Foundations of Zero Trust - Webinar

Zero Trust for Developers
Why SRE’s are essential for today’s SOC
Brennan Bouchard,
Multi-Domain Architect
Cisco Security
• Review challenges facing security teams
• Introduce Site Reliability Engineering as the force multiplier
Agenda
• Understand the shortcomings of traditional security approaches
• Define Zero Trust & Security Fundamentals
• Piece together throughout the operational lifecycle
• Resources & Next-Steps
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The threat landscape is evolving faster than our approach.
Rapid cloud adoption Applications Growing number of

with multi and hybrid communicating across unmanaged devices
cloud approach on-premise and cloud
By 2021, more than 75% of midsize and 50% increase in the number of applications 55% of organizations do not have an
large organizations will have adopted a supported by an organization over next two accurate inventory of assets3
multicloud and/or hybrid IT strategy1 years2
The result: Limited network visibility and long times to breach detection
The average time to identify a breach in 2020 was 207 days4
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1. Gartner Predicts., 2. IDG Report, August 2019, 3. ZK Research 2019, 4. Ponemon report, 2020
When we trust too much… Malware Bypasses
Perimeter Defenses
Victim clicks phishing email link

Lateral Movement
Pivot to DC, Password Harvesting
Data Encrypted and Exfiltrated
Attack Monetized
So, what went wrong?
Insights from environment were unavailable

Too many threats to properly prioritize the alert
There was little unifying environment visibility,

Friction between teams requiring manual work to get teams on the same page
There was little unifying environment visibility,

Not enough integration requiring manual work to get teams on the same page
Resources weren’t available to orchestrate or automate

Time and talent gap routine security checks to prevent future compromise
Building blocks of every organization
People Tools Process
Simply adding headcount or tools won’t solve the problem.
55% Of customers rely on more than 5

vendors to secure their network1
Capabilities 54% Of legitimate security alerts are not remediated

due to lack of integrated defense systems2
100 days Industry average to

detect common threats3
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco 2017 Annual Cybersecurity Report 2 Cisco 2017 Annual Cybersecurity Report 3 Cisco 2016 Mid-Year Cybersecurity Report
Improve
Monitoring &
Identify Gaps
Break Down
Drive
Organizational
Standardization
Silos
Site
Reliability
Engineer
Blameless Post-
A Different
Automate Triage
Mortems & Root
& Response
Cause Analysis
Approach to Reduce Time to
Security Operations
Detect/Remediate
Applying SRE Practices
to Cybersecurity
• Never assume trust
• Always verify
• Enforce least privilege
Zero Trust
Principles
The CIA Triad
Information Security Fundamentals
Confidentiality
• Make sure it’s UP

Information
• Only those who should see it can Security
• Only those who should edit it can

Integrity Availability
Zero Trust
is maturing
Emergence of regulations
and standards US Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Pillars
Requiring closer integration & coordination than ever.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CISA Applying Zero Trust Principles to Enterprise Mobility – March 2022
What it takes to get Zero Trust right
Zero Trust requirements
Establish Enforce Continuously Respond

Trust Trust-Based Verify Trust to Change
Access in Trust
Zero Trust: Assume Malicious Until Proven Otherwise
Device Compliant
BYoD iPad
User Bob MFA=Bob

Group= IT
Data Clean PDF
Network HTTPS
Encrypted
Native Integrations & SRE Magic TLS 1.3
=Restricted Access
No magic,
continuously
evolving progress
Maturity in
Zero Trust is:
• Continuous Validation
• Real Time Analytics
• Dynamic Policy
• Strong Integrations
• Constant Device Monitoring
• Learning Based Threat Protection
All Built Leveraging

Automation & Orchestration
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential CISA Zero Trust Maturity Model – June 2021
Enabling security across the full app stack
From dev to runtime
Dev CI/CD Deployment Runtime
Application Shift Left Connection & Policy Control

Composition Security API Assessment Governance
Facilitating complete visibility
Know See every Understand Be alerted Respond to

every entity conversation what is normal to change threats quickly
On-premises network
Mobile Users Admin Network Data center Users
Working together to maximize effectiveness
Network User/Endpoint Cloud Edge Application

Secure Firewall Secure Endpoint Umbrella Secure Workload
Secure Network Secure Client Cloud-Delivered Firewall
Analytics
Duo Multi-Factor Secure Cloud Analytics
Cisco+ Secure Connect Authentication
threat Secure Email
intelligence
Risk-Based Vulnerability Management (Kenna) | Secure Malware Analytics
Services: Talos Incident Response | Secure Managed Detection and Response | Identity Services Engine (ISE)
This is only the beginning
Join us for our upcoming webinars in the series
March 23, 2023 April 20, 2023

Achieving Zero Trust: How SSO and MFA Can Maximizing Efficiency and Security with Zero
Help Protect You From Identity Threats Trust Continuous Monitoring and Automation
This session will cover: Attend the session to learn:
• Why verification is important to • Why organizations adopt zero
the zero trust security model trust security methods
• Recommended continuous • Who can benefit from using

authentication practices specific continuous monitoring and
to developers automation tools and strategies
• Instruction on how to use identity Joe Duggan • How security teams are gaining Oxana Sannikova
and verification tools to success after adopting
Product Manager, Multi-Domain Technical
strengthen your security posture automation practices in their
Security Operations, Solutions Architect, Global
own zero trust security
Cisco Zero Trust / Duo Security Architecture Team,
programs
Cisco
Thank you

Foundations of Zero Trust - Webinar

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Foundations of Zero Trust - Webinar

Uploaded by

Copyright:

Available Formats

Zero Trust for Developers

Why SRE’s are essential for today’s SOC

• Introduce Site Reliability Engineering as the force multiplier

• Define Zero Trust & Security Fundamentals

• Piece together throughout the operational lifecycle

• Resources & Next-Steps

Rapid cloud adoption Applications Growing number of

Victim clicks phishing email link

Pivot to DC, Password Harvesting

Data Encrypted and Exfiltrated

Insights from environment were unavailable

There was little unifying environment visibility,

There was little unifying environment visibility,

Resources weren’t available to orchestrate or automate

People Tools Process

55% Of customers rely on more than 5

Capabilities 54% Of legitimate security alerts are not remediated

100 days Industry average to

Approach to Reduce Time to

• Enforce least privilege

• Make sure it’s UP

• Only those who should edit it can

Establish Enforce Continuously Respond

User Bob MFA=Bob

Data Clean PDF

All Built Leveraging

Dev CI/CD Deployment Runtime

Application Shift Left Connection & Policy Control

Know See every Understand Be alerted Respond to

Mobile Users Admin Network Data center Users

Network User/Endpoint Cloud Edge Application

Risk-Based Vulnerability Management (Kenna) | Secure Malware Analytics

March 23, 2023 April 20, 2023

• Recommended continuous • Who can benefit from using

You might also like