Scribd Logo
Upload

Welcome to Scribd!

  • Kindervag Zero Trust Network Arch v2

    Uploaded by

    Buff3tt
    6 views44 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    6 views44 pages

    Kindervag Zero Trust Network Arch v2

    Uploaded by

    Buff3tt

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 44

    Deconstructing the Traditional Network

    Edge FW

    IPS

    Core
    Email WCF WAF VPN DAM DLP DB ENC

    Distribution IPS IPS

    WLAN FW FW
    GW
    NAC
    Access
    Re-Building the Secure Network
    FW

    WLAN
    GW
    IPS
    CRYPTO AM CF
    WAF

    NAC

    Email
    FW IPS AC
    WCF

    DAM
    Packet Forwarding Engine
    DLP
    DB ENC
    VPN
    Segmentation Gateway

    NGFW
    Very High
    Speed FW
    Multiple 10G
    Interfaces
    Builds Security
    into the
    Network DNA AC
    Zero Trust Drives Future Network
    Design
    MCAP – Micro Core and
    Perimeter
    MCAP resources have
    similar functionality
    and share global policy User MCAP
    attributes
    MCAPs are centrally
    managed to create a WWW MCAP
    unified switching fabric
    Management =
    Backplane MGMT
    server
    Zero Trust Drives Future Network
    Design
    All Traffic to and from
    each MCAP is
    Inspected and Logged

    User MCAP

    WWW MCAP

    MGMT SIM NAV


    server
    DAN MCAP
    Zero Trust Network is Platform Agnostic
    and VM Ready
    Creates VM friendly L2
    Segments
    Aggregates Similar VM
    Hosts
    User MCAP
    Secures VMs by Default

    MGMT SIM NAV


    server
    DAN MCAP WWW MCAP
    What about fabrics?

    © 2009 Forrester Research, Inc. Reproduction Prohibited


    A Traditional Hierarchical Network Will
    Evolve To A Flatter, Meshed Topology

    Source: December 2010 “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network”
    A Traditional Hierarchical Network Will
    Evolve To A Flatter, Meshed Topology

    Source: December 2010 “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network”
    Zero Trust Network Architecture is
    Fabric Friendly

    Source: December 2010 “The Data Center Network Evolution: Five Reasons This Isn’t Your Dad’s Network”
    Zero Trust Multi-Dimensionality
    Zero Trust Data Identity: Treat data as if it’s living

    User identity Application


    (UID) identity (AID)
    Network
    Transport
    User Application
    Identity
    Generates Generates
    Context
    traffic traffic
    Data
    Information

    Data
    •Location Data identity
    •Classification (DID)
    •Type
    Zero Trust Multi-Dimensionality
    Zero Trust Data Identity: Treat data as if it’s living

    Network
    Transport

    User Application Data


    Monitored
    via DAN/NAV

    User identity Application Data identity


    (UID) identity (AID) (DID)

    Context Identity
    Trust But Verify
    Verify and Never Trust
    Summary
    • Make the Network and Enforcement Point
    • Zero Trust — “Verify and never trust!”
    • Inspect and log all traffic.
    • Design from the inside out.
    • Design with compliance in mind.
    • Embed security into network DNA.

    UNTRUSTED UNTRUSTED
    Thank you

    John Kindervag
    +1 469.221.5372
    jkindervag@forrester.com
    Twitter: Kindervag
    www.forrester.com

    © 2009 Forrester Research, Inc. Reproduction Prohibited

    You might also like