SlideShare a Scribd company logo

Understanding Zero Trust Security for IBM i

Download as PPTX, PDF
Precisely
Precisely

As security threats continue to evolve and increase, companies need to also adapt their approach to IT security. One important concept that is gaining in popularity and adoption is zero trust security. The main concept behind the zero trust security model is "never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified. Zero Trust means moving beyond a perimeter security strategy. As companies offer customers and business partners new digital experiences and processes, networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location. This dynamic is impacting IBM i customers and zero trust security is an important element of a modern security strategy. Join us for this webcast to hear about: • Understanding zero trust security concepts • Zero trust security in the real world • Zero trust security for IBM i environments

Technology
1 of 33
Gavriel Meir-Levi | Director of Security Sales Zero Trust
Housekeeping Webinar Audio • Today’s webcast audio is streamed through your computer speakers • If you need technical assistance with the web interface or audio, please reach out to us using the Q&A box Questions Welcome • Submit your questions at any time during the presentation using the Q&A box. If we don't get to your question, we will follow-up via email Recording and slides • This webinar is being recorded. You will receive an email following the webinar with a link to the recording and slides
Agenda • Overview of Zero Trust • Comparing The Different Models • Zero Trust In Practice • NIST Lab • Cisco Case Study • Zero Trust for IBM i 3
Some Background: Zero Trust 101 4 • Zero trust is a set of principles used when designing, implementing and operating an infrastructure • Want to reduce implicit trust between enterprise system Untrusted Zone Implicit Trust Zone Resource (System, Data or Application) Policy Decision/ Enforcement Point (PDP/PEP) 2005: Jericho Forum De-perimeterization 2010: Forrester coins “Zero Trust” 2014: Google releases “BeyondCorp” papers 2018: Gartnercoins “Lean Trust” 2019: NIST releases draft SP 800-207
NIST SP 800-207 Released in 2019 5
A System of Systems NIST SP 800-207 Definition of Terms 6 Zero Trust functional Components • PE: Policy Engine - "The Brains" • PA: Policy Administrator - "The Executor" • PEP: Policy Enforcement Point - "The Guard" • PIP: Policy Information Points* - "The Advisors" * Added in 2020
NIST’s Wholistic “System of Systems” 7 Pros Cons Enterprise policy is overarching management • Satisfies security officers by securing access to IBM i systems and data • Significantly reduces the time and cost of achieving regulatory compliance • Enables implementation of security best practices • Quickly detects security incidents so you can efficiently remediate them • Has low impact on system performance • Interoperability challenges • Need centralized logs/SIEM • May be difficult to diagnose issues • Multiple Policy Engines • Multiple Policy Enforcement Points each covering a portion of Zero Trust • ICAM: Identity & Credential Access Management • Endpoint Protection • Network Monitoring, etc.
Forrester Research Data-Centric ZTX 8 Zero Trust eXtended Ecosystem
Gartner’s CARTA Includes Threats, Prevention, Detection & Response 9 Zero Trust is Interpreted More Narrowly by Gartner
The Microsoft Model 10 Microsoft’s Phases of Zero Trust 1. Identity 2. Device 3. Access 4. Services With Analytics & Automation Throughout
What Does It Look Like In Practice?
