SlideShare a Scribd company logo

Zero Trust Framework for Network Security​

Download as PPTX, PDF
AlgoSec
AlgoSec

This document discusses the principles and challenges of implementing a zero trust network framework. It focuses on five key areas: visibility, automation, segmentation, compliance, and API integration. Visibility into the entire network is described as essential for security under a zero trust model. Automation is needed to process security policy changes efficiently across hybrid environments without errors. Proper network segmentation and isolation of assets is positioned as important for control. Compliance with regulations is discussed as being facilitated by a zero trust framework. Finally, API integration is presented as allowing business-driven security management and integration with other solutions.

Related slideshows

What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
1 of 27
Zero Trust Framework for Network Security Forrester Privacy & Security 2018 September 25-26 2018, Washington DC
2 | ConfidentialSource: The Zero Trust eXtended (ZTX) Ecosystem 2018 ZERO TRUST
ZERO TRUST NETWORK FRAMEWORK PRINCIPLES - CHALLENGES Visibility Automation Segmentation Compliance API Integration 3 | Confidential GUIDANCE Challenge Requirements Use Case CISO Business Analyst Network Security Manager ComponentsAnglesPersonas
VISIBILITY – GUIDANCE • “Visibility is the key to defending any valuable asset” • “Zero Trust mandates significant investment in visibility” • “You can’t protect the invisible” 4 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018 You can’t combat a threat you can’t see or understand. Visibility is essential for achieving Zero Trust
VISIBILITY – CHALLENGES 5 | Confidential Large and complex heterogenous and hybrid networks Cisco, Checkpoint, PAN, etc. Multiple firewall vendors AWS, Azure, Google Public cloud providers VMWare NSX, Cisco ACI etc. Private cloud, SDN platforms
VISIBILITY – REQUIREMENTS 6 | Confidential Full visibility into your entire network security estate with a live topology map Single pane of glass to manage cloud, SDN and on-premise security controls Unified management of security policy across hybrid environments and mixed environments Discovery and mapping of business application connectivity requirements to the network infrastructure
? VISIBILITY – USE CASE
? VISIBILITY – ANOTHER USE CASE
AUTOMATION – GUIDANCE • “Critical for organizations and S&R leadership to leverage and use tools and technologies” • “Enable automation and orchestration across the enterprise” 9 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
AUTOMATION – CHALLENGES 10 | Confidential Defining and maintaining a Zero Trust network involves many security policy changes. Change processes, when done manually, inevitably lead to errors and misconfigurations. • Risk assessment for each proposed change • Multiple disparate teams and stakeholders (security, networking, business owners). With different languages, different objectives. Slow process as even a single change in a complex enterprise environment takes time, X hundreds of changes per month.
AUTOMATION – REQUIREMENTS 11 | Confidential Process firewall changes with zero-touch automation Eliminate mistakes and rework Accountability for change requests • Assess impact of network changes to ensure security and continuous compliance • Automate rule-recertification processes • Introduce intelligent change management • Enforce compliance • Deliver automatic documentation across the entire change management lifecycle
? AUTOMATION – USE CASE
AUTOMATION – ANOTHER USE CASE
SEGMENTATION – GUIDANCE “The ability to segment, isolate, and control the network continues to be a pivotal point of control for Zero Trust.” 14 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
SEGMENTATION – CHALLENGES 15 | Confidential • Security policy change is slow, taking days or weeks to process in a complex enterprise environment • Change process involves multiple disparate teams and stakeholders (security, networking, business owners) who speak different languages and have different objectives Detection, assessment and decisions about which applications should be segmented and their placement within the Zero Trust network Risk assessment of proposed changes in Zero Trust network Misconfiguratons happen Misconfigurations happen often and introduce unnecessary risks and cause outages that disrupt business operations
SEGMENTATION – REQUIREMENTS 16 | Confidential Define and enforce your Zero Trust segmentation strategy inside the data center. Automatic identification of changes that violate the Zero Trust strategy Single pane of glass to manage both cloud and on-premise security controls and segments • Meet compliance requirements • Identify unprotected network flows • Automatic implementation of network security changes • Automatic validation of changes aligned with strategy • Avoid blockage of critical business services.
SEGMENTATION – USE CASE
SEGMENTATION – ANOTHER USE CASE
SEGMENTATION – ANOTHER USE CASE
COMPLIANCE – GUIDANCE • “Security teams that have used Zero Trust as a key driver of their strategic security vision have met many compliance requirements with far greater ease.“ • “Segmenting the network frequently reduces the scope of compliance initiatives because many regulations, such as PCI, only have certain data types in scope” • “Zero Trust networks far exceed the security required by compliance directives, and that’s a good thing.” 20 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
COMPLIANCE – CHALLENGES 21 | Confidential Managing a Zero Trust network is a significant overhead, more segments you have the more firewalls you need to deploy and manage. Firewall audit preparation process is manual, time consuming and costly. Compliance takes time away from strategic initiatives. Regulations require continuous compliance Compliance documentation is tedious and time consuming
COMPLIANCE – REQUIREMENTS 22 | Confidential Instant generation of audit-ready reports for major regulations, including PCI, GDPR, HIPAA, SOX, NERC etc. Generate custom reports for internal compliance mandates Proactive checks of every change for compliance and/or network segmentation violations • Changes to remediate problems and ensure compliance • Audit trail of all firewall changes and approval processes • Easily define allowed traffic between network segments • Support software-defined micro-segmentation on multiple platforms.
? COMPLIANCE – USE CASE
? COMPLIANCE – ANOTHER USE CASE
APIINTEGRATION Business driven Security Management “Advanced API integration available for your team to use for development purposes as well as to integrate other security solutions into your Zero Trust ecosystem.”
ZERO TRUST NETWORK - SUMMARY 26 | Confidential Visibility Automation Segmentation API IntegrationCompliance
Thank You 27 | Confidential

