Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11....
Transcript of Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11....
![Page 1: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/1.jpg)
Zero Trust SecurityGetting the most out of Microsoft 365
![Page 2: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/2.jpg)
Two truths for all businesses
There is at least one employee in every organization who will click on anything.
Employees are busy —getting their jobs done is top-of-mind, and inefficient processes frustrate them.
![Page 3: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/3.jpg)
Legacy, perimeter-centric models of information security are of no use in today’s digital businesses
Forrester Research 2017
“
![Page 4: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/4.jpg)
4
Legacy Perimeter Model Assumptions
Company ServersDMZ & Semi-Secure Network
Remote Users, Partners & Mobile
Low Privileged User Devices
Admin Devices
Fatal Assumptions• All risks are external• Users & devices are not transient• Internal systems are never compromised• Assumes no malicious users• Assumes no malware or phishing
Outside (Untrusted/Less Trusted) Inside (Trusted)
![Page 5: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/5.jpg)
The Kill Chain
![Page 6: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/6.jpg)
6
Lateral Movement Exploitation and Exfiltration
![Page 7: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/7.jpg)
7
Real World Incidents –Phishing Attack Disables Organization
![Page 8: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/8.jpg)
8
New School Cloud-Based Attack Swipes Payroll
Social Engineering
Attacker calls pretending to be Microsoft Support to prep them for critical email. Sends phishing email.
Oauth Trust
User is prompted to trust a “Microsoft Support” app request. It establishes Web API access to users account.
Trusted User Phishing
Attacker sends email from breached user to HR claiming problems opening paystub. PDF contains malicious payload.
HR User Breached
Live off the land attack launched via javascriptembedded in PDF. Powershell is executed behind the scenes to launch next phase.
Payroll Attack
Using HR employee’s SSO access to HR App, direct deposit information is changed.
![Page 9: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/9.jpg)
9
Why a new approach?
Compromised identity is the root of most breaches
Low privileged accounts are exploited to move laterally from device to device, then escalate to high privileges to accomplish mission
Most organizations address North / South threats, but not East / West
Cloud apps, mobile users, laptops, work from home, B2C, and B2B all go beyond the firewall which leads to blind spots and shadow IT
![Page 10: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/10.jpg)
10
Five Tenets of Zero Trust
Access must be earned by all devices every time
1Ensure all data and resources are accessed securely
2User and device location should not decrease security
3Least-Privileged Access and strictly enforced access controls
4Log everything to an immutable destination
5
11
![Page 11: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/11.jpg)
11
Advantages ofZero Trust
Makes lateral breach movement
harderUsers get a unified
experienceAdds consistent
security controls for all endpoints
Removes complexity of solving for both
on-prem and external access
Security is persistent, even if
data is shared externally
Removes need for certain complexities
such as DMZ and VPN in many
scenarios
Enables Digital Transformation by removing security
barriersSay “Yes” more
![Page 12: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/12.jpg)
12
Zero Trust Myths & Misconceptions
You need Zero Trust-
specific products
1You need
entirely new skillsets
2You
must allow BYOD
3
![Page 13: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/13.jpg)
13
Modern Pyramid of Zero Trust Management
Data
Application
Device
Network
Identity
Prioritize & SolveUpwards
![Page 14: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/14.jpg)
14
Control Framework Example
Control Framework
Information Protection
Activity Monitoring
Firewall
Systems Management
Intrusion Detection
Access Control
Content Filtering
![Page 15: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/15.jpg)
Applied Zero Trust
![Page 16: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/16.jpg)
16
Example - Access HR File on SharePoint on Prem w/ iPad
• Containers• Managed Browser• SSO• Sec Policies• Lookout Security
Enroll iPad with Intune