Data Security NIST & National Cybersecurity Center of Excellence Implementing Zero Trust Architecture 12 Security Analytics Endpoint securiy User Device Mobile device Device (with SDP Client) ICAM Identity • User • Device Federation Access & Credential • Management • Authentication (SSO/MFA) • Authorization Governance Policy Evaulate access PE/PA Grant access (Micro-segmentation) PEP Grand access (SDP) CLOUD Apps & workloads Protected resources On-prem Apps & workloads (File share, database, storage, apps SDP (example: TLS Tunnel) Key PE: Policy Engine - "The Brains" PA: Policy Administrator - "The Executor" PEP: Policy Enforcement Point - "The Guard" PIP: Policy Information Points* - "The Advisors"
NIST & National Cybersecurity Center of Excellence Implementing Zero Trust Architecture 13 Endpoint security • Application protection • Device compliance • Vulnerability / Threat mitigation • Host intrusion protection system • Host firewall • Malware protection • Encryption in transit • Encryption at rest • Networking monitoring • Endpoint monitoring • Threat intelligence • User behavior • Correlation and analytics engine Key PE: Policy Engine - "The Brains" PA: Policy Administrator - "The Executor" PEP: Policy Enforcement Point - "The Guard" PIP: Policy Information Points* - "The Advisors" Security analytics ICAM Data security ZT Core components (PE, PA, PEP) • Data confidentiality • Data integrity • Data availability • Enhanced identity governance (EIG) • Software defined permeter (SDP) • Micro-segmentation • Identity management • Access & credential management • Federation • Identity governance
Cisco Goes From Zero to Hero in Five Months 14 • No Passwords (…well, fewer passwords) • No More VPN • No More Perimeter
Cisco Goes From Zero to Hero in Five Months 15 Before After
Cisco Goes From Zero to Hero in Five Months 16 After
Cisco Goes From Zero to Hero in Five Months 17 Network Gateway Replaces VPN • One ZTA To Rule Them All Advanced MFA & Certs • Posture Checks • Certificate Checks • No (Well… Fewer) Passwords Certificate Management • Device Certs • User Certs • Index of What is Associated with What
One Design Concept To Rule Them All 18 Network Gateway Replaces VPN • One ZTA To Rule Them All Advanced MFA & Certs • Posture Checks • Certificate Checks • No (Well… Fewer) Passwords Certificate Management • Device Certs • User Certs • Index of What is Associated with What
Network Gateway versus VPN? 19 Network Gateway Replaces VPN • One ZTA To Rule Them All Advanced MFA & Certs • Posture Checks • Certificate Checks • No (Well… Fewer) Passwords Certificate Management • Device Certs • User Certs • Index of What is Associated with What
Cisco Goes From Zero to Hero in Five Months 20
The NIST Laundry List What Did Cisco Actually Do? 21 Endpoint security • Application protection • Device compliance • Vulnerability / Threat mitigation • Host intrusion protection system • Host firewall • Malware protection • Encryption in transit • Encryption at rest • Networking monitoring • Endpoint monitoring • Threat intelligence • User behavior • Correlation and analytics engine Key PE: Policy Engine - "The Brains" PA: Policy Administrator - "The Executor" PEP: Policy Enforcement Point - "The Guard" PIP: Policy Information Points* - "The Advisors" Security analytics ICAM Data security ZT Core components (PE, PA, PEP) • Data confidentiality • Data integrity • Data availability • Enhanced identity governance (EIG) • Software defined permeter (SDP) • Micro-segmentation • Identity management • Access & credential management • Federation • Identity governance A Bit Of This A Bit Of This A Bit Of This Mostly This
