Transcription
IBM SecurityZero Trust BlueprintsSecure the Journey to Cloud1
Today’s Speakers & AgendaBrett Scott Tech DataDirector of Security Training and EnablementBrett.Scott@techdata.com What is Zero Trust? Why Zero Trust to Secure the Hybrid Workforce?Jason Keenaghan IBMZero Trust Strategy Leaderjkeenagh@us.ibm.com Challenges to Secure the Hybrid Workforce. IBM Zero Trust Blueprint to Secure the HybridWorkforce.2
Zero Trust ExperienceDo not trust anything inside or outsidenetwork perimeters
Participant Experience The principle steps necessary to protectapplications, systems and controls The importance of privileges in extending access forusers, systems, and applications How to define and implement governance andpolicies for your Zero Trust framework Design and implement monitors to sustain your ZeroTrust
Pillars of Security Workforce SecurityDevice SecurityWorkload SecurityNetwork SecurityData SecurityVisibility & AnalyticsAutomation & OrchestrationCloud / Hybrid Cloud SecurityWorkforce SecurityDevice SecurityWorkload SecurityNetwork SecurityData SecurityAnalyticsOrchestration
The Why Behind Zero Trust Organizations can no longer focus exclusively on external cybersecuritydefenses Strategies must: Accept the realities of breachesMalicious insidersEmbedded backdoors in technologies from the supply chainCompromised vendor/customer/contractor/partner networks and systemsSecurity realities when utilizing cloud providers and third-party services Methodologies must: Adapt to a "security over time strategy" rather than just a real-time windowInclude recurring audits of applications/devices/logsA long-term data logging strategy facilitating auditsLimiting network access
The Why Behind Zero TrustIn a traditional castle-and-moat security approach, organizations focus on defending theirperimeters and assume that every user inside a network is trustworthy and cleared foraccess.The vulnerability with this approach is thatonce an attacker or unauthorized user gainsaccess to a network, that individual has easyaccess to everything inside the network.In the zero-trust model, no user is trusted, whetherinside or outside of the network. The zero-trust modeloperates on the principle of 'never trust, alwaysverify'.Expecting the perimeter to prevent intrusions has proven to be impossible to date. Theconsensus is that organizations should assume breaches and focus on detection and mostimportantly limiting access to organization assets.
Zero Trust A security concept centered on the belief that organizationsshould not automatically trust anything inside or outside itsperimeters. Instead, they must verify anything and everything trying toconnect to its systems before granting access. The philosophy behind a zero-trust network assumes that thereare attackers both inside and outside of the network, so no usersor machines should be automatically trusted.
The What Behind Zero TrustNo automatictrust Instead organizations must verifyeverything before trying to connect toits systems before granting access.New risk: Compromised at homeRemote workers, Return to Office bringing infectionscloud, hybrid
Zero TrustPrinciples of zero trust networks
Principle: Leastprivilege access Giving users only as much accessas they need, like an armygeneral giving soldiersinformation on a need-to-knowbasis. This minimizes each user’sexposure to sensitive parts ofthe network.Workforce Security
Principle:Microsegmentation The practice of breaking up security perimetersinto small zones to maintain separate access forseparate parts of the network. For example, a network with files living in asingle data center that utilizes microsegmentation may contain dozens ofseparate, secure zones. A person or program with access to one ofthose zones will not be able to access any ofthe other zones without separateauthorization.Device SecurityNetwork SecurityWorkforce Security
Principle:Multi-factorauthentication MFA simply means requiring more than one piece of evidenceto authenticate a user: Just entering the right password is not enough to gainaccess. A commonly seen application of MFA is the two-factorauthentication (2FA) used on popular online platforms In addition to entering a password, users who enable 2FA forthese services must also enter a code sent to another device, suchas a mobile phone, thus providing two pieces of evidence thatthey are who they claim to be. Not only does my user know their password, they mustalso have their mobile phone/email account. Something you know and something you have.Data SecurityNetwork SecurityWorkforce Security
