Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
1. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Zero Trust
A New, More Effective Approach to Security
Ed Higgins, CISSP, CISM, CGEIT
Security and Compliance Specialist
Catapult Systems
November 11, 2017
1
Increase Your Business Agility By Adopting Zero Trust
2. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
“Legacy, perimeter-centric models of information security are
of no use in today’s digital businesses, as they are no longer
bounded by the four walls of their corporation.”
2
~Forrester Research
3. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
The Challenge
3
Finding
qualified
security
staff
Mapping
requirements
to solutions
Managing
numerous
silo security
solutions
Data is
more
mobile
than ever
Perimeter
Security has
Failed to
Adapt
4. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Data is More Mobile than Ever
4
5. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Workstations
The “Jewels” Server
The Perimeter Model (And it’s Fatal Flaw)
• Hard outer shell (the untrusted zone, the DMZ , the other zones
5
• Inner (gooey) center of trusted
systems with relaxed firewall rules
and implicit trust.
• Trust Thy Neighbor?
• Assume there’s no malware
• Assume there’s no malicious users
• Assume there’s no already
compromised users
• No, Thank you!
6. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Mapping Requirements to Solutions
6
7. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Silos of Security Tools
7
9. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Along the Attack Kill Chain: Advanced Persistent Threat
9
10. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Along the Attack Kill Chain: Low to High Privilege Lateral Movement
9
11. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Tenants of Zero Trust
Access must be
earned by all devices
every time
1
Ensure all data and
resources are
accessed securely
2
User and device
location should not
decrease security
3
Least-Privileged
Access and strictly
enforced access
controls
4
Log everything to an
immutable
destination
5
11
12. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Why a new approach?
Compromised identity is the root of most breaches
Low privileged accounts are exploited to move laterally from device to
device, then escalate to high privileges to accomplish mission
Most organizations address North / South threats, but not East / West
Cloud apps, mobile users, laptops, work from home, B2C, and B2B all
span the firewall which leads to blind spots and shadow IT
12
13. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Control
Framework
Encryption
at rest &
transit
Firewall &
System
Mgmt
Intrusion
Detection /
Prevention
Logging
Activity
Monitoring
Access &
Identity
Control
Web Servers
Database Servers
Cloud Services
Mobile
On-Prem Users
Remote Users
Partners
13
14. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Mental Exercise
What would you do
differently if every user
was always on BYOD
mobile?
14
15. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Advantages of Applied Zero Trust
Makes lateral breach
movement harder
Users get a unified
experience
Add consistent
security controls for
all endpoints
Removes complexity
of solving for both
on-prem and external
access
Security is persistent,
even if data is shared
externally
Removes need for
certain complexities
such as DMZ and VPN
in many scenarios
Enables Digital
Transformation by
removing security
inequity
Say “Yes” More
16
16. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Collin College
North Texas ISSA (Information Systems Security Association)
Thank you
17
Ed Higgins, CISSP, CISM, CGEIT
Security and Compliance Specialist
Catapult Systems
Ed.Higgins@CatapultSystems.com
972-571-8808
Notas del editor
Reaching customers in new, more intimate and innovative ways.
Millennials leading the way in ubiquitous use of tech (social and workplace)
CIOs and CISO, challenged to say “yes” more, and enable business growth and adoption.
Perimeter: the firewall, the router, the switches, the zones of trust and untrust.
If you are still skeptical, just ask yourself, if anyone at any time has ever gotten a malware infection in your enterprise, even if it was from a remote system, and was ever able to connect to your network.