• Ad Hoc SSL Tunneling
• Conditional Access
Azure App Proxy
• Authentication risk policy
• Multi-Factor Auth• Compromised
Account Detection
Risk Based Authentication
• User and Device Behavior Analytics
• Intrusion Detection
Advanced Threat Analytics
• Data Protection• Access Audit Log• Travel-anywhere
access controls• Revocation
Azure Information Protection
• Provides complete event correlation and immutable logs
Azure AD Security Logging
![Page 17: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/17.jpg)
17
The Zero Trust Implementation Process
Identify and Classify
Data
1Map
Sensitive Data Flow
2Define Control
Framework
3Enforce Access Control
4Continuously
Monitor
5
![Page 18: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/18.jpg)
Relevant Tools for Zero Trust Methodology
![Page 19: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/19.jpg)
19
3 Class, Classification Rule: Try To Keep It Simple
![Page 20: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/20.jpg)
20
Example of a network scanner to identify content locations
![Page 21: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/21.jpg)
21
Typical Zero Trust Feature Spread
Identity & Access Management
Systems Management Information Protection Monitoring and
Alerting
Multi-factor authentication Single sign on Risk-based access controls Privileged Account Escalation
Processes Conditional Access to Cloud
and On-Premises Applications
Mobile device management
Systems management Update deployment Endpoint protection Unapproved device
controls Disk encryption
Automatic file classification and encryption
Secure external data sharing
Encrypted email Cloud-based data loss
prevention Application & data
containerization
Intrusion and threat detection
Compromised account detection
Compliance and policy driven alerts
Shadow IT detection Next-gen Firewall
![Page 22: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/22.jpg)
22
Microsoft 365
![Page 23: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/23.jpg)
23
Aligned Layers of Protection
Identity
Network
Device
Application
Data
• Multi-Factor Auth, Azure Identity Protection, Azure Privileged Identity Management, MIM
• Advanced Threat Analytics
• Azure App Proxy
• Intune Device Management, Intune MAM, AppLocker, Cloud App Security
• Cloud App Security
• Azure Information Protection, Azure Rights Management, Data Loss Prevention
![Page 24: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/24.jpg)
2424
Office 365 Hardening & Secure Score
• Baseline — discover your starting point: where you are today.
• See where you should be — target objectives are based on industry best-practices.
• Visualize gaps — see the actions that will improve posture.
• Execute the actions list — implement the action items (like a punch list).
• See the improved score — your score increases to reflect your progress.
An effective way to communicate security state to your business stakeholders!
March 23, 2020
![Page 25: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/25.jpg)
25
Improvement Actions
• View settings — shows you what/who’s impacted, and advice for user impact.
• Resolved thru 3rd party —helpful if you use RSA for MFA.
• Ignore — your business makes the decision that the improvement action item is not suitable for your environment.
![Page 26: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/26.jpg)
26
Setting Your Goal —Catapult’s Recommended Best-Practice
• Regulated Records = 600+FERPA, CUI, CJIS, HIPAA, PCI
• Sensitive Records = 500+PII, Bank Accounts, Tax Information
• Non-Sensitive Records = 350+Non-sensitive information, Internal-Only
Practical Best-Practice
![Page 27: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/27.jpg)
Summarizing Zero Trust
![Page 28: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/28.jpg)
28
Summary and Zero Trust Take-Aways
Zero Trust is a journey,
not a destination
1It’s not about what tools you buy, but how you use them
2It’s about
moving away from white
lists
3Geographic
location or IP address should
never lower your security requirements
4Zero Trust
can improve user
experience
5Zero Trust
enables you to say yes more
6
![Page 29: Zero Trust Securitypages.catapultsystems.com/rs/998-YNO-494/images/Zero... · 2020-04-28 · 11. Advantages of Zero Trust. Makes lateral breach movement harder. Users get a unified](https://reader034.fdocuments.in/reader034/viewer/2022042307/5ed2e1834768b17a6774243e/html5/thumbnails/29.jpg)
Q & A
Ed Higgins, cissp, cism, cgeitSecurity and Compliance SolutionsCatapult Systems [email protected]