Principle: Deviceknowledge and control How many different devices are trying to accessyour organization's networks? Are the devices cloned? Ensure that every device is authorized. Just being on the network is not authorization This further minimizes the attack surface ofthe network.AnalyticsDevice SecurityNetwork Security
Principle: DetectionAssumeAssume the perimeter isbreachedDetectNotifyDetect malicious activityUtilize notification ororchestration/automationto address detectedissues/eventsOrchestrationAnalytics
Zero TrustHow to achieve an effective zero trustenterprise
The How of Zero Trust Micro segmentation Evaluations on access – access control Who – user, machine, application Where – location What - data Least privilege accessNetwork SecurityData SecurityAnalyticsData SecurityWorkforce SecurityNetwork SecurityDevice Security user, systems, and applications Internal access controls Firewalls MFA Time based limitations
The How of Zero Trust Identity and Access Management – IAMWorkforce Security Management, auditing, and logging of user identities and access Heuristics and behavioral profiling for anomaly detection Orchestration / automationOrchestrationNetwork Security Leverage automation and orchestration to reduce human workloads AnalyticsAnalyticsWorkforce Security Set baselines for "normal" network/system operation Detect anomalies and notify/orchestrate Encryption Both at rest and in transitWorkload SecurityData Security
The How of Zero Trust Scoring and auditingAnalyticsWorkforce Security Leveraging analytics, automated auditing, and heuristic behavior-based anomalydetection File system permissionsData Security Not just servers, workstations too Governance policiesData SecurityDevice Security Giving users the least amount of access needed to accomplish a specific task No general access Short term privileged access
The How of Zero Trust Stranger Danger All new things are untrusted and must be explicitly allowed access Cloned devices detected and BOTH lose privileged access Probing activity on internal network access points is alerted ororchestrated remediation Network port controls Lobby Shipping dock Remote buildings on campusDevice SecurityNetwork SecurityWorkforce Security
Implementing ZeroTrustSection 2 - Practical steps
Practical Zero Trust: IAM/ACL Manage Identities and accessWorkforce Security MFA/2FA Use encryption where possibleWorkload Security In transit At rest) Periodic reviews of access and privilegeNetwork Security As often as possible Quarterly at a minimum Key based access / authentication for API access Notification on key based failuresData SecurityWorkload Security
Practical Zero Trust: IAM/ACL Create access groupsWorkforce Security Administrative access limit and use sparingly only as needed Operational managementNetwork Security Limit access times Recurring audits ReportingAnalytics Events Anomalies Transactional Administrative power-upsNetwork Security Lose functional capabilities during privileged access forcing users to return to lower privileged access
Practical Zero Trust: IAM users/groups Configure access groups and their access Workforce SecurityMap the transaction flowsIdentify least privilege for data access and configure data access accountsFile systemsDevice SecurityLeast privilege for each access typeData Security
Practical Zero Trust: micro-segments Construct a limited microsegment Software defined networking Mini firewalls Utilize/develop limitation to data access through service layers API Json Web Services When do users need to add/edit/delete?Network SecurityData Security
Practical Zero Trust: analytics Create analytics and monitors TransactionalAnalyticsWorkload Security Furrier transforms Boundry exceptions Security Incident and Event management (SIEM) feedAnalytics Fuse/correlate events Notify and/or orchestrate Authentications – successful and failed Mini firewalls looking for and alerting on non-authorized ports, protocols, andprobesNetwork Security
Practical Zero Trust: policy/governance Policy and governance Clearly document and define the systems and access Create additions to the incident response plan
