One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1916122 |
| Date de publication | 2020-09-14 11:00:00 (vue: 2020-09-14 12:13:31) |
| Titre | Preparing for Zero Trust and planning your strategy |
| Texte | I listened in on a neat webcast recently, which was jointly produced by AT&T Cybersecurity and Palo Alto Networks: “Preparing for Zero Trust and Planning your Strategy.” Panelists were John Kindervag, Field CTO, Palo Alto Networks, Steve Sekiguchi, Director, AT&T Chief Security Office, Bindu Sundaresan, Director, AT&T Cybersecurity and Tawnya Lancaster, Lead Product Marketing, AT&T Cybersecurity. You can catch the hour long webcast recording here. The webcast focuses on five key areas, and it’s currently available on demand: Who to put on your Zero Trust team to help work toward success What essential factors must be considered ahead of time Where to start when assessing your organization’s readiness for Zero Trust Why Zero Trust strategy and planning must happen from the inside out How to avoid common pitfalls when starting (or continuing) your progression to ZT targets” Here are some of the key nuggets I enjoyed from the webcast. John Kindervag gave a great overview of Zero Trust from his experience over the past 12 years, making a point that Zero Trust is NOT a product, but rather a strategic framework. He also pointed out that Zero Trust is meant to be a straightforward framework that can be broken down to four key design concepts: Focus on business outcomes Design from the inside out Determine who/what needs access (we give too much access to employees who don’t need it) Inspect and log all traffic We in cybersecurity are familiar with the idea of the “attack surface,” and for years cybersecurity professionals have been focused on the macro vision of protecting that attack surface. Zero Trust turns this concept on its head, advocating for security being brought closer to the workload. John suggests organizations should be breaking down the macro attack surface into what he calls the “protect surface,” which is made up of at least one of the following elements: data, applications, assets, or service (DAAS). Organizations should be designing their security architecture to highly secure individual protect surfaces. This accomplishes many things, including limiting the ability of threat actors to move laterally within your network and limiting the blast zone should a breach happen. Zero Trust protections are essentially layer 7 policy, with a single policy for each DAAS element. Data – credit card info, personal info, intellectual property, etc. Apps – CRM, HR, ERP, etc. Assets – IT, IoT, etc. Services – DNS, DHCP, AD, NTP AT&T CSO Director, Steve Sekiguchi, agrees with the importance of establishing highly secure zones through the use of microsegmentation technologies, which include microperimeters or software-defined perimeters (SDPs) that can isolate devices and applications closer to the workload/service being protected. He also suggests there are many other tools for microsegmentation, including next–generation firewalls (NGFWs), network overlays, software–defined network (SDN) integration, host–based agents, virtual appliances, containers, security groups, and more. As with any approach to security, Zero Trust is a journey, and Bindu Sunderesan suggests organizations should consider deploying Zero Trust in phases. Phase 1 begins with identifying the business criticality for Zero Trust and understanding your current security posture. This is especially true for organizations who are considering Zero Trust in the wake of COVID, which most likely drove extensive c |
| Envoyé | Oui |
| Condensat | “as “attack “crown “i “preparing “protect assessment interestingly 500 ability about access accomplishes according actors adoption advocating against agents agrees ahead all along also alto any appliances applications approach apps architecture are areas assessing assessment assets assist at&t at&t’s attack available avoid baby based been before begins being benchmark bigger bindu blast breach breaking broken brought budgets business but calls can card catch changes chief closer cloud colleague common companies compares concept concepts: consider considered considering containers continuing control controls correspond course covid credit critical criticality crm cso cto culture current currently curve cybersecurity daas data defined demand demand: deploying design designed designing determine devices dhcp directed directly director dns doesn’t dollars don’t done down drove each educational element elements: employees enjoyed erp especially essential essentially establishing etc even execution experience experienced explained extensive factors familiar field firewalls five focus focused focuses following four framework free from further gaps gauge gave generation give great groups guide happen has have head help here here’s highly his host–based hour how idea identify identifying impacts imperative implement importance include including individual info infrastructure infused inherently inside inspect integration intellectual iot isolate it’s its jewels john jointly journey just key kindervag lancaster larger laterally layer lead learn least less like likely limiting listen listened log long looks macro made making manage many map marketing matter mature maturity meant microperimeters microsegmentation microsegmentation mitigate moderator more most move much must neat need needs network networks networks: next–generation ngfws not noting ntp nuggets offering offers office one online organization organization’s organizations other out outcomes over overlays overview palo panel panelists party past peers perhaps perimeters personal personally phase phases pitfalls planning point pointed policy posture practices prefer preparation preparing produced product professionals program progression property protect protected protecting protections put quite rather read readiness receive recently recording research resources results risks road rolling sdn sdps secure security see sekiguchi sensitive service services several she should showed showing shows single size small software software–defined some something spent start starting steps steve stogner straightforward strategic strategy strengths study success successfully suggests suggests: sundaresan sunderesan surface surfaces surprised survey susan taking targets” tawnya team technologies than that’s things third thought threat through tightly time too tool tools topic: toward traffic true trust turns understanding undertaking use very virtual virtualized vision wake watch webcast well what when where which whitepaper who who/what why within work working workload workload/service works worth would years you'll your zero zone zones |
| Tags | Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.