Win the Cyberwar With Zero Trust - Lockdown 2017 · 2017-07-25 · Win the Cyberwar With Zero Trust...

Post on 13-Mar-2020

2 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

Win the Cyberwar With Zero Trust

John Kindervag

Field CTO

The Four Levels of War

2 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Grand Strategy (Political)

Grand Strategy - WWII

3 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

The Four Levels of War

4 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Grand Strategy (Political)

Strategy

Strategy - WWII

5 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Strategy - WWII

6 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

The Four Levels of War

7 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Grand Strategy (Political)

Strategy

Tactics

Tactics - WWII

8 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

The Four Levels of War

9 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Grand Strategy (Political)

Strategy

Tactics

Operations

Operations - WWII

10 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

The Four Levels of Cyberwar

11 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Grand Strategy (Political)

Strategy

Tactics

Operations

Cyber Security Grand Strategy:Prevent Data Breaches

13 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

15 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

The Four Levels of Cyberwar

16 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Grand Strategy (Political)

Strategy

Tactics

Operations

Not a Strategy

Source: January 7, 2015, “Forrester's Targeted-Attack Hierarchy Of Needs: Assess Your Core Capabilities” Forrester report

18 | © 2017 Palo Alto Networks. Confidential and Proprietary.

Not a Strategy

Not a Strategy

Not a Strategy

22 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

TRUST

VULNERABILITY

MALICIOUS

Which one goes to the internet?

Untrusted Trusted

Source: October 22, 2014, “No More Chewy Centers: The Zero Trust Model Of Information Security” Forrester report

Zero Trust

Untrusted Untrusted

Source: October 22, 2014, “No More Chewy Centers: The Zero Trust Model Of Information Security” Forrester report

Zero Trust Design Concepts

• Focus on the business outcomes

• Design from the Inside > Out

• Start with the assets or data that need protection

• Determine who or what needs access

• Need to know/Least-privilege

• Inspect and log all traffic

1. Who the President is…2. Where the President is…3. Who should have access to the President…

Zero Trust

Zero Trust is the answer!

The Four Levels of Cyberwar

29 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Grand Strategy (Political)

Strategy

Tactics

Operations

DELIVERING THE NEXT-GENERATION SECURITY PLATFORM

30 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

STRATEGIC PARTNERSHIPS

31 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

EXPANSIVE PARTNER ECOSYSTEM

Virtualization

Cloud

Networking

Mobility

Security Analytics

Enterprise Security

Identity and Access

Management

SD-WAN

Orchestration & Security Automation

Threat Intelligence

Over 120 Technology Integrations

Open APIs

Extensive Ecosystem of Partners Across Multiple Technologies

21st Century Zero Trust Network

CHD

MCAP

DB MCAP

APPS

MCAP

WL MCAP

MGMT

server WWW MCAP

User MCAP

SIM NAVDAN MCAP

Segmentation

Gateway

Micro Core and

Perimeter

Source: November 15, 2012, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture” Forrester report

IPS

Serverfarm

WWW farm

DB farm

IPS

IPSIPS

WAN

WAF

DAM

Augment Hierarchal Networks with Zero Trust

CHD MCAP MGMT

server

WL MCAP

User MCAP

SIM NAVDAN MCAP

Source: November 15, 2012, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture” Forrester report

Public Cloud

PSY Switch

vSwitch

Hypervisor

Virtual Network

VSG

PSG

Security MGMT

PSY MGMT

Virtualization MGMT

PSY SwitchvSwitch

Hypervisor

Virtual NetVSG

Workload

SDD

C

Extend Zero Trust to the Public Cloud

Workload

PA Series NGFW

VM Series NGFW

VM NGFW

Panorama

The Four Levels of Cyberwar

37 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Grand Strategy (Political)

Strategy

Tactics

Operations

Automation and Orchestration

AUTOMATED SECURITY ACTIONS

Threat Prevention logs

Malware and phishing logs

Correlated Event logs

System logs

Data filtering logs

Traps logs

… ...

10.3.4.122 Compromised

Dynamic Address Group

Policy Source Action

Compromised

hosts

Dynamic

Address

Group

Enforce multi-factor

authentication

1. Granular log filtering 2. Automated actions on the NGFW

HT

TP

/S

AUTO-TAG

3. Automated actions on third party systems

Any REST API

Traps and Wildfire C2 alerts on

10.3.4.122

© 2017 Palo Alto Networks, Inc. Confidential

The Four Levels of Cyberwar

40 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Grand Strategy (Political)

Strategy

Tactics

Operations

Rep. Jason Chaffetz on Zero Trust:

“Zero trust would have profoundly limited the attacker’s ability to move within OPM’s network and access such sensitive data.”

Source: Adopting a zero trust cyber model in government: http://federalnewsradio.com/commentary/2016/09/adopting-zero-trust-cyber-model-government/

Thank You

John Kindervag

42 | © 2017 Palo Alto Networks. Confidential and Proprietary.

Field CTO

jkindervag@paloaltonetworks.com

@Kindervag

Top related

The Intersection of Law and Ethics in Cyberwar: Some ...
Documents
GCC eGov Cyberwar, Cybercrime Risks and Defences 2010
Business
Cyberwar: Pentagon Takes on Cyber Enemies, Other Agencies
Documents
KiKrieg HtHeute: It tiInterventionen, Drohnen, Cyberwar · 2014-05-18 · KiKrieg HtHeute: It tiInterventionen, Drohnen, Cyberwar Presented by Subrata Ghoshroy Massachusetts Institute
Documents
Valuendo cyberwar and security (jan 2012) handout
Technology
How to Win the Zero Moment of Truth - iCrossing and Google Webinar
Business
FROM A ZERO-SUM TO - Migration Policy Institute€¦ · FROM A ZERO-SUM TO A WIN-WIN SCENARIO? Literature Review on Circular Migration ... return with the two ingredients deemed critical
Documents
[CYBERWAR & CYBER DEFENCE] - PAN AMP · 12/9/2009  · Cyberwar: Weingarten Modell, including a level ranking to the seriousness of a cyberwar. [Speech-SecDef-Page 8_20091209] The
Documents
Valuendo cyberwar and security (okt 2011) handout
Technology
There WIll Be Cyberwar
Devices & Hardware
Cyberwar and Weapons of Mass Corruption
Documents
Cyberwar - Is India Ready
Technology
From Zero to Hero: How mobile video can help you win the Zero Moment of Truth
Business
Cyberwar Between US and China in 2020
Documents
How to win the zero moment of truth marketing strategies (Zmot infographic)
Technology
Cyberwar - is India ready - wirc-icai.org · • Cyber Surveillance Advisor –Cyber ... Open Security Alliance Cyberwar -Is India Ready 28 th Regional ... Blind_Man___elephant.ppt&filename=Blind_Man
Documents
20131207 Dineshobareja Cyberwar Isindiaready Distributionver1 131208124917 Phpapp02
Documents
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Technology
CyberWar e CyberTerr
Documents
A Cyberwar of Ideas? Deterrence and Norms in Cyberspace
Documents

Copyright © 2018 DOCUMENTS