NIST Terminology Applied To Cisco 22 Policy Engine The Brains Policy Information The Advisors Policy Administration The Executor Policy Enforcement The Brawn Policy Administration & Enforcement
What Would Zero Trust Look Like For IBM i?
WEB INFRASTRUCTURE - Internet Backbone - Cloud - Firewalls, Routers, Etc. - Windows, Linux, Unix, SQL ENDPOINTS - PC’s - Smartphones - Internet of Things: smartcars, smartgrid, etc. What We Talk About When We Talk About Zero Trust 24 BIG IRON LEGACY - IBM i - Mainframe - AIX The Zero Trust Conversation Occurs Mostly Here
WEB INFRASTRUCTURE - Internet Backbone - Cloud - Firewalls, Routers, Etc. - Windows, Linux, Unix, SQL ENDPOINTS - PC’s - Smartphones - Internet of Things: smartcars, smartgrid, etc. These Are No Longer Backend Systems No More Perimeter: It’s Zero Trust 25 MODERNIZED HYBRID CLOUD - IBM i - Mainframe - AIX
AS/400: Legacy of Over Trust 26 Single Vendor Architecture PC’s… and The Internet! The Green Screen Was A Castle • Application Development Platform • No PC’s • No Internet • Hardware upgradeable without changing the underlying applications • The AS/400 was a self-enclosed castle • Access Control design was completely self-contained • It’s on the menu or it’s not Either You’re On The Menu or You’re Off The Menu • IBM adds Access Control for 3rd party solutions • A lot of default settings still assume too much trust • Open Protocols of the Internet assume trust • IBM i is great… but most of the enterprise runs on Linux, Windows and in the cloud • IBM i security tools need to integrate with other enterprise tools • SIEM • Identity Management • MFA • Etc.
Zero Trust For IBM i 27 Critical: Leverage Other Enterprise Solutions Exit Points Access Control Network Segmentation Endpoint Risk Telemetry Privileged Access Policy Active Directory ??? Advanced MFA Azure, Okta, RSA, Duo, Etc. User & Device Certs SIEM SOAR Policy Compliance Splunk, Qradar, Etc. Phantom, ServiceNow, AI/ML Some Single Point Of Truth Out There Somewhere In The Cloud Perhaps? Radius
Zero Trust For IBM i 28 Critical: Leverage Other Enterprise Solutions Exit Points Access Control Network Segmentation Endpoint Risk Telemetry Privileged Access Policy Active Directory ??? Advanced MFA Azure, Okta, RSA, Duo, Etc. User & Device Certs SIEM SOAR Policy Compliance Splunk, Qradar, Etc. Phantom, ServiceNow, AI/ML Some Single Point Of Truth Out There Somewhere In The Cloud Perhaps? Radius
Zero Trust For IBM i – Example #1 Encryption Key Management for Hybrid IBM i Cloud 29 Single Point of Trust for Encryption Keys IBM i OS Level Field Encryption using FIELDPROC 3rd Party Key Manager Cloud Workloads Key Management Server
Zero Trust For IBM i – Example #1 Encryption Key Management for Hybrid IBM i Cloud 30 Single Point of Trust for Encryption Keys IBM i OS Level Field Encryption using FIELDPROC 3rd Party Key Manager Cloud Workloads Key Management Server Forrester Research Data-Centric ZTX
Zero Trust For IBM i – Example #2 Privileged Access: After Hours Fire Call 31 Developer After Hours SysAdmin Network Gateway Identity Management Radius MFA Server Network Segmentation IBM i Privileged Access Manager Trust Is Earned Not Assumed ServiceNow ITOM Ticket
Zero Trust For IBM i – Example #2 Privileged Access: After Hours Fire Call 32 Developer After Hours SysAdmin Network Gateway Identity Management Radius MFA Server Network Segmentation IBM i Privileged Access Manager Trust Is Earned Not Assumed After Hours Access Requires A Validated Ticket ServiceNow ITOM Ticket
Thank You!

