• Home

  • Documents

  • BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by...
17
BUILDING A ZERO TRUST ARCHITECTURE Natalio Pincever Sr. Director, Product Management Federal Gov Geoffrey Carlisle Solution Architect , Product Management Federal Gov

BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

  • Upload
    others

  • View
    5

  • Download
    0

Embed Size (px)

Citation preview

Page 1: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

BUILDING A ZERO TRUST

ARCHITECTURE Natalio PinceverSr. Director, Product Management Federal Gov

Geoffrey Carlisle Solution Architect , Product Management Federal Gov

Page 2: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

TRUST IS A DANGEROUSVULNERABILITY

THAT IS EXPLOITED BY MALICIOUS ACTORS

2 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 3: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Zero Trust is a security model that prevents breachesby eliminating assumed trust in the digital world

and instead consistently verifies all traffic from all users, devices, and applications at all locations

Page 4: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

A Zero Trust Strategy Reduces Attack Opportunities

Problem

Broken trust model exploited by hackers

Action

Build a zerotrust network

Benefit

Helps stopdata breaches

4 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 5: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

1. Who the President is…

2. Where the President is…

3. Who should have access to the President…

5 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 6: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Perimeter

Protect surface

Controls

Micro-perimeter

Monitoring

6 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 7: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

5-Steps to Deploying Zero Trust

Page 8: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

1. Define your Protect Surface

2. Map the transaction flows

3. Build a Zero Trust architecture

4. Create Zero Trust Policy

5. Monitor and maintain

the network

5 Steps to Deploying Zero Trust

AutoFocus MineMeld Transformation Services

Prisma CloudDemistoCortexTM

XDRCortexTM

Data Lake

WildFire Threat Prevention

URL Filtering

Prisma SaaS

Panorama Transformation Services

DNS Service

8 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

CortexTM Data Lake

Next-Generation Firewall

Transformation Services

CortexTM

XDR

Next-Generation Firewall

Traps Transformation Services

CortexTM

XDRCortexTM Data

Lake

Next-Generation Firewall

Transformation Services

GlobalProtect Prisma Access

TrapsCortexTM Data Lake

CortexTM

XDR

Traps

Page 9: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Legacy Rules are Complex to Manage

9 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 10: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Create a Zero Trust Policy: The Kipling Method

Zero Trust policies must address who, what, when, where, and how?

Who What When Where Why How Action

User ID App ID Time System Object Classification Content ID

Sales Salesforce Working Hours US Toxic SFDC_CID Allow

Epic_Users Epic Any Epic_Svr Toxic Epic_CID Allow

10 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 11: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Use Cases

Page 12: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Zero Trust for Mobile Workers

• Extending policy to devices attempting to access the protect surface

• Preventing employees or their devices from compromise by known and unknown threats

Micro-perimeter

Protect Surface On-PremiseSegmentation

Gateway

Cloud-based Segmentation

Gateway

12 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 13: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Zero Trust in A Multi-Cloud Environment

North-South

East-West

North-South

East-West

PublicCloud

PrivateCloud

Data Center• Protect Workloads

where ever they go (across north-south, east-west traffic)

• Multi-layered segmentation reduces opportunities of attack

• Block and quickly respond to advanced threats across network, devices & clouds

North-South

East-West

13 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 14: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Zero Trust for Enterprise with Satellite Facilities

• Policy enforcement across users and devices accessing protect surface

• Prevent threats across branch, campus, datacenter and cloud

Branch

Branch

Campus

PublicCloud

PrivateCloud

DataCenter

14 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 15: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Customer Use Case

Page 16: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

Customer Use Case

Overview:

• Due to the sensitive nature of their work the customer decided to look into a zero trust architecture for

networking.

Customer Requirements:

• Complete visibility of ALL traffic from the inside out.

• Strict policy enforcement and continuous monitoring for attacks and abuse in isolated environments.

Customer Strategy:

• Control and monitor east west traffic within the data centers and between network locations.

