams Productivity Team / User Support Business Leads IT Operations Application Developers DevOps Teams Citizen Developers Productivity Team Network Teams IT Operations (Infrastructure and Endpoint) (Multi-Cloud and Hybrid) Privacy Team(s)
  • 43.
    Key Zero TrustArchitecture Building Blocks (ABBs) Foundational components to enable technical and business capabilities Posture Management Platform Asset-Centric Protection Platform Risk Controls Platform Asset-Centric Security Operations Platform Digital Ecosystems Data/Information Apps & Systems Security Zones Adaptive Access Control Platform Digital Identity Platform Zero Trust Governance Platform Security Zones Platform Asset Centricity Platform