Recommended

Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 

Recommended

Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastCloudflare
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSSylvain Martinez
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Skybox security
Skybox security Skybox security
Skybox security Alejandro Cadarso
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Institucional proofpoint
Institucional proofpointInstitucional proofpoint
Institucional proofpointvoliverio
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science David Sweigert
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 

More Related Content

What's hot

Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastCloudflare
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSSylvain Martinez
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
Institucional proofpoint
Institucional proofpointInstitucional proofpoint
Institucional proofpointvoliverio
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science David Sweigert
 

What's hot (20)

Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Skybox security
Skybox security Skybox security
Skybox security
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Institucional proofpoint
Institucional proofpointInstitucional proofpoint
Institucional proofpoint
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science
 

Similar to Understanding Zero Trust Security for IBM i

Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applicationskanimozhin
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Cyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfCyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfNaveenKumar470500
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 

Similar to Understanding Zero Trust Security for IBM i (20)

Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Cyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfCyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdf
 
Cyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdfCyber_Security_CyberPact.pdf
Cyber_Security_CyberPact.pdf
 
SeattleFall1
SeattleFall1SeattleFall1
SeattleFall1
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 

More from Precisely

Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdfOptimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdfPrecisely
 
Chaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdfChaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdfPrecisely
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligencePrecisely
 
Navigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful MigrationNavigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful MigrationPrecisely
 
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google ChronicleUnlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google ChroniclePrecisely
 
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdfHow to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdfPrecisely
 
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenPrecisely
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfPrecisely
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Precisely
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Precisely
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Precisely
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fPrecisely
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsPrecisely
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPPrecisely
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenPrecisely
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsPrecisely
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyPrecisely
 

More from Precisely (20)

Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdfOptimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
 
Chaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdfChaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdf
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
 
Navigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful MigrationNavigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful Migration
 
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google ChronicleUnlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
 
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdfHow to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
 
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAP
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIs
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and Precisely
 

Recently uploaded

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfalexjohnson7307
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 

Recently uploaded (20)

