Embed Size (px)
Citation preview
Zero Trust Framework for Network Security
Forrester Privacy & Security 2018September 25-26 2018, Washington DC
2 | ConfidentialSource: The Zero Trust eXtended (ZTX) Ecosystem 2018
ZERO TRUST
ZERO TRUST NETWORK FRAMEWORK PRINCIPLES
Visibility
Automation
Segmentation
Compliance
API Integration
3 | Confidential
Definition
Challenges
Requirements
Use Case
CISO
Business Analyst
Network Security Manager
ComponentsAnglesPersonas
VISIBILITY – DEFINITION
• “Visibility is the key to defending any valuable asset”
• “Zero Trust mandates significant investment in visibility”
• “You can’t protect the invisible”
4 | Confidential
Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
You can’t combat a threat you can’t see or understand.
Visibility is essential for achieving Zero Trust
VISIBILITY – CHALLENGES
5 | Confidential
Large and complex heterogenous and hybrid networks
Cisco, Checkpoint, PAN, etc.Multiple firewall
vendors
AWS, Azure, GooglePublic cloud
providers
VMWare NSX, Cisco ACI etc.Private cloud, SDN platforms
VISIBILITY – REQUIREMENTS
6 | Confidential
Full visibility into your entire network
security estate with a live topology map
Single pane of glass to manage cloud,
SDN and on-premise security
controls
Unified management of security policy across hybrid environments
and mixed environments
Discovery and mapping of business application
connectivity requirements to the network infrastructure
?
VISIBILITY – USE CASE
?
VISIBILITY – ANOTHER USE CASE
AUTOMATION – DEFINITION
• “Critical for organizations and S&R leadership to leverage and use tools and technologies”
• “Enable automation and orchestration across the enterprise”
9 | Confidential
Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
AUTOMATION – CHALLENGES
10 | Confidential
Defining and maintaining a Zero Trust network involves many security policy changes.
When done manually, the change process, errors and misconfigurations are inevitable.
• Risk assessment for each proposed change• Multiple disparate teams and stakeholders (security, networking,
business owners). With different languages, different objectives.
Slow process as even a single change in a complex enterprise environment takes time, X hundreds of changes per month.
AUTOMATION – REQUIREMENTS
11 | Confidential
Process firewall changes with zero-touch
automation
Eliminate mistakes and rework
Accountability for change requests
• Assess impact of network changes to ensure security and continuous compliance
• Automate rule-recertification processes
• Introduce intelligent change management
• Enforce compliance
• Deliver automatic documentation across the entire change management lifecycle
?
AUTOMATION – USE CASE
?
AUTOMATION – ANOTHER USE CASE
SEGMENTATION – DEFINITION
“The ability to segment, isolate, and control the network continues to be a pivotal point of control for Zero Trust.”
14 | Confidential
Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
SEGMENTATION – CHALLENGES
15 | Confidential
• Security policy change is slow, taking days or weeks to process in a complex enterprise environment
• Change process involves multiple disparate teams and stakeholders (security, networking, business owners) who speak different languages and have different objectives
Detection, assessment and decisions about which applications should be segmented and their placement within the Zero Trust network
Risk assessment of proposed changes in Zero Trust network
Misconfiguratonshappen
Misconfigurations happen often and introduce unnecessary risks and cause outages that disrupt business operations
SEGMENTATION – REQUIREMENTS
16 | Confidential
Define and enforce your Zero Trust segmentation strategy inside the data
center.
Automatic identification of
changes that violate the Zero Trust strategy
Single pane of glass to manage both cloud and
on-premise security controls and segments
• Meet compliance requirements
• Identify unprotected network flows
• Automatic implementation of network security changes
• Automatic validation of changes aligned with strategy
• Avoid blockage of critical business services.
?
SEGMENTATION – USE CASE
COMPLIANCE – DEFINITION
• “Security teams that have used Zero Trust as a key driver of their strategic security vision have met many compliance requirements with far greater ease.“
• “Segmenting the network frequently reduces the scope of compliance initiatives because many regulations, such as PCI, only have certain data types in scope”
• “Zero Trust networks far exceed the security required by compliance directives, and that’s a good thing.”
18 | Confidential
Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
COMPLIANCE – CHALLENGES
19 | Confidential
Managing a Zero Trust network is a significant overhead, more segments you have the more firewalls you need to deploy and
manage.
Firewall audit preparation process is manual, time consuming and costly. Compliance takes time away from strategic initiatives.
Regulations require continuous compliance
Compliance documentation is tedious and time consuming
COMPLIANCE – REQUIREMENTS
20 | Confidential
Instant generation of audit-ready reports for
major regulations, including PCI, GDPR,
HIPAA, SOX, NERC etc.
Generate custom reports for internal
compliance mandates
Proactive checks of every change for
compliance and/or network segmentation
violations
• Changes to remediate problems and ensure compliance
• Audit trail of all firewall changes and approval processes
• Easily define allowed traffic between network segments
• Support software-defined micro-segmentation on multiple platforms.
?
COMPLIANCE – USE CASE
?
COMPLIANCE – ANOTHER USE CASE
API INTEGRATION
Business drivenSecurity
Management
“Advanced API integration available for
your team to use for development purposes as well as to integrate
other security solutions into your Zero Trust
ecosystem.”
ZERO TRUST NETWORK - SUMMARY
24 | Confidential
Visibility Automation Segmentation API IntegrationCompliance
