Extending Zero Trust To The Network Through Secure Network .

2y ago
54 Views
3 Downloads
697.13 KB
5 Pages
Last View : 15d ago
Last Download : 1m ago
Upload by : Elise Ammons
Transcription

White PaperCisco PublicExtending Zero Trust to theNetwork Through Visibility andSecurity AnalyticsContinuous network traffic monitoring withCisco Secure Network Analytics to detectmalicious behavior and take dynamicpolicy decisions

White PaperCisco PublicTable of ContentsThe challenge3The role of visibility and security analytics within a Zero Trust network3Contextual network-wide visibility4Predictive threat analytics4Analyzing encrypted traffic4Simplifying segmentation and policy monitoring5Cisco Zero Trust5Conclusion5Next steps5 2020 Cisco and/or its affiliates. All rights reserved.Extending Zero Trust to the Network 2

White PaperCisco PublicThe challengeThe need for Zero Trust has stemmed from the modern enterprise challengessurrounding the increasing network complexity as well as the evolving threatlandscape. The move to the cloud, users accessing the network from anylocation and any device, rise in encrypted traffic and the growing number ofInternet of Things (IoT) have blurred the lines around the traditional networkperimeter. At the same time, attacker tactics are evolving such as logginginto the network with compromised credentials versus breaking in, beingmotivated to persist within the network versus stealing data and getting outand hiding malware in encrypted traffic.The role of visibility andsecurity analytics within aZero Trust networkForrester has stated that the network is one of thekey components of the Zero Trust eXtended (ZTX)Ecosystem2. And that a main tenet of any securenetwork has always been increased visibility.The report further highlights the importanceof deploying a Network Analysis and Visibility(NAV) tool to implement a Zero Trust network.These solutions, also categorized as NetworkTraffic Analysis (NTA) or Network Detection andResponse (NDR), provide the ability to detect anykind of malicious activity using network traffic forfaster threat detection and response.Cisco Secure Network Analytics (formerlyStealthwatch) is one such solution, that providesenterprise-wide visibility, from the private networkto the public cloud by collecting network telemetry.It then applies advanced security analytics in theform of behavioral modeling and machine learningto pinpoint anomalies and further reduce them tocritical alerts in order to detect advanced threatsin real-time. With a single, agentless solution, youget comprehensive threat monitoring,even in encrypted traffic.Secure Network Analytics was designed withthe ideology of continuously verifying all networkactivity, regardless of location, to ensure it’s“normal”, so that any anomalous activity could bedetected immediately in case of a compromise.Following are some more details on how thesolution is implemented to extend Zero Trust tothe network. 2020 Cisco and/or its affiliates. All rights reserved.What is Zero Trust?Zero Trust is an approach to helpachieve more pragmatic securityfor today’s world. It is a securityarchitecture and enterprisemethodology, not a technologyor tool, designed to effectivelyorchestrate today’s challengingcombination of technologies,practices and policies. It representsan evolution in our approach tosecurity, focused on delivering acomprehensive, interoperable,holistic solution approach thatintegrates multiple vendors’ productsand services.A Zero Trust Architectural Frameworkinvolves restricting access to system,application and data resources tothose users and devices that arespecifically validated as needingaccess. It will then continuouslyauthenticate their identity andsecurity posture to ensure properauthorization for each resource toprovide continued, ongoing access1Extending Zero Trust to the Network 3