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 

Understanding Zero Trust Security for IBM i

  • 1. Gavriel Meir-Levi | Director of Security Sales Zero Trust
  • 2. Housekeeping Webinar Audio • Today’s webcast audio is streamed through your computer speakers • If you need technical assistance with the web interface or audio, please reach out to us using the Q&A box Questions Welcome • Submit your questions at any time during the presentation using the Q&A box. If we don't get to your question, we will follow-up via email Recording and slides • This webinar is being recorded. You will receive an email following the webinar with a link to the recording and slides
  • 3. Agenda • Overview of Zero Trust • Comparing The Different Models • Zero Trust In Practice • NIST Lab • Cisco Case Study • Zero Trust for IBM i 3
  • 4. Some Background: Zero Trust 101 4 • Zero trust is a set of principles used when designing, implementing and operating an infrastructure • Want to reduce implicit trust between enterprise system Untrusted Zone Implicit Trust Zone Resource (System, Data or Application) Policy Decision/ Enforcement Point (PDP/PEP) 2005: Jericho Forum De-perimeterization 2010: Forrester coins “Zero Trust” 2014: Google releases “BeyondCorp” papers 2018: Gartnercoins “Lean Trust” 2019: NIST releases draft SP 800-207
  • 6. A System of Systems NIST SP 800-207 Definition of Terms 6 Zero Trust functional Components • PE: Policy Engine - "The Brains" • PA: Policy Administrator - "The Executor" • PEP: Policy Enforcement Point - "The Guard" • PIP: Policy Information Points* - "The Advisors" * Added in 2020
  • 7. NIST’s Wholistic “System of Systems” 7 Pros Cons Enterprise policy is overarching management • Satisfies security officers by securing access to IBM i systems and data • Significantly reduces the time and cost of achieving regulatory compliance • Enables implementation of security best practices • Quickly detects security incidents so you can efficiently remediate them • Has low impact on system performance • Interoperability challenges • Need centralized logs/SIEM • May be difficult to diagnose issues • Multiple Policy Engines • Multiple Policy Enforcement Points each covering a portion of Zero Trust • ICAM: Identity & Credential Access Management • Endpoint Protection • Network Monitoring, etc.
  • 9. Gartner’s CARTA Includes Threats, Prevention, Detection & Response 9 Zero Trust is Interpreted More Narrowly by Gartner
  • 10. The Microsoft Model 10 Microsoft’s Phases of Zero Trust 1. Identity 2. Device 3. Access 4. Services With Analytics & Automation Throughout
  • 11. What Does It Look Like In Practice?
  • 12. Data Security NIST & National Cybersecurity Center of Excellence Implementing Zero Trust Architecture 12 Security Analytics Endpoint securiy User Device Mobile device Device (with SDP Client) ICAM Identity • User • Device Federation Access & Credential • Management • Authentication (SSO/MFA) • Authorization Governance Policy Evaulate access PE/PA Grant access (Micro-segmentation) PEP Grand access (SDP) CLOUD Apps & workloads Protected resources On-prem Apps & workloads (File share, database, storage, apps SDP (example: TLS Tunnel) Key PE: Policy Engine - "The Brains" PA: Policy Administrator - "The Executor" PEP: Policy Enforcement Point - "The Guard" PIP: Policy Information Points* - "The Advisors"
  • 13. NIST & National Cybersecurity Center of Excellence Implementing Zero Trust Architecture 13 Endpoint security • Application protection • Device compliance • Vulnerability / Threat mitigation • Host intrusion protection system • Host firewall • Malware protection • Encryption in transit • Encryption at rest • Networking monitoring • Endpoint monitoring • Threat intelligence • User behavior • Correlation and analytics engine Key PE: Policy Engine - "The Brains" PA: Policy Administrator - "The Executor" PEP: Policy Enforcement Point - "The Guard" PIP: Policy Information Points* - "The Advisors" Security analytics ICAM Data security ZT Core components (PE, PA, PEP) • Data confidentiality • Data integrity • Data availability • Enhanced identity governance (EIG) • Software defined permeter (SDP) • Micro-segmentation • Identity management • Access & credential management • Federation • Identity governance
  • 14. Cisco Goes From Zero to Hero in Five Months 14 • No Passwords (…well, fewer passwords) • No More VPN • No More Perimeter
  • 15. Cisco Goes From Zero to Hero in Five Months 15 Before After
  • 16. Cisco Goes From Zero to Hero in Five Months 16 After
  • 17. Cisco Goes From Zero to Hero in Five Months 17 Network Gateway Replaces VPN • One ZTA To Rule Them All Advanced MFA & Certs • Posture Checks • Certificate Checks • No (Well… Fewer) Passwords Certificate Management • Device Certs • User Certs • Index of What is Associated with What
  • 18. One Design Concept To Rule Them All 18 Network Gateway Replaces VPN • One ZTA To Rule Them All Advanced MFA & Certs • Posture Checks • Certificate Checks • No (Well… Fewer) Passwords Certificate Management • Device Certs • User Certs • Index of What is Associated with What