• Control east west traffic between workstations on the same LAN segment (micro-segmentation).

Customer Architecture:

• 140 segmentation gateways across two networks with multiple instances of Panorama and Demisto

(automation platform).

• Ability to deploy automated policies at scale and speed in an automated fashion.

16 | © 2019 Palo Alto Networks, Inc. Confidential and Proprietary.

Page 17: BUILDING A ZERO TRUST ARCHITECTUREZero Trust is a security model that prevents breaches by eliminating assumed trust in the digital world and instead consistently verifies all traffic

paloaltonetworks.com

[email protected]

[email protected]

Twitter: @PaloAltoNtwks

Thank You

mailto:[email protected]

Passwords Breaches, Storage, Attacks

Passwords Breaches, Storage, Attacks

Documents
Kaseya Kaspersky Breaches

Kaseya Kaspersky Breaches

Documents
Trust Board Date 25 May 2017 - · PDF fileTo achieve the highest possible quality of care and treatment for our patients, in ... The Trust missed the 4 hour A&E NHSI ... % Breaches

Trust Board Date 25 May 2017 - · PDF fileTo achieve the highest possible quality of care and treatment for our patients, in ... The Trust missed the 4 hour A&E NHSI ... % Breaches

Documents
Radioactivity monitoring: How the JRC verifies results ... · Radioactivity monitoring: How the JRC verifies results from monitoring within the European Union A brief introduction

Radioactivity monitoring: How the JRC verifies results ... · Radioactivity monitoring: How the JRC verifies results from monitoring within the European Union A brief introduction

Documents
Trust Your Enterprise Deployments to the Oracle Product Stack · Trust Your Enterprise Deployments to the Oracle Product Stack 4 such as Oracle RAC, the testing verifies that the

Trust Your Enterprise Deployments to the Oracle Product Stack · Trust Your Enterprise Deployments to the Oracle Product Stack 4 such as Oracle RAC, the testing verifies that the

Documents
Protecting Consumer Information: Can Data Breaches Be ... › meetings › IF › IF17 › 20140205 › ... · Data Breaches in the United States Unfortunately, data breaches are

Protecting Consumer Information: Can Data Breaches Be ... › meetings › IF › IF17 › 20140205 › ... · Data Breaches in the United States Unfortunately, data breaches are

Documents
Breaches Caught by NBAD

Breaches Caught by NBAD

Documents
Breaches Happen Prepared 35527

Breaches Happen Prepared 35527

Documents
Effectively Managing Data Breaches

Effectively Managing Data Breaches

Documents
This certificate verifies Rolf Frefel · SAFe 4 Certified Practitioner VALID THROUGH DECEMBER 20, 2018 €€€€€€€ CERTIFICATE ID: 27098445-6826 This certificate verifies

This certificate verifies Rolf Frefel · SAFe 4 Certified Practitioner VALID THROUGH DECEMBER 20, 2018 €€€€€€€ CERTIFICATE ID: 27098445-6826 This certificate verifies

Documents
Webinar: Data Breaches - How to In This Issue · Webinar: Data Breaches - How to Manage Them Thursday, August 15, 11:00 AM Eastern ECIA & The Trust Bridge present the second webinar

Webinar: Data Breaches - How to In This Issue · Webinar: Data Breaches - How to Manage Them Thursday, August 15, 11:00 AM Eastern ECIA & The Trust Bridge present the second webinar

Documents
Legal services Trusts Advisory Group · Advising on resolving breaches of trust Court applications concerning trusts Trust disputes Estate planning ... clients, at a level that cannot

Legal services Trusts Advisory Group · Advising on resolving breaches of trust Court applications concerning trusts Trust disputes Estate planning ... clients, at a level that cannot

Documents
Data Breaches - RSA Conference · Neil Daswani Chief Informaon Security Officer – LifeLock Craig Spiezle Execu2ve Director, Online Trust Alliance Data Breaches Technology, Threats,

Data Breaches - RSA Conference · Neil Daswani Chief Informaon Security Officer – LifeLock Craig Spiezle Execu2ve Director, Online Trust Alliance Data Breaches Technology, Threats,

