Accomplishing Zero Trust Security Using SDP

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

the network perimeter used to be a well-defined demarcation between what we considered trusted and untrusted networks a firewall typically sat at the edge of the network to block or allow traffic based on static policies inside of users were typically given a greater level of trust to critical resources because it was assumed that they could be trusted but business migration to the cloud advanced verses and threats and a mobile workforce has made the perimeter more fluid than ever and just as our threats and networks have evolved so most our defense models zero trust security is an architecture for today's networks new technologies like software-defined perimeter have finally brought the concept into reality I'm Andy with the Cecil perspective and today we're gonna look at accomplishing zero trust security using SDP zero trust is a security model in which we throw out the idea of trusting anyone or anything based on where they sit on the network instead every single connection attempt is verified until Trust can be established resources are completely hidden from the network leaving unauthorized users and devices segmented from even seeing anything else on the network verification involves a human and machine element before trust can be established the human element involves verifying the user is who they say they are through authentication and that they have the permission to the resource they are requesting through authorization while this verifies the person we also need to know that they're coming from a trusted device that has not been compromised and that's where machine verification comes in by verifying the machine or device or users connecting on we limit the exposure a compromised machine could have to sensitive data and prevent lateral movements across the network once Trust has been established through the verification process we now have access to the resource we requested and nothing else because zero trust security is built around the concept of need-to-know I would only have access to the resource that I need and nothing else until the new request goes through the same process in a zero trust security model the network is in a constant dynamic state of verifying users and devices this means that if a verified user is compromised the Machine verification would fail and their access to the resource would be immediately cut off an untrusted device is completely shut off from the rest of network to prevent data exfiltration and lateral movement because zero trust security is just a model there's many products and technologies that can help us get there a relatively new technology known as software-defined perimeter or SDP helps carry out many of the zero trust principles on your network STP borrows ideas from Sdn and building out the zero trust net and there's three main components you need to know the SCP client the controller and the Gateway the SCB klein is usually software installed on the endpoint which handles a wide range of functions including device verification and tunnel setup - the STP gateway the device verification usually includes UBA or EDR features that monitor the endpoint for various behaviors that could be indicative of a compromised machine some example can be things like registry changes unusual network traffic and indicators of compromise the SDP controller functions as a trust between the client and the back-end resource the controller ties into your IBM solution to authenticate and check authorization for any given request the authentication could come in the form of PKI open ID sam'l Active Directory or many other forms the controller also carries a CA which sets up an encrypted tunnel between the client to the remote resource the key thing here is that the controller only provides access for the specific resource a client is requesting and has authorization for the third component of SDP is a gateway this grants access to the previously private and unknown resource this is also the termination point for the TLS connection between the client once a gateway confirms with the controller that a client can access the given resource the connection to the application is allowed the main difference between an SDP connection and say an acts Ellucian is an ACK usually stops at layer 2 the SDP controller and Gateway operate all the way up through layer 7 this means that a user can be authorized to access application a on server one but not applications B or C running on that same server in SDP an unauthorized user wouldn't even be able to see that there are any other applications running on that server without being authorized first by comparison an authorized user in an AK design can't see anything else on the network which doesn't prevent ladder of movement so let's put it all together and simulate how STP works in our example a user with an STP client running on their machine clicks on an application in their desktop this sends out what's called a single packet authorization the SP a packet includes an encrypted key which the SP controller uses to identify and authenticate who the user is an encrypted tunnel is established between the user and the STP controller using PKI which a controller then uses for authentication authorization and device integrity the controller then sends the IP information of the STB client to the stp gateway this allows a gateway to know ahead of time that it should expect the connection from the STP client from there the SCP client initiates a TLS connection to the Gateway which then allows a client to run the application through that tunnel now all the while STP clients and gateways are communicating to the controller and exchanging information if a client's key is compromised or invalid its connection is immediately blocked off and all visibility to application to our server on the network is cut off if a machine is showing signs of being compromised it would no longer be considered trusted and also immediately cut off from the network and access to any resources the entire goal of STP is to prevent Network attacks against applications but there are several other advantages to using SCP in your network including confidentiality via encrypted tunnels das protection using TLS anti das tokens in the STP protocol location protection lateral movement information office keishon Incident Response segmentation and quarantine in security we're always looking to disrupt the kill chain of an attacker by implementing multiple layers of security if you saw my last video titled breaking the kill chain you'll immediately notice that the zero trust and STP models can severely disrupt an attack in multiple layers of the kill chain zero trust does not reveal any information about the network or its resources without first going through the verification process this limits the information an attacker can grab during the reconnaissance phase the dynamic nature of constantly verifying the Machine using the FTP client can detect unusual activities during the installation and command and control phase and of course the need-to-know printable is applied throughout this entire zero trust model limit to what an attacker can do during the actions on objectives phase so that does it for this video guys and I hope everyone found it informative I will be launching the CSO perspective comm very soon where you can send in your cyber security questions and suggestions for new videos until then you can reach me at the seaso perspective at gmail.com please remember comment hit like subscribe to stay on top of our latest releases here at the seaso perspective

Info

Channel: The CISO Perspective

Views: 14,907

Rating: 4.9802957 out of 5

Keywords: zero trust, security models, cybersecurity, infosec, software defined, software defined perimeter, sdp, beyondcorp, kill chain, information security, Next-gen firewall, ngfw, Palo Alto, Fortinet, checkpoint, firepower, firewall, sizing, firewall sizing, netsec, network security, versa, asa, Cisco, Pan, juniper, advanced threat protection, fortigate, incident response, Zero day, 0 day, malware, virus, nss, intrusion prevention, ciso

Id: _yGGZj9wkaU

Channel Id: undefined

Length: 6min 24sec (384 seconds)

Published: Fri Mar 15 2019