Software Defined Perimeter

  • 1.  Webinar: Using SDP-based Zero Trust to thwart ransomware attacks

    Posted Sep 27, 2021 03:20:00 PM

    Dear Colleagues,
    Ransomware has been a hot topic recently, and for good reason.  You cannot read the weekly news without hearing about a ransomware attack.  Given the importance of the topic, all three co-chairs of the SDP and Zero Trust Working Group (SDP ZT WG) held a webinar on "Using SDP-based Zero Trust to Thwart Ransomware Attacks".  In case you missed the live session, the recording (including Q&A) is located below.
    A special thanks to the aforementioned SDP ZT WG co-chairs: Bob Flores, Jason Garbis and Junaid Islam.

    Using SDP-based Zero Trust to thwart ransomware attacks

    Brighttalk remove preview
    Using SDP-based Zero Trust to thwart ransomware attacks
    Ransomware attacks have continued to increase and have become a major risk for both private and public enterprises. This session will provide an overview of ransomware attacks and the utilization of a SDP-based Zero Trust Architecture as an effective coun...
    View this on Brighttalk >







    ------------------------------
    Shamun Mahmud
    Standards Officer, Sr. Research Analyst
    Cloud Security Alliance
    WA
    ------------------------------



  • 2.  RE: Webinar: Using SDP-based Zero Trust to thwart ransomware attacks

    Posted Sep 29, 2021 12:43:00 AM
      |   view attached
    Good presentation and simple explanation on ransomware, and how identity management prior to network access can mitigate the threat.
    NIST is still looking for public comment on their ransomware approach -  Cybersecurity Framework Profile for Ransomware Risk Management

    I found this mapping to the NIST cybersecurity framework very useful for mapping an organization's maturity in addressing ransomware

    ------------------------------
    Nya Murray
    CEO
    Trac-Car
    ------------------------------

    Attachment(s)



  • 3.  RE: Webinar: Using SDP-based Zero Trust to thwart ransomware attacks

    Posted Oct 04, 2021 02:15:00 PM

    Thank you for sharing, Nya. It's good to know what resources people find helpful.

    Best,



    ------------------------------
    Anna Campbell Schorr
    Training Content Development
    Cloud Security Alliance
    [email protected]
    ------------------------------



  • 4.  RE: Webinar: Using SDP-based Zero Trust to thwart ransomware attacks

    Posted Oct 06, 2021 02:24:00 AM
    Hi Shamun ... great and thanks for sharing.

    I think it would make sense to put some focus on the different Zero-Trust models. I know from John Kindervag that Authentic Zero-Trust - directly to the application layer (L7) is what he defined - not many of the abbreviations that are our there. I fully agree with JK - trust is not a graded scale ... it's binary - its, yes or no. Yet many organisations create a "trust scale" ... like we trust you 80%. Then we are down to thresholds - making us blind for what is not meeting the criteria we setup.

    ... and that's why the FireEye report a year back clarified that only 45% or so ... of all successful malware/ransomware attacks were detected by the 30+ different security solutions these organisations had operational - including a 24/7 SOC operation.

    I know people say ZT is a process - and maybe it is, but when the industry abuse / misuse the original AZT - it becomes a buzz-word that diminish the value of the original purpose of exchanging the implicit trust model with the explicit.

    Am I wrong?

    Cheers,

    ------------------------------
    Niels E. Anqvist
    CEO/President
    ZAFEHOUZE USA / ZAFEHOUZE EMEA
    ------------------------------



  • 5.  RE: Webinar: Using SDP-based Zero Trust to thwart ransomware attacks

    Posted Oct 06, 2021 06:11:00 AM
    Hi Neils, appreciate your point-of-view.  

    I'd have to disagree on Zero Trust being an application layer approach. 

    My view is that as a lot of the data breaches are happening over network, transport and presentation layers, the SDP approach, authenticate at the network layer prior to being allowed access to a DMZ or enterprise protected resources, either on prem or in the cloud, is the safest approach. 

    Totally open to discussion however. Why don't you join us on the Software Defined Perimeter Working Group, as it is a great talking point!

    I am sure that Shamun Mahmud, the CSA steer on the group, would be happy to assist!

    Thanks for your interesting comment. Timely, and thought provoking!

    best

    Nya

    Nya Alison Murray
    Trac-Car Technology
    UK +44 208133 9249
    Australia +61 73040 1637
    Switzerland +41 22548 1747
    ----------------------------------------







  • 6.  RE: Webinar: Using SDP-based Zero Trust to thwart ransomware attacks

    Posted Oct 06, 2021 07:05:00 AM
    Hi Nya,

    Many thanks for your comment. I said John K's original Authentic Zero-Trust was designed to exchange the implicit network based access model to a Layer 7 based explicit access model - and that can be verified. The network and cyber-security industry has "adopted" ZT as a buss-word (in my humble opinion) - and made it fit their world view.

    Not mentioning vendors ... but I've seen plenty ZT?? solutions using "trust scores" as an example - or support for SSO for that matter - and its religion to me at least - I stick to the Authentic Zero-Trust model where trust in binary.

    ... to be honest, I've been wrong many times before :-) ... but in my world (and our solution), I just don't see the reason for Zero-Trust Network Access - as well as I don't see the reason for PKI or any other 3rd party security solution (that just pose a risk) ... and I don't see the reason for 'a cloud based auth. gateway' in the SDP architecture (can be done 'smarter') - I don't see the need for PIM/PAM (why is privileged accounts at all needed) .. I don't see the reason for DLP, CASB etc. etc. In larger organisations I see a need for IAM (20.000 plus employees) .. and you still have to both log & monitor DNS, DHCP, AD etc. (what is fragile) - you still need to correlate securitylogs and do detection and response - and by lowering attack flanks dramatically - you provide your SOC analysts with much better stats and less incident fatigue.

    I could get it completely wrong - but we have a solution that works extremely well and no pen-tester has been able to compromize it - despite trying for a few years. If someone in this audience want to have a go - reach out to me. We don't state we are flawless - but the design has been field tested.

    So, all-in-all, we purposely designed and architectured our solution in another way - but it shares some of the SDP traits.

    Cheers,
    /N

    ------------------------------
    Niels E. Anqvist
    CEO/President
    ZAFEHOUZE USA / ZAFEHOUZE EMEA
    ------------------------------



  • 7.  RE: Webinar: Using SDP-based Zero Trust to thwart ransomware attacks

    Posted Oct 06, 2021 07:44:00 AM
    ..... and I should also mention that we push SDP and ZT very hard over here :-)

    I rather prefer an enterprise purchase another SDP / ZT solution than the hyper-version we have created .. than they continue using a 50-60 year old access technology, that is root-cause to many (if not all) compromizations (all over the world).

    We that can ... have an obligation to show and tell.

    Cheers (again) :-)

    ------------------------------
    Niels E. Anqvist
    CEO/President
    ZAFEHOUZE USA / ZAFEHOUZE EMEA
    ------------------------------