Why A Zero Trust Mindset - Kuppingercole
1y ago
21 Views
1 Downloads
3.15 MB
15 Pages
Report/dmca
Download PDF

Transcription

Why a Zero Trust Mindsetdrives an Identity CentricSecurity StrategyYuval Moss - VP Identity SecurityYuval MossVP Identity Security1

IDENTITY IS THE NEW SECURITY BATTLEGROUNDDIGITALTRANSFORMATIONCHANGINGNATURE OFPRIVILEGEINCREASEDTHREATS2

ATTACKERS KEEP INNOVATING

THE FUNDAMENTAL NATURE OF RANSOMWARE1. DELIVERY Exploit configuration gaps, access weaknessesand peopleExecute [with Elevated Privileges] Escalate privilegesHarvest CredentialsPerform Lateral Movement Disable security defencesMaximise ImpactExecute read/write access to dataCYBER-ATTACK CHAIN 2. PROPAGATION3. ACTION ON OBJECTIVES4. DEMAND RANSOM4

STAGE 1STAGE 2O r i o n S o f t w ar eP i p e l i ne I n f e c ti o nT a r g e t S o l a rW in d sC u s t o me rsSTAGE 3S O L A R W IND S A T T A C K C H A I NPr i v i l ege E s ca la tiont o H i gh V a l ue A s s e ts

A BRIEF SYNOPSISSOLARWINDS IS CONNECTED EVERYWHERE. SolarWinds Inc. is an American company that develops software forbusinesses to help manage their networks, systems, and informationtechnology infrastructureVMware AdminRouter Admin Orion Software: The Orion Software is an infrastructure monitoring andSwitchplatformAdmin designed to simplifyFWITAdminDomain Adminmanagementadministration for on-premises,hybrid, and software as a service (SaaS) environmentsSAN Admin Dec. 8th 2020: FireEye discovered a supply chain attack trojanizingSolarWinds Orion software updates in order to distribute malware After a thorough investigation, the attack revealed itself to be a part of aglobal intrusion campaign utilizing a supply chain attack vector The attack involved highly sophisticated and extremely evasive attacktechniques; speculation points to a Russian nation state attack This campaign impacted global organizations, both public and private;however the U.S. government and its interests were the primary target,specifically the U.S. Department of Commerce, The Department of theTreasury and U.S. Department of Homeland Security6

EXCHANGE BREACH: TRUST AND IDENTITYVulnerabilities allow “an unauthenticated attacker toexecute arbitrary code on vulnerable Exchange Servers,enabling the attacker to gain persistent system access.Successful exploitation may additionally enable theattacker to compromise trust and identity ”

TECHNOLOGY CHANGES. ATTACK PATHS DON’T.Credential Theft, Lateral Movement and Privilege EscalationEstablish Persistence and Execute on ObjectiveRansomwareRemote VendorInternalAttackerIT erRobotInternalAttackerApplicationMS Exchange ZeroDay Vulnerabilities

ADOPT AN “ASSUME BREACH” MENTALITYINFRASTRUCTURE & PLATFORMSHybridMulti-CloudOn-Prem AppsAPPS & ENDPOINTSEndpoints &Virtual DesktopsCloud AppsMobile AppsCODE & AUTOMATIONOn-Prem APIsRPA &WorkflowsCloud APIsDON’T ASSUME IDENTITIESCAN BE TRUSTEDIT AdminsDevOpsBots / APIsVendorsEmployeesCustomers9

IDENTITY IS THE ONLY COMPREHENSIVE CONTROL PLANEINFRASTRUCTURE & PLATFORMSHybridMulti-CloudOn-Prem AppsAPPS & ENDPOINTSEndpoints &Virtual DesktopsCloud AppsMobile AppsCODE & AUTOMATIONOn-Prem APIsRPA &WorkflowsCloud APIsACCESS CONTROLS BASED ON CONTEXT, RISK,AND LEAST AMOUNT OF PRIVILEGE NEEDEDIT AdminsDevOpsBots / APIsVendorsEmployeesCustomers10

RISING ADOPTION OF ZERO TRUST88% of security leaders say transitioning to Zero Trust is “important” or “very important”— CISO View 2021 Survey1Verify Every Identity2Validate Every Device3Intelligently Limit Privileged AccessMonitor, Analyze, & Adapt to Risk11

IDENTITY SECURITY DEFINITIONAdminsDevOpsApps / RobotsWorkforce3rd PartyCustomersIDENTITY Y USER &THEIR DEVICESJUST IN TIMEJUST ENOUGHPRIVILEGESECURE &MONITORALL ACCESSRECORD ORAUDIT pelinesSaaSIaaS / PaaS12

IDENTIFY YOUR ATTACK PATHS AND HIGH RISK ACCOUNTSSearchSearch“CyberArk DNA”“CyberArk CloudEntitlements Manager”13

BUILD YOUR IDENTITY SECURITY ROADMAP-When implementing new technologies andconsidering how these are secured, do you take anassume breach approach? What would happen if anidentity is hijacked, what then?-When looking at the flow of providing access tocritical assets, do you have all the controls in place toreduce this risk and ensure accountability?(e.g. Adaptive MFA, Entitlement/authorizationmanagement, Privilege Access Management, SecretsManagement, Session Isolation and Recording?)Search“CyberArk Blueprint”14

THANK YOUYuval Moss - VP Identity SecurityYuval MossVP Identity Security15

SolarWinds Orion software updates in order to distribute malware After a thorough investigation, the attack revealed itself to be a part of a global intrusion campaign utilizing a supply chain attack vector The attack involved highly sophisticated and extremely evasive attack techniques; speculation points to a Russian nation state attack

Related Books

THINK LEARN SUCCEED

THINK LEARN SUCCEED

IBM Security Zero Trust Blueprints - TD SYNNEX

IBM Security Zero Trust Blueprints - TD SYNNEX

A Guide to the Fixed Mindset v The Growth Mindset

A Guide to the Fixed Mindset v The Growth Mindset

Principles to Enterprise Mobility - CISA

Principles to Enterprise Mobility - CISA

Zero Trust - Deloitte

Zero Trust - Deloitte

Mindset - Dweck Carol

Mindset - Dweck Carol

Mindset: The New Psychology of Success - Edelweiss MF

Mindset: The New Psychology of Success - Edelweiss MF

Mindset: A Key to Student Motivation

Mindset: A Key to Student Motivation

Danger and Play MAGA Mindset Lifestyle and Politics 2016

Danger and Play MAGA Mindset Lifestyle and Politics 2016

Inspire a POSITIVE Growth Mindset in Your Students and .

Inspire a POSITIVE Growth Mindset in Your Students and .

INTRODUCING A MINDSET INTERVENTION TO IMPROVE

INTRODUCING A MINDSET INTERVENTION TO IMPROVE

Growth Mindset Lesson Plan ( additional activities)

Growth Mindset Lesson Plan ( additional activities)

PopularTags

Recent Views