Embed Size (px)
Citation preview
Win the Cyberwar With Zero Trust
John Kindervag
Field CTO
The Four Levels of War
2 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Grand Strategy (Political)
Grand Strategy - WWII
3 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
The Four Levels of War
4 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Grand Strategy (Political)
Strategy
Strategy - WWII
5 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Strategy - WWII
6 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
The Four Levels of War
7 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Grand Strategy (Political)
Strategy
Tactics
Tactics - WWII
8 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
The Four Levels of War
9 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Grand Strategy (Political)
Strategy
Tactics
Operations
Operations - WWII
10 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
The Four Levels of Cyberwar
11 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Grand Strategy (Political)
Strategy
Tactics
Operations
Cyber Security Grand Strategy:Prevent Data Breaches
13 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
15 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
The Four Levels of Cyberwar
16 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Grand Strategy (Political)
Strategy
Tactics
Operations
Not a Strategy
Source: January 7, 2015, “Forrester's Targeted-Attack Hierarchy Of Needs: Assess Your Core Capabilities” Forrester report
18 | © 2017 Palo Alto Networks. Confidential and Proprietary.
Not a Strategy
Not a Strategy
Not a Strategy
22 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
TRUST
VULNERABILITY
MALICIOUS
Which one goes to the internet?
Untrusted Trusted
Source: October 22, 2014, “No More Chewy Centers: The Zero Trust Model Of Information Security” Forrester report
Zero Trust
Untrusted Untrusted
Source: October 22, 2014, “No More Chewy Centers: The Zero Trust Model Of Information Security” Forrester report
Zero Trust Design Concepts
• Focus on the business outcomes
• Design from the Inside > Out
• Start with the assets or data that need protection
• Determine who or what needs access
• Need to know/Least-privilege
• Inspect and log all traffic
1. Who the President is…2. Where the President is…3. Who should have access to the President…
Zero Trust
Zero Trust is the answer!
The Four Levels of Cyberwar
29 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Grand Strategy (Political)
Strategy
Tactics
Operations
DELIVERING THE NEXT-GENERATION SECURITY PLATFORM
30 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
STRATEGIC PARTNERSHIPS
31 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
EXPANSIVE PARTNER ECOSYSTEM
Virtualization
Cloud
Networking
Mobility
Security Analytics
Enterprise Security
Identity and Access
Management
SD-WAN
Orchestration & Security Automation
Threat Intelligence
Over 120 Technology Integrations
Open APIs
Extensive Ecosystem of Partners Across Multiple Technologies
21st Century Zero Trust Network
CHD
MCAP
DB MCAP
APPS
MCAP
WL MCAP
MGMT
server WWW MCAP
User MCAP
SIM NAVDAN MCAP
Segmentation
Gateway
Micro Core and
Perimeter
Source: November 15, 2012, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture” Forrester report
IPS
Serverfarm
WWW farm
DB farm
IPS
IPSIPS
WAN
WAF
DAM
Augment Hierarchal Networks with Zero Trust
CHD MCAP MGMT
server
WL MCAP
User MCAP
SIM NAVDAN MCAP
Source: November 15, 2012, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture” Forrester report
Public Cloud
PSY Switch
vSwitch
Hypervisor
Virtual Network
VSG
PSG
Security MGMT
PSY MGMT
Virtualization MGMT
PSY SwitchvSwitch
Hypervisor
Virtual NetVSG
Workload
SDD
C
Extend Zero Trust to the Public Cloud
Workload
PA Series NGFW
VM Series NGFW
VM NGFW
Panorama
The Four Levels of Cyberwar
37 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Grand Strategy (Political)
Strategy
Tactics
Operations
Automation and Orchestration
AUTOMATED SECURITY ACTIONS
Threat Prevention logs
Malware and phishing logs
Correlated Event logs
System logs
Data filtering logs
Traps logs
… ...
10.3.4.122 Compromised
Dynamic Address Group
Policy Source Action
Compromised
hosts
Dynamic
Address
Group
Enforce multi-factor
authentication
1. Granular log filtering 2. Automated actions on the NGFW
HT
TP
/S
AUTO-TAG
3. Automated actions on third party systems
Any REST API
Traps and Wildfire C2 alerts on
10.3.4.122
© 2017 Palo Alto Networks, Inc. Confidential
The Four Levels of Cyberwar
40 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Grand Strategy (Political)
Strategy
Tactics
Operations
Rep. Jason Chaffetz on Zero Trust:
“Zero trust would have profoundly limited the attacker’s ability to move within OPM’s network and access such sensitive data.”
Source: Adopting a zero trust cyber model in government: http://federalnewsradio.com/commentary/2016/09/adopting-zero-trust-cyber-model-government/
Thank You
John Kindervag
42 | © 2017 Palo Alto Networks. Confidential and Proprietary.
Field CTO
@Kindervag