Next steps: ZeroTrustBringing it all home
Tech DataCyber RangeThe first of its kind in the distributionindustry
Cyber Crime is Everywhere cyber skills are notEvery14secondsbusinesses fall victim toransomware attacks50%of companies saw anincrease in the numberof attacks vs. prior year 6 Trillion59%have unfilled securitypositions30%report that fewer than25 percent of applicantsare qualifiedSource: ISACA State of Cybersecurity Report, 2019 Annual Cybercrime Report, Forbes
Training using multiple forms of on-prem& cloud-based learning coursesDemonstration of solutions using the besttechnology, proven processes, and mostadvanced techniquesEngagement with customers in aninteractive learning environment thatpromotes security solution salesServices augment the capabilities of ourpartners by leveraging Tech Data’sprofessional and managed securityservices.Tech Data CyberRangeAn interactive and immersiveenvironment to train,demonstrate and engage partnersand their customersusing the best technologies,processes and most advancedtechniques in cybersecurity
Engage with us today! Training Incident response exercises, CNA, CND, DFIR,RedTeam/BlueTeam exercises, defense indepth, zero trust, and much morecyberrange.techdata.com Demonstration Technologies, methodologies,configurations, assessments, products,servicescyberrange@techdata.com Engagement Events, social, conferences, workshop ServicesContact your Tech Datarepresentative
Protect the Hybrid CloudReimagine your hybrid cloud security with zero trust in actionJason KeenaghanZero Trust Strategy June 2021
Our customers are growing their businesswith a zero trust approachPreserve customer privacyProtect the hybrid cloudSimplify and secure user onboardingManage and control all accessesManage user preferences and consentMonitor cloud activity and configurationsEnforce privacy regulations controlsSecure cloud native workloadReduce the risk of insider threatSecure the hybrid workforceEnforce least privilege accessSecure BYO and unmanaged devicesDiscover risky user behaviorEliminate VPNsEmbed threat intelligenceProvide passwordless experiences“Zero trust helps us enable critical business capabilities while managing security”- Mauricio Guerra, CISO, Dow ChemicalIBM Security / IBM Corporation 202134
This digital transformation is creating many new security challenges.Greater Risk forMisconfigurationsContinuousCompliance MonitoringIncreasing SkillsShortageSecuring Critical Data &Managing AccessSiloed VisibilityTo ThreatsDissolved PerimeterCompetitorsInnovating FasterExpandingThreat LandscapeAdapting Security Strategyfor Multi-cloudIBM Security / 2021 IBM CorporationNew Tools, UnfamiliarTechnologiesShared Responsibility, &3rd Party Risk35
The shift to Cloud requires a shift fromStatic, networkbased perimetersIBM Security / 2021 IBM Corporationtodynamic, Zero Trust principlesfocused on users, assets, &resources36
Modernizing applicationsto accelerate client valueand differentiate the clientexperienceUsing cloud applications toenable & optimize thebusiness for speed, scale, &flexibilityExposure to threats frommisconfigured / unsecuredPaaS & containerenvironmentsData loss via unsanctioned SaaSusageLateral movement andunauthorized access to criticalcorporate assetsUnauthorized access fromcompromised credentials & broadaccess controlsExposure of cloud credentials,API keys, and secrets frompoor secure developmentpracticesIBM Security / 2020 IBM CorporationMigrating workloadsfor scalability, flexibility &resiliencyLateral movement andunauthorized access to criticalcorporate assetsExposure to threats via legacysecure connectivity practices thatexpose internal networks &introduce vulnerabilitiesExposure to threats frommisconfigured / unsecured cloudworkloadsModernize data platformfor more efficient &effective processing &utilization of dataExposure to threats frommisconfigured / unsecured CloudservicesData loss from lack of visibility &control of data flow across hybridenvironmentUnauthorized access or exfiltrationof unsecured data from InsiderThreats, compromised credentials,and external malicious actors37
How can zero trust help?InsightsEnforcementDetection and ResponseEnable least privilege access bydiscovering and assessing risk acrossdata, identity, endpoint, apps andinfrastructureContinuous verification with contextaware access control to all apps, data,APIs, endpoints, and hybrid cloudresourcesAssume breach and identify threatsand automate responses that not onlystop the immediate attack, butdynamically adapt access controlsIBM Security / IBM Corporation 202138
