3. ZERO TRUST NETWORK FRAMEWORK PRINCIPLES - CHALLENGES
Visibility
Automation
Segmentation
Compliance
API Integration
3 | Confidential
GUIDANCE
Challenge
Requirements
Use Case
CISO
Business Analyst
Network Security
Manager
ComponentsAnglesPersonas
4. VISIBILITY – GUIDANCE
• “Visibility is the key to defending any valuable asset”
• “Zero Trust mandates significant investment in
visibility”
• “You can’t protect the invisible”
4 | Confidential
Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
You can’t combat a threat you can’t see or understand.
Visibility is essential for achieving Zero Trust
5. VISIBILITY – CHALLENGES
5 | Confidential
Large and complex heterogenous and hybrid networks
Cisco, Checkpoint, PAN, etc.
Multiple firewall
vendors
AWS, Azure, Google
Public cloud
providers
VMWare NSX, Cisco ACI etc.
Private cloud,
SDN platforms
6. VISIBILITY – REQUIREMENTS
6 | Confidential
Full visibility into your
entire network
security estate with a
live topology map
Single pane of glass
to manage cloud,
SDN and
on-premise security
controls
Unified management of
security policy across
hybrid environments
and mixed
environments
Discovery and mapping of
business application
connectivity requirements
to the network
infrastructure
9. AUTOMATION – GUIDANCE
• “Critical for organizations and S&R leadership
to leverage and use tools and technologies”
• “Enable automation and orchestration across
the enterprise”
9 | Confidential
Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
10. AUTOMATION – CHALLENGES
10 | Confidential
Defining and maintaining a Zero Trust network involves many
security policy changes.
Change processes, when done manually, inevitably lead to
errors and misconfigurations.
• Risk assessment for each proposed change
• Multiple disparate teams and stakeholders (security, networking,
business owners). With different languages, different objectives.
Slow process as even a single change in a complex enterprise
environment takes time, X hundreds of changes per month.
11. AUTOMATION – REQUIREMENTS
11 | Confidential
Process firewall changes
with zero-touch
automation
Eliminate mistakes and
rework
Accountability for
change requests
• Assess impact of network changes to ensure security and continuous compliance
• Automate rule-recertification processes
• Introduce intelligent change management
• Enforce compliance
• Deliver automatic documentation across the entire change management lifecycle
14. SEGMENTATION – GUIDANCE
“The ability to segment, isolate, and
control the network continues to be a
pivotal point of control for Zero Trust.”
14 | Confidential
Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
15. SEGMENTATION – CHALLENGES
15 | Confidential
• Security policy change is slow, taking days or weeks to process in a complex
enterprise environment
• Change process involves multiple disparate teams and stakeholders (security,
networking, business owners) who speak different languages and have
different objectives
Detection, assessment and decisions about which applications should be
segmented and their placement within the Zero Trust network
Risk assessment of proposed changes in Zero Trust network
Misconfiguratons
happen
Misconfigurations happen often and introduce unnecessary risks and cause
outages that disrupt business operations
16. SEGMENTATION – REQUIREMENTS
16 | Confidential
Define and enforce your
Zero Trust segmentation
strategy inside the data
center.
Automatic
identification of
changes that violate
the Zero Trust strategy
Single pane of glass to
manage both cloud and
on-premise security
controls and segments
• Meet compliance requirements
• Identify unprotected network flows
• Automatic implementation of network security changes
• Automatic validation of changes aligned with strategy
• Avoid blockage of critical business services.
20. COMPLIANCE – GUIDANCE
• “Security teams that have used Zero Trust as a key
driver of their strategic security vision have met many
compliance requirements with far greater ease.“
• “Segmenting the network frequently reduces the
scope of compliance initiatives because many
regulations, such as PCI, only have certain data types
in scope”
• “Zero Trust networks far exceed the security required
by compliance directives, and that’s a good thing.”
20 | Confidential
Source: The Zero Trust eXtended (ZTX) Ecosystem 2018
21. COMPLIANCE – CHALLENGES
21 | Confidential
Managing a Zero Trust network is a significant overhead, more
segments you have the more firewalls you need to deploy and
manage.
Firewall audit preparation process is manual, time consuming and
costly. Compliance takes time away from strategic initiatives.
Regulations require continuous compliance
Compliance documentation is tedious and time consuming
22. COMPLIANCE – REQUIREMENTS
22 | Confidential
Instant generation of
audit-ready reports for
major regulations,
including PCI, GDPR,
HIPAA, SOX, NERC etc.
Generate custom
reports for internal
compliance mandates
Proactive checks of
every change for
compliance and/or
network segmentation
violations
• Changes to remediate problems and ensure compliance
• Audit trail of all firewall changes and approval processes
• Easily define allowed traffic between network segments
• Support software-defined micro-segmentation on multiple platforms.