White PaperCisco PublicContextual network-wide visibilitySecure Network Analytics is able to ingest and analyze telemetry from network devices such as routers,switches and firewalls. It can also natively collect telemetry from the public cloud infrastructure. SecureNetwork Analytics uses entity modeling to classify all the devices or entities connected to the networksuch as servers, printers, etc. to efficiently determine normal behavior of these entities so it can alarmon any anomalies. Another unique capability of Secure Network Analytics is that it stitches traffic flowsfollowing asymmetric paths through the network together, to represent the client-server communication.This means that Secure Network Analytics can not only detect a threat, but provide additional contextualinformation about the source of the threat, like where else it might have propagated laterally, which userhas been compromised, and provide other information such as location, device type, timestamp, etc.Secure Network Analytics can also store telemetry for a certain period of time to forensically investigatepast or long-running events. In addition to network telemetry, Secure Network Analytics integrates withother solutions to infuse user and application data, web information, etc. for faster threatinvestigation and response.Predictive threat analyticsAttackers use multiple methods to compromise your security so why should you employ just one defensetechnique? Secure Network Analytics uses a three-pronged approach to detect advanced threats beforethey turn into a high impact incident: The first is behavioral modeling. Secure Network Analytics constantly observes network activitiesto create a baseline of normal behavior, and alarms on any anomalies using close to 100 differentheuristics. It also has knowledge of known bad behavior that it alarms on. So, if attackers are usinglost or stolen credentials to gain access, or if you are dealing with a malicious employee involved inhoarding or exfiltrating sensitive data, Secure Network Analytics can alert on it right away.That is why it is necessary to continuously verify network activity, even after proper accesshas been granted. Secondly, Secure Network Analytics applies a funnel of machine learning techniques to reduce largeamount of telemetry to anomalies, to eventually high-fidelity threat detections. So, your security teamcan now focus on investigating critical threats. This cloud-based machine learning engine can alsodetermine malicious servers across the world and flags any communication to these, in order to detectunknown or targeted attacks. And lastly, Secure Network Analytics uses global threat intelligence powered by the industryleading Cisco Talos platform to correlate local threats globally, and thwart attackers’ rinse-and-repeattactics of infecting multiple victims with the same malware. All these analytical techniques worktogether to identify early indicators of compromise like constant pinging/beaconing, port scanning,communications to malicious domains.Analyzing encrypted trafficThe rapid rise in encrypted traffic is changing the threat landscape. With more than 80% of the web trafficbeing encrypted today, this leaves a huge blind spot for the organizations. Today, most technologiesrely on decryption-based monitoring, but this method is not only time and resource intensive, but alsocompromises data privacy and security.NIST recently released a draft publication, SP 800-207: Zero Trust Architecture (ZTA)3, an overview of anew approach to network security. NIST also recognizes that in ZTA, all traffic should be inspected, loggedand analyzed to identify and respond to network attacks against the enterprise. But some enterprisenetwork traffic may be difficult to monitor, as it comes from third-party systems or applications that cannotbe examined due to encrypted traffic.In this situation, NIST recommends collecting encrypted traffic metadata and analyzing it to detect malwareor attackers on the network. It also references Cisco’s research on machine learning techniques forencrypted traffic (section 5.4, page 22). 2020 Cisco and/or its affiliates. All rights reserved.Extending Zero Trust to the Network 4

White PaperCisco PublicCisco encrypted traffic analytics was developed using the same Cisco research, wherein Secure NetworkAnalytics ingests enhanced metadata and analyzes it to detect threats in encrypted traffic and also ensurecryptographic compliance, without any decryption.Simplifying segmentation and policy monitoringWith the visibility provided by Secure Network Analytics into all communications occurring within andoutside the organization, smarter policies can be created without disrupting critical mission workflows.Also, custom security alerts can be created within Secure Network Analytics to trigger when these policiesare violated. For example, if a guest user tries to access a sensitive data server, or traffic is seen flowing toa country marked as suspicious by the organization. In this way, organizations can ensure that the securitypolicies they have set in other tools are actually working. And lastly, through the integration with CiscoIdentity Services Engine (ISE), Secure Network Analytics can set the appropriate policy on the suspiciousdevice based on the severity of the threat, in order to contain the threat immediately.Cisco Zero TrustCisco Zero Trust provides a comprehensive approach to securing all access across your applications andenvironment, from any user, device and location. It protects your workforce, workloads and workplace.Cisco was recently named a leader in The Forrester Wave : Zero Trust eXtended Ecosystem PlatformProviders, Q4 2019 – read the report to learn more about our position as a leader.“The enterprise can collectmetadata about the encryptedtraffic and use that to detectpossible malware communicatingon the network or an activeattacker. Machine learningtechniques [Anderson] can beused to analyze traffic that cannotbe decrypted and examined.Employing this type of machinelearning would allow theenterprise to categorize traffic asvalid or possibly malicious andsubject to remediation.”ConclusionKnowing who is connected to the network andwhat they are doing in order to detect maliciousbehavior immediately is an important component ofimplementing Zero Trust for the network.Cisco Secure Network Analytics can helporganizations implement this in a simple andscalable manner by ingesting network telemetry andanalyzing it to generate high-fidelity critical alerts,without the need to deploy any sensors or probes.Next steps:Get started on your journey to extendZero Trust to the network. Sign up for afree 2-week visibility assessment today!Learn more at:Cisco Secure Network AnalyticsSources: 1. White paper: Zero Trust 1012. Forrester report “The Zero Trust eXtended (ZTX) Ecosystem: Networks”3. Draft (2nd) NIST Special Publication 800-207: Zero Trust Architecture 2020 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S.and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property oftheir respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company 10/20

into the network with compromised credentials versus breaking in, being motivated to persist within the network versus stealing data and getting out and hiding malware in encrypted traffic. The role of visibility and security analytics within a Zero Trust network Forrester has stated that the network is one of the

Related Documents:

May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)

Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .

On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.

̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions

Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have

Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được

Zero Trust Privilege For Dummies consists of five chapters that explore » The basics of Zero Trust and the emergence of Zero Trust Privilege: what it is, why it's needed, and its benefits (Chapter 1) » Real-world use cases for Zero Trust Privilege in organizations

Zero Trust functional architecture Taking a look under the bonnet Deloitte [s Zero Trust functional architecture is aligned to NIST [s Zero Trust Architecture standards (SP 800-207) and is designed to provide an end-to-end view of the key components and how they interact in a Zero Trust environment. Operations