Zero Trust Solution Blueprint: Protect the hybrid cloudIBM Security / IBM Corporation 2021To put zero trust into action to protect the hybrid cloud you’ll want to consider each ofthe critical capabilities indicated (l) for the specific security challenge you want toaddress.39
IBM provides core capabilities to secure the hybrid cloud whilestrengthening other solutions1IBM Security Verify (SaaS / Governance /Privilege), MaaS3602IBM Security / IBM Corporation 2021IBM Security QRadar,Cloud Pak for Security3 IBM Security Guardium40
1IBM Security Verify – Making identity consumable for all usersExtend embedded platform identity layers to deliver advanced functionality and a common experiencefor all developers, admins, and application users – from mainframe to multicloudAuthenticate and Secure App WorkloadsIntelligent GovernanceGovern and Administer AccessProvision Certify Analyze Strong 2FA (e.g., passwordless auth, mobilepush, mobile native biometrics, FIDO2) Adaptive access (i.e., risk based auth) User consent managementContinuous Access ControlAuthenticate Authorize ConnectProactive Threat MitigationMonitor Detect Orchestrate Provisioning adapters Identity analytics Privileged user access (admins, developers,automation) Least privilege endpoint controlsRACFIBM CloudIBM Security / 2020 IBM CorporationIBM ZIBM Cloud PaksIBM WebSphere Hybrid Edition3rd Party Cloud Providers41
2IBM QRadar and Cloud Pak forSecurity deliver continuousintelligence, analytics, & response11Discover Cloud FootprintIdentify cloud resources across the enterprise2Protect Business SaaS AppsGain deep visibility into cloud applications34PublicCloudsPrivateCloud2Secure IaaS and PaaSSecure cloud infrastructure and identify threatswith real-time security analytics4IBM CloudDefend Cloud WorkloadsIngest container-level telemetry andprotect the application stackIBM Security / 2019 IBM CorporationOn-Premises342
IBM Security Guardium & Cloud Pak for Security:Data security and compliance that support your hybrid cloud journey3 Simplifies compliance across cloud and on-premisesdata sourcesProtect data in public & private cloudenvironmentsOracleHadoopDB2NoSQLTeradataDB2 WHProtect data in DBaaS,databases & big data platformsGuardiumProtect data in files &file systems Provides deep data security capabilities: Data discovery and classification Flexible monitoring options of modern and legacy datasources Dynamic data protection, separation of duties Encryption Vulnerability assessment Risk management Data security hub enhances threat detection andaccelerated compliance Delivers hybrid multi-cloud data protection with holisticProtect data on-premises environmentsProtect data inmainframesrisk views and supports consistent data security policiesacross environments Broad platform support and massive scalability for thelargest environments
IBM’s approach is best positioned to deliver on theZero Trust value propositionIndustryLeading SWOpenPlatformTechnologyEcosystemEnd to EndCapability Industry leading DataSecurity, ThreatManagement and IAMtools Cloud Pak for Securitybuilt on OpenShift Leverage strategicalliances andpartnerships tocomplement IBMtechnology and enablezero-trust use cases With the technologyecosystem, IBM offersan end-to-end securitytechnology portfolio toenable a Zero Trustapproach Modern SW built forcloud-native and hybridenvironmentsIBM Security / IBM Corporation 2021 Flexibility to deploy onprem or across cloudenvironments Interoperability withexisting security tools Integrated Zero TrustFramework44
How to Get Started? IBM has several assets and initiatives tohelp you get started with Zero TrustZero TrustBadgesZero TrustCertificationsZero TrustCompetencyZero TrustWorkshop Foundational coursesand training across avariety of skills (sales,solution domains, etc.) Official productadministrator andspecialist accreditation Recognition for IBMpartners whodemonstrate technicalproficiency and provensuccess in delivering zerotrust value to customers Workshop for BPs withIBM Security experts Demonstrate expertise inIBM technologies andsolutionsFor Individuals Prepare BPs to delivera ZT engagement withcustomersFor Organizations45IBM Security / IBM Corporation 2021
