View
31
Download
0
Embed Size (px)
Citation preview
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Zero TrustA New, More Effective Approach to Security
Ed Higgins, CISSP, CISM, CGEIT
Security and Compliance Specialist
Catapult Systems
November 11, 2017
1
Increase Your Business Agility By Adopting Zero Trust
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
“Legacy, perimeter-centric models of information security are of no use in today’s digital businesses, as they are no longer
bounded by the four walls of their corporation.”
2
~Forrester Research
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
The Challenge
3
Finding qualified security staff
Mapping requirements to solutions
Managing numerous silo securitysolutions
Data is more mobile than ever
Perimeter Security has Failed to Adapt
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Data is More Mobile than Ever
4
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Workstations
The “Jewels” Server
The Perimeter Model (And it’s Fatal Flaw)
• Hard outer shell (the untrusted zone, the DMZ , the other zones
5
• Inner (gooey) center of trusted systems with relaxed firewall rules and implicit trust.
• Trust Thy Neighbor?
• Assume there’s no malware
• Assume there’s no malicious users
• Assume there’s no already compromised users
• No, Thank you!
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Mapping Requirements to Solutions
6
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Silos of Security Tools
7
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Staffing Security Experts
8
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Along the Attack Kill Chain: Advanced Persistent Threat
9
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Along the Attack Kill Chain: Low to High Privilege Lateral Movement
9
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Tenants of Zero Trust
Access must be earned by all devices every time
1
Ensure all data and resources are accessed securely
2
User and device location should not decrease security
3
Least-Privileged Access and strictly enforced access controls
4
Log everything to an immutable destination
5
11
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Why a new approach?
Compromised identity is the root of most breaches
Low privileged accounts are exploited to move laterally from device to device, then escalate to high privileges to accomplish mission
Most organizations address North / South threats, but not East / West
Cloud apps, mobile users, laptops, work from home, B2C, and B2B all span the firewall which leads to blind spots and shadow IT
12
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Control Framework
Encryption at rest & transit
Firewall & System Mgmt
Intrusion Detection / Prevention
Logging
Activity Monitoring
Access & Identity Control
Web Servers
Database Servers
Cloud Services
Mobile
On-Prem Users
Remote Users
Partners
13
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Mental Exercise
What would you do differently if every user was always on BYOD mobile?
14
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Advantages of Applied Zero Trust
Makes lateral breach movement harder
Users get a unified experience
Add consistent security controls for
all endpoints
Removes complexity of solving for both
on-prem and external access
Security is persistent, even if data is shared
externally
Removes need for certain complexities
such as DMZ and VPN in many scenarios
Enables Digital Transformation by removing security
inequity
Say “Yes” More
16
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Collin College
North Texas ISSA (Information Systems Security Association)
Thank you
17
Ed Higgins, CISSP, CISM, CGEIT
Security and Compliance SpecialistCatapult [email protected]