Hi Nya,
Many thanks for your comment. I said John K's original Authentic Zero-Trust was designed to exchange the implicit network based access model to a Layer 7 based explicit access model - and that can be verified. The network and cyber-security industry has "adopted" ZT as a buss-word (in my humble opinion) - and made it fit their world view.
Not mentioning vendors ... but I've seen plenty ZT?? solutions using "trust scores" as an example - or support for SSO for that matter - and its religion to me at least - I stick to the Authentic Zero-Trust model where trust in binary.
... to be honest, I've been wrong many times before :-) ... but in my world (and our solution), I just don't see the reason for Zero-Trust Network Access - as well as I don't see the reason for PKI or any other 3rd party security solution (that just pose a risk) ... and I don't see the reason for 'a cloud based auth. gateway' in the SDP architecture (can be done 'smarter') - I don't see the need for PIM/PAM (why is privileged accounts at all needed) .. I don't see the reason for DLP, CASB etc. etc. In larger organisations I see a need for IAM (20.000 plus employees) .. and you still have to both log & monitor DNS, DHCP, AD etc. (what is fragile) - you still need to correlate securitylogs and do detection and response - and by lowering attack flanks dramatically - you provide your SOC analysts with much better stats and less incident fatigue.
I could get it completely wrong - but we have a solution that works extremely well and no pen-tester has been able to compromize it - despite trying for a few years. If someone in this audience want to have a go - reach out to me. We don't state we are flawless - but the design has been field tested.
So, all-in-all, we purposely designed and architectured our solution in another way - but it shares some of the SDP traits.
Cheers,
/N
------------------------------
Niels E. Anqvist
CEO/President
ZAFEHOUZE USA / ZAFEHOUZE EMEA
------------------------------
Original Message:
Sent: Oct 06, 2021 06:11:09 AM
From: Nya Murray
Subject: Webinar: Using SDP-based Zero Trust to thwart ransomware attacks
Hi Neils, appreciate your point-of-view.
I'd have to disagree on Zero Trust being an application layer approach.
My view is that as a lot of the data breaches are happening over network, transport and presentation layers, the SDP approach, authenticate at the network layer prior to being allowed access to a DMZ or enterprise protected resources, either on prem or in the cloud, is the safest approach.
Totally open to discussion however. Why don't you join us on the Software Defined Perimeter Working Group, as it is a great talking point!
I am sure that Shamun Mahmud, the CSA steer on the group, would be happy to assist!
Thanks for your interesting comment. Timely, and thought provoking!
best
Nya
Nya Alison Murray
Trac-Car Technology
UK +44 208133 9249
Australia +61 73040 1637
Switzerland +41 22548 1747
----------------------------------------
Original Message:
Sent: 10/6/2021 5:24:00 AM
From: Niels E. Anqvist
Subject: RE: Webinar: Using SDP-based Zero Trust to thwart ransomware attacks
Hi Shamun ... great and thanks for sharing.
I think it would make sense to put some focus on the different Zero-Trust models. I know from John Kindervag that Authentic Zero-Trust - directly to the application layer (L7) is what he defined - not many of the abbreviations that are our there. I fully agree with JK - trust is not a graded scale ... it's binary - its, yes or no. Yet many organisations create a "trust scale" ... like we trust you 80%. Then we are down to thresholds - making us blind for what is not meeting the criteria we setup.
... and that's why the FireEye report a year back clarified that only 45% or so ... of all successful malware/ransomware attacks were detected by the 30+ different security solutions these organisations had operational - including a 24/7 SOC operation.
I know people say ZT is a process - and maybe it is, but when the industry abuse / misuse the original AZT - it becomes a buzz-word that diminish the value of the original purpose of exchanging the implicit trust model with the explicit.
Am I wrong?
Cheers,
------------------------------
Niels E. Anqvist
CEO/President
ZAFEHOUZE USA / ZAFEHOUZE EMEA
Original Message:
Sent: Sep 27, 2021 03:19:59 PM
From: Shamun Mahmud
Subject: Webinar: Using SDP-based Zero Trust to thwart ransomware attacks
Dear Colleagues,
Ransomware has been a hot topic recently, and for good reason. You cannot read the weekly news without hearing about a ransomware attack. Given the importance of the topic, all three co-chairs of the SDP and Zero Trust Working Group (SDP ZT WG) held a webinar on "Using SDP-based Zero Trust to Thwart Ransomware Attacks". In case you missed the live session, the recording (including Q&A) is located below.
A special thanks to the aforementioned SDP ZT WG co-chairs: Bob Flores, Jason Garbis and Junaid Islam.
Using SDP-based Zero Trust to thwart ransomware attacks
Brighttalk | remove preview |
| Using SDP-based Zero Trust to thwart ransomware attacks | Ransomware attacks have continued to increase and have become a major risk for both private and public enterprises. This session will provide an overview of ransomware attacks and the utilization of a SDP-based Zero Trust Architecture as an effective coun... | View this on Brighttalk > |
|
|
------------------------------
Shamun Mahmud
Standards Officer, Sr. Research Analyst
Cloud Security Alliance
WA
------------------------------