PROTECT THE HYBRID CLOUDIBM Security Verify
Continuous Access ControlAdaptively enforce authentication and authorization policies, while delivering a frictionless experiencefor consumers, workforce, and privileged usersPeopleIntelligent GovernanceProvision Certify AnalyzeContinuous Access ControlAPIs & ThingsAuthenticate Authorize ConnectProactive Threat MitigationMonitor Detect OrchestratePassword-less & MFAProtect Modern & Legacy AppsPrivacy & Consent ManagementNative Developer IntegrationsSingle Sign-OnVault & Session ManagementIBM Security / 2020 IBM Corporation
Leading fraud detection powers smarter access decisionsEnable business agility across all digital channels by knowing your users, delivering frictionless access,and securing critical assets with layered fraud detection Modernize any access management solution and allow itto adapt with comprehensive fraud detection that canassess risk based on the identity, device, environment,resource, and behavior Protect emerging access channels like APIs, IoT, and chatsessions in addition to traditional web and mobile apps todeliver a consistent omnichannel experience Leverage expertise from professional fraud researchersto stay ahead of emerging threats with out-of-the-box riskdetection policies, self-service policy tuning, and theoption for full-service policy customizationMachine Learning& AISimpleIntegrationDynamic Fraud DetectionAdapt Protect ManagePolicyTuningPeopleBig DataConsortiumIntelligent GovernanceProvision Certify AnalyzeContinuous Access ControlAPIs & ThingsAuthenticate Authorize ConnectProactive Threat MitigationMonitor Detect OrchestrateIBM Security / 2020 IBM Corporation
Intelligent GovernanceGovern all digital identities, from business to privileged users, with risk-aware compliance andactionable intelligencePeopleIntelligent GovernanceProvision Certify AnalyzeContinuous Access ControlAPIs & ThingsAuthenticate Authorize ConnectProactive Threat MitigationMonitor Detect OrchestrateUser Lifecycle ManagementCloud & On-prem ProvisioningGovern Privileged Users & DataRisk-Based CertificationsPAM Reporting & AttestationsBusiness Activity ModelsIBM Security / 2020 IBM Corporation
Proactive Threat MitigationIntegrate identity into the broader security ecosystem in order to more effectively adapt to emerginginternal and external threatsPeopleIntelligent GovernanceProvision Certify AnalyzeContinuous Access ControlAPIs & ThingsAuthenticate Authorize ConnectProactive Threat MitigationMonitor Detect OrchestrateContinuous IT Asset DiscoveryIntegration to Next Gen SOCCentralized Policy DefinitionsUEBA Anomaly DetectionEnforce Privileged ID ControlsAutomate Identity ResponseIBM Security / 2020 IBM Corporation
Embed Identity into ThreatManagement WorkflowIntelligent GovernancePeopleProvision Certify AnalyzeContinuous Access ControlAuthenticate Authorize ConnectAPIs & Things Gain complete insights with a unifiedconsole that provides analytics across IBMand 3rd party security tools, data, and clouds Act faster with AI and automation, simplifyoperations and streamline response, to savetime and lower riskProactive Threat MitigationMonitor Detect OrchestrateIdentity Context & RiskAlertsCase ManagementIBM Cloud Pak for SecurityDetectI nvestigateRespondWork across tools and teams withintegrated Case ManagementRespond 8x faster with out of the boxplaybooks, easily integrates with AnsibleDetect Modernize your architecture and runanywhere with open, multicloud platformthat gives you flexibility, extensibility andavoids lock-inIntegrated with Qradar, UBA, and WatsonAdvisor to isolate threats and reduce falsepositivesIBM Security / 2020 IBM CorporationThreat IntelligenceUser Risk InsightsResponse Actions
PROTECT THE HYBRID CLOUDIBM Security QRadarIBM Cloud Pak for Security
1. DiscoverDiscover cloud application usage across the enterprise Uncover and controlShadow IT Automatically discover hybridmulticloud data and assets Gain actionable insightsto automate offense triage Apply business contextto security dataIBM QRadarCloud Discovery Enforce security policies usingIBM X-ForceThreat Intelligence Safeguard data and intellectualproperty Minimize enterpriserisk through real-timeclassification#1 SIEM forAdvanced Threat Defense- GartnerIBM Security / 2019 IBM Corporation