Documents
Incubator Analyzer...incubator analyzer that verifies the operation and environment of baby incubators, transport incubators, and radiant warmers. The Analyzer verifies the parameters

Incubator Analyzer...incubator analyzer that verifies the operation and environment of baby incubators, transport incubators, and radiant warmers. The Analyzer verifies the parameters

Documents
Breaches, Responses, and Challenges

Breaches, Responses, and Challenges

Documents
Data Breaches in Healthcare: Responding to the Growing ...media.straffordpub.com/products/data-breaches-in-healthcare... · Data Breaches in Healthcare: Responding to the Growing

Data Breaches in Healthcare: Responding to the Growing ...media.straffordpub.com/products/data-breaches-in-healthcare... · Data Breaches in Healthcare: Responding to the Growing

Documents
Data Security Breaches: Context and Incident Summaries · Data Security Breaches: Context and Incident Summaries Summary Personal data security breaches are being reported with increasing

Data Security Breaches: Context and Incident Summaries · Data Security Breaches: Context and Incident Summaries Summary Personal data security breaches are being reported with increasing

Documents
Preventing Data Breaches

Preventing Data Breaches

Technology
Data Breaches Polling

Data Breaches Polling

Documents
NJ- Overview US Jobs · verifying information about! brand! new! businesses! while another! verifies! information aboutphysicians! and!dentists ! and!yet another! verifies! Canadian

NJ- Overview US Jobs · verifying information about! brand! new! businesses! while another! verifies! information aboutphysicians! and!dentists ! and!yet another! verifies! Canadian

Documents
Tenancy management. - Bournville Village Trust€¦ · Breaching an agreement • Identify and act on breaches of tenancy agreements such as; parking issues, abandoned vehicles and

Tenancy management. - Bournville Village Trust€¦ · Breaching an agreement • Identify and act on breaches of tenancy agreements such as; parking issues, abandoned vehicles and

Documents
Cyber Security Breaches Survey 2020: Statistical …...Cyber Security Breaches Survey 2020 The Cyber Security Breaches Survey is a quantitative and qualitative study of UK businesses

Cyber Security Breaches Survey 2020: Statistical …...Cyber Security Breaches Survey 2020 The Cyber Security Breaches Survey is a quantitative and qualitative study of UK businesses

Documents
Data Breaches Article

Data Breaches Article

Documents
Gaining Customer Trust with SSL Certificates · certificate, containing information about the site, Certificate Authority, etc. and a public key. After the browser verifies the certificate,

Gaining Customer Trust with SSL Certificates · certificate, containing information about the site, Certificate Authority, etc. and a public key. After the browser verifies the certificate,

Documents
This certificate verifies Linda Feaster - Nevelex · VALID THROUGH APRIL 1, 2018 €€€€€€€ CERTIFICATE ID: 58376186-3208 This certificate verifies. SCALED AGILE FRAME-WORC

This certificate verifies Linda Feaster - Nevelex · VALID THROUGH APRIL 1, 2018 €€€€€€€ CERTIFICATE ID: 58376186-3208 This certificate verifies. SCALED AGILE FRAME-WORC

Documents
2 Your data is anywhere but not in your control Security breaches are recurrent – Weakest link: hardware, software, technicians, … You may trust the science

2 Your data is anywhere but not in your control Security breaches are recurrent – Weakest link: hardware, software, technicians, … You may trust the science

Documents
Safeguarding Against Data Breaches

Safeguarding Against Data Breaches

Documents
MedDream VideoStation User Manual · Personal data breaches. In the event of personal data breaches (including but not limited to cyber security breaches), inform the medical software

MedDream VideoStation User Manual · Personal data breaches. In the event of personal data breaches (including but not limited to cyber security breaches), inform the medical software

Documents
Preventing Data Breaches Guide

Preventing Data Breaches Guide

Documents
Responding to Data Breaches

Responding to Data Breaches

Law