  • 19. Network Gateway versus VPN? 19 Network Gateway Replaces VPN • One ZTA To Rule Them All Advanced MFA & Certs • Posture Checks • Certificate Checks • No (Well… Fewer) Passwords Certificate Management • Device Certs • User Certs • Index of What is Associated with What
  • 20. Cisco Goes From Zero to Hero in Five Months 20
  • 21. The NIST Laundry List What Did Cisco Actually Do? 21 Endpoint security • Application protection • Device compliance • Vulnerability / Threat mitigation • Host intrusion protection system • Host firewall • Malware protection • Encryption in transit • Encryption at rest • Networking monitoring • Endpoint monitoring • Threat intelligence • User behavior • Correlation and analytics engine Key PE: Policy Engine - "The Brains" PA: Policy Administrator - "The Executor" PEP: Policy Enforcement Point - "The Guard" PIP: Policy Information Points* - "The Advisors" Security analytics ICAM Data security ZT Core components (PE, PA, PEP) • Data confidentiality • Data integrity • Data availability • Enhanced identity governance (EIG) • Software defined permeter (SDP) • Micro-segmentation • Identity management • Access & credential management • Federation • Identity governance A Bit Of This A Bit Of This A Bit Of This Mostly This
  • 22. NIST Terminology Applied To Cisco 22 Policy Engine The Brains Policy Information The Advisors Policy Administration The Executor Policy Enforcement The Brawn Policy Administration & Enforcement
  • 23. What Would Zero Trust Look Like For IBM i?
  • 24. WEB INFRASTRUCTURE - Internet Backbone - Cloud - Firewalls, Routers, Etc. - Windows, Linux, Unix, SQL ENDPOINTS - PC’s - Smartphones - Internet of Things: smartcars, smartgrid, etc. What We Talk About When We Talk About Zero Trust 24 BIG IRON LEGACY - IBM i - Mainframe - AIX The Zero Trust Conversation Occurs Mostly Here
  • 25. WEB INFRASTRUCTURE - Internet Backbone - Cloud - Firewalls, Routers, Etc. - Windows, Linux, Unix, SQL ENDPOINTS - PC’s - Smartphones - Internet of Things: smartcars, smartgrid, etc. These Are No Longer Backend Systems No More Perimeter: It’s Zero Trust 25 MODERNIZED HYBRID CLOUD - IBM i - Mainframe - AIX
  • 26. AS/400: Legacy of Over Trust 26 Single Vendor Architecture PC’s… and The Internet! The Green Screen Was A Castle • Application Development Platform • No PC’s • No Internet • Hardware upgradeable without changing the underlying applications • The AS/400 was a self-enclosed castle • Access Control design was completely self-contained • It’s on the menu or it’s not Either You’re On The Menu or You’re Off The Menu • IBM adds Access Control for 3rd party solutions • A lot of default settings still assume too much trust • Open Protocols of the Internet assume trust • IBM i is great… but most of the enterprise runs on Linux, Windows and in the cloud • IBM i security tools need to integrate with other enterprise tools • SIEM • Identity Management • MFA • Etc.
  • 27. Zero Trust For IBM i 27 Critical: Leverage Other Enterprise Solutions Exit Points Access Control Network Segmentation Endpoint Risk Telemetry Privileged Access Policy Active Directory ??? Advanced MFA Azure, Okta, RSA, Duo, Etc. User & Device Certs SIEM SOAR Policy Compliance Splunk, Qradar, Etc. Phantom, ServiceNow, AI/ML Some Single Point Of Truth Out There Somewhere In The Cloud Perhaps? Radius
  • 28. Zero Trust For IBM i 28 Critical: Leverage Other Enterprise Solutions Exit Points Access Control Network Segmentation Endpoint Risk Telemetry Privileged Access Policy Active Directory ??? Advanced MFA Azure, Okta, RSA, Duo, Etc. User & Device Certs SIEM SOAR Policy Compliance Splunk, Qradar, Etc. Phantom, ServiceNow, AI/ML Some Single Point Of Truth Out There Somewhere In The Cloud Perhaps? Radius
  • 29. Zero Trust For IBM i – Example #1 Encryption Key Management for Hybrid IBM i Cloud 29 Single Point of Trust for Encryption Keys IBM i OS Level Field Encryption using FIELDPROC 3rd Party Key Manager Cloud Workloads Key Management Server
  • 30. Zero Trust For IBM i – Example #1 Encryption Key Management for Hybrid IBM i Cloud 30 Single Point of Trust for Encryption Keys IBM i OS Level Field Encryption using FIELDPROC 3rd Party Key Manager Cloud Workloads Key Management Server Forrester Research Data-Centric ZTX
  • 31. Zero Trust For IBM i – Example #2 Privileged Access: After Hours Fire Call 31 Developer After Hours SysAdmin Network Gateway Identity Management Radius MFA Server Network Segmentation IBM i Privileged Access Manager Trust Is Earned Not Assumed ServiceNow ITOM Ticket
  • 32. Zero Trust For IBM i – Example #2 Privileged Access: After Hours Fire Call 32 Developer After Hours SysAdmin Network Gateway Identity Management Radius MFA Server Network Segmentation IBM i Privileged Access Manager Trust Is Earned Not Assumed After Hours Access Requires A Validated Ticket ServiceNow ITOM Ticket