2. SaaSGain deep visibility into cloud applications Obtain actionable insightsinto offenses, networkdata, threats, and maliciousbehaviorin your SaaS applications Reduce the risk of dataexfiltration andunauthorized file access Seamless data protectionacross multiple SaaSapplications including: Overcome SaaS providerlack of transparencyo Microsoft Office 365o Salesforce.como G Suite Apps Protect your sensitive datafrom insider threats Combat phishing attemptsand credential compromiseIBM Security / 2019 IBM CorporationIBM QRadar for SaaS55
3. IaaS and PaaSSecure cloud workloadsand identify threatsSimplify Cloud Security“QRadar Cloud Visibility and the latest out-of-the-box AWSintegrations introduced automation and drastically reducedthe time it took us to connect our 100 AWS accounts toQRadar. This made it easy to consume both events andnetwork flow traffic from our AWS environment.”- Large US-based Insurance Company Quickly detect and preventcloud misconfigurations Consume cloud threats via asingle pane of glass Gain deep visibility across IaaSenvironments including AWS,Azure, and IBM Cloud Clearly visualize cloudnetwork traffic inreal-timeIBM QRadarCloud VisibilityIBM Security / 2019 IBM Corporation
4. Cloud WorkloadsIngest container-level telemetryand protect the application stackDefendcontainerswithreal-timethreatdetection Gain visibility intocontainer-basedapplications Discover indicatorsof container compromiseand credentialvulnerabilities Elevate threat huntingRed HatOpenShiftRed HatEnterprise Linux Prevent container breakoutto safeguard applications Identify anomalousauthentication andprivilege escalation Detect indicators of insiderthreats or active dataexfiltrationIBM QRadarContainer Security57
PROTECT THE HYBRID CLOUDIBM Security Guardium
Guardium: Aunified datasecurity solutionSecuring hybridmulticloudenvironments withGuardium DataProtectionDynamicActive & passive monitoringfor 30 cloud-native datasources– Agentless– Agent-basedMinimize security blind spotsand take real-time actionwith blocking and redaction*Store data security and auditdata to meet retentionrequirements and uncoverunknown threats* Agent-basedIBM Security / 2020 IBM CorporationOrchestratedCentralized policyenforcement andmanagement across hybridmulti cloudsAutomate complianceworkflows for audit reviewsand approvalsModernUses cloud-native andcontainerized technologySimplify and streamlinedeployment with cloudmanagement frameworks,such as Kubernetes andOpenShiftElastic, scalable and resilientOrchestrate remediation andresponse with IT and SecOpstools–ServiceNow, Splunk, QRadar,Resilient, and more
Supporting flexible monitoring using modern architecturesReal-time protection for mission critical on-premises data sources: Agents (STAPs)01000111 01110101 01100001 01110010 01100100 01101001 01110101 01101101 AgentSnifferGuardiumGuardiumReal-time protection for mission critical data sources in the cloud: Proxy-based Agents (E-TAPs)01000111 01110101 ServerClientAgent (proxy)01000111 01110101 01000111 01110101 01100001 01110010 SnifferDockerGuardiumGuardiumAgentless audit support for on-premises or cloud-based data sources: Universal DockerGuardium
Call to ActionNext StepsPresentation Recordingand DeckWebinar SurveySign up for remaining sessions!Schedule a follow up: Deep Dive Demo Zero Trust Client Review61
Tech Data IBM Security Brand TeamKaren BaileyBusiness Development ExecutiveLocation – Alpharetta, Georgia(678) 642-3446Karen.Bailey@techdata.comBusiness Development Executive Team Partner CoverageRick MarshallBusiness Development ExecutiveLocation – Tempe, Arizona(480) 254-4420Rick.Marshall@Techdata.comMarshall HallField Solutions Architect, IBM Automation,Red Hat, & SecurityLocation – Bryon, Georgia(478) 845-9239Marshall.Hall@techdata.comJay StephensField Solutions ArchitectLocation – San Antonio, Texas(210) 771-2400Jay.Stephens@techdata.comAntonio RuizIBM Vendor Business ExecutiveLocation – San Antonio, Texas(210) 683-2290Antonio.Ruiz@techdata.com62Karen Bailey – East Partner CoverageRick Marshall – West Partner Coverage
Thank you!63
Zero Trust Blueprints Secure the Journey to Cloud IBM Security. 2 Brett Scott Tech Data Director of Security Training and Enablement Brett.Scott@techdata.com Jason Keenaghan IBM Zero Trust Strategy Leader jkeenagh@us.ibm.com Today's Speakers & Agenda What is Zero Trust? Why Zero Trust to Secure the Hybrid Workforce?