More Related Content

Zero Trust Framework for Network Security​

  • 1. Zero Trust Framework for Network Security Forrester Privacy & Security 2018 September 25-26 2018, Washington DC
  • 2. 2 | ConfidentialSource: The Zero Trust eXtended (ZTX) Ecosystem 2018 ZERO TRUST
  • 3. ZERO TRUST NETWORK FRAMEWORK PRINCIPLES - CHALLENGES Visibility Automation Segmentation Compliance API Integration 3 | Confidential GUIDANCE Challenge Requirements Use Case CISO Business Analyst Network Security Manager ComponentsAnglesPersonas
  • 4. VISIBILITY – GUIDANCE • “Visibility is the key to defending any valuable asset” • “Zero Trust mandates significant investment in visibility” • “You can’t protect the invisible” 4 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018 You can’t combat a threat you can’t see or understand. Visibility is essential for achieving Zero Trust
  • 5. VISIBILITY – CHALLENGES 5 | Confidential Large and complex heterogenous and hybrid networks Cisco, Checkpoint, PAN, etc. Multiple firewall vendors AWS, Azure, Google Public cloud providers VMWare NSX, Cisco ACI etc. Private cloud, SDN platforms
  • 6. VISIBILITY – REQUIREMENTS 6 | Confidential Full visibility into your entire network security estate with a live topology map Single pane of glass to manage cloud, SDN and on-premise security controls Unified management of security policy across hybrid environments and mixed environments Discovery and mapping of business application connectivity requirements to the network infrastructure
  • 9. AUTOMATION – GUIDANCE • “Critical for organizations and S&R leadership to leverage and use tools and technologies” • “Enable automation and orchestration across the enterprise” 9 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
  • 10. AUTOMATION – CHALLENGES 10 | Confidential Defining and maintaining a Zero Trust network involves many security policy changes. Change processes, when done manually, inevitably lead to errors and misconfigurations. • Risk assessment for each proposed change • Multiple disparate teams and stakeholders (security, networking, business owners). With different languages, different objectives. Slow process as even a single change in a complex enterprise environment takes time, X hundreds of changes per month.
  • 11. AUTOMATION – REQUIREMENTS 11 | Confidential Process firewall changes with zero-touch automation Eliminate mistakes and rework Accountability for change requests • Assess impact of network changes to ensure security and continuous compliance • Automate rule-recertification processes • Introduce intelligent change management • Enforce compliance • Deliver automatic documentation across the entire change management lifecycle
  • 14. SEGMENTATION – GUIDANCE “The ability to segment, isolate, and control the network continues to be a pivotal point of control for Zero Trust.” 14 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
  • 15. SEGMENTATION – CHALLENGES 15 | Confidential • Security policy change is slow, taking days or weeks to process in a complex enterprise environment • Change process involves multiple disparate teams and stakeholders (security, networking, business owners) who speak different languages and have different objectives Detection, assessment and decisions about which applications should be segmented and their placement within the Zero Trust network Risk assessment of proposed changes in Zero Trust network Misconfiguratons happen Misconfigurations happen often and introduce unnecessary risks and cause outages that disrupt business operations
  • 16. SEGMENTATION – REQUIREMENTS 16 | Confidential Define and enforce your Zero Trust segmentation strategy inside the data center. Automatic identification of changes that violate the Zero Trust strategy Single pane of glass to manage both cloud and on-premise security controls and segments • Meet compliance requirements • Identify unprotected network flows • Automatic implementation of network security changes • Automatic validation of changes aligned with strategy • Avoid blockage of critical business services.
  • 20. COMPLIANCE – GUIDANCE • “Security teams that have used Zero Trust as a key driver of their strategic security vision have met many compliance requirements with far greater ease.“ • “Segmenting the network frequently reduces the scope of compliance initiatives because many regulations, such as PCI, only have certain data types in scope” • “Zero Trust networks far exceed the security required by compliance directives, and that’s a good thing.” 20 | Confidential Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
  • 21. COMPLIANCE – CHALLENGES 21 | Confidential Managing a Zero Trust network is a significant overhead, more segments you have the more firewalls you need to deploy and manage. Firewall audit preparation process is manual, time consuming and costly. Compliance takes time away from strategic initiatives. Regulations require continuous compliance Compliance documentation is tedious and time consuming
  • 22. COMPLIANCE – REQUIREMENTS 22 | Confidential Instant generation of audit-ready reports for major regulations, including PCI, GDPR, HIPAA, SOX, NERC etc. Generate custom reports for internal compliance mandates Proactive checks of every change for compliance and/or network segmentation violations • Changes to remediate problems and ensure compliance • Audit trail of all firewall changes and approval processes • Easily define allowed traffic between network segments • Support software-defined micro-segmentation on multiple platforms.
  • 25. APIINTEGRATION Business driven Security Management “Advanced API integration available for your team to use for development purposes as well as to integrate other security solutions into your Zero Trust ecosystem.”
  • 26. ZERO TRUST NETWORK - SUMMARY 26 | Confidential Visibility Automation Segmentation API IntegrationCompliance
  • 27. Thank You 27 | Confidential