philip_industry zero trust presentation ppt
JayLewis40
18 views
18 slides
Mar 03, 2025
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
Zero trust
Slide Content
Philip Wong
Principal Solution Architect
Cisco Greater China
End 2 End Zero Trust Network Security Framework
Principal Solution Architect
Cisco Greater China
End 2 End Zero Trust Network Security Framework
© 2020 Cisco and/or its affiliates. All rights reserved.
•Trends and Challenges
•A Practical Zero Trust Approach
•Use Case
•Call for Collaboration
Agenda
•Trends and Challenges
•A Practical Zero Trust Approach
•Use Case
•Call for Collaboration
Agenda
© 2020 Cisco and/or its affiliates. All rights reserved. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Shift in IT Landscape
Users, devices and apps are everywhere
Evolving
Perimeter
Remote Users
Personal &
Mobile Devices
IOT Devices
Cloud
Applications
Hybrid
Infrastructure
Cloud
Infrastructure
Shift in IT Landscape
Users, devices and apps are everywhere
Evolving
Perimeter
Remote Users
Personal &
Mobile Devices
IOT Devices
Cloud
Applications
Hybrid
Infrastructure
Cloud
Infrastructure
© 2020 Cisco and/or its affiliates. All rights reserved.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Traditional Security is like a castle
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Traditional Security is like a castle
© 2020 Cisco and/or its affiliates. All rights reserved.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What about“Least-Privilege Access”(i.e. grant access, but make a very specific)
üFocus on data protection,
not on attacks
üAssumes all environments
are hostile and breached
üNo access until user +
device is proven “trusted”
üAuthentication not equal to
Authorization
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What about“Least-Privilege Access”(i.e. grant access, but make a very specific)
üFocus on data protection,
not on attacks
üAssumes all environments
are hostile and breached
üNo access until user +
device is proven “trusted”
üAuthentication not equal to
Authorization
© 2020 Cisco and/or its affiliates. All rights reserved.
TODAY2004201020142017
Jericho ForumZTBeyondCorpCARTA & ZTXZTA
De-perimeterisation
An international group of
CISOs and Vendors
Focus on solving “de-
perimeterisation” problem
Early output calling for “the
need for trust”
Multiple Models Emerge
Forrester coined Zero Trust.
Google published their ZT
solution as BeyondCorp.
Forrester expands to Zero
Trust eXtended.
Gartner named their model
Continuous Adaptive Risk
and Trust Assessment.
Generalized
The industry has
largely accepted
Zero Trust
Architecture as
the general term.
A brief history of Zero Trust
TODAY2004201020142017
Jericho ForumZTBeyondCorpCARTA & ZTXZTA
De-perimeterisation
An international group of
CISOs and Vendors
Focus on solving “de-
perimeterisation” problem
Early output calling for “the
need for trust”
Multiple Models Emerge
Forrester coined Zero Trust.
Google published their ZT
solution as BeyondCorp.
Forrester expands to Zero
Trust eXtended.
Gartner named their model
Continuous Adaptive Risk
and Trust Assessment.
Generalized
The industry has
largely accepted
Zero Trust
Architecture as
the general term.
A brief history of Zero Trust
© 2020 Cisco and/or its affiliates. All rights reserved.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Zero TrustArchitectural “Pillars”
vEliminate Network Trust
vExternal and internal threats
exist at all times
vEvery user, device, app and
network flow is authenticated
and authorized
vPolicies-based and must be
dynamic; postures calculated
from as many sources as
possible
vConstant logging, monitoring
and re-scoring
vAutomation is key to build and
operate a ZT architecture
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Zero TrustArchitectural “Pillars”
vEliminate Network Trust
vExternal and internal threats
exist at all times
vEvery user, device, app and
network flow is authenticated
and authorized
vPolicies-based and must be
dynamic; postures calculated
from as many sources as
possible
vConstant logging, monitoring
and re-scoring
vAutomation is key to build and
operate a ZT architecture
© 2020 Cisco and/or its affiliates. All rights reserved.
Cisco Zero Trust Approach
vMulti-factors of User Identity
vDevice context and Identity
vDevice posture & health
vLocation
vRelevant attributes & contect
“Least Privilege Access” to:
vNetwork
vApplications
vResources
vUsers & Devices
vOriginal tenets used to
establish trusts still true?
vThreat Traffic?
vBehavior baselining
vMalicious or anomalous
actions?
Cisco Zero Trust Approach
vMulti-factors of User Identity
vDevice context and Identity
vDevice posture & health
vLocation
vRelevant attributes & contect
“Least Privilege Access” to:
vNetwork
vApplications
vResources
vUsers & Devices
vOriginal tenets used to
establish trusts still true?
vThreat Traffic?
vBehavior baselining
vMalicious or anomalous
actions?
© 2020 Cisco and/or its affiliates. All rights reserved.
Sample Zero Trust Architecture
Control Plane
Data Plane
Policies Establishment
Polices Enforcement
Workload / App
Inventory
Device
Inventory
User
Inventory
Policy Information Point (PiP) Policy Administration Point (PaP)
Policy Decision Point (PdP)
Policy Information Point (PiP)
ZT Policy EngineTrust EngineOther
Sources
Legacy
App
EndpointNetwork Equipment
IPS, FW
App
Legacy
App
Legacy
App
Internet
SaaS
SaaS
Policy Enforcement Point (PEP)
Feedback Loop
CLOUDs
On-Premise
Network
Applications
Mode 1
Mode 2
Sample Zero Trust Architecture
Control Plane
Data Plane
Policies Establishment
Polices Enforcement
Workload / App
Inventory
Device
Inventory
User
Inventory
Policy Information Point (PiP) Policy Administration Point (PaP)
Policy Decision Point (PdP)
Policy Information Point (PiP)
ZT Policy EngineTrust EngineOther
Sources
Legacy
App
EndpointNetwork Equipment
IPS, FW
App
Legacy
App
Legacy
App
Internet
SaaS
SaaS
Policy Enforcement Point (PEP)
Feedback Loop
CLOUDs
On-Premise
Network
Applications
Mode 1
Mode 2
© 2020 Cisco and/or its affiliates. All rights reserved.
Zero Trust Use Case Scenarios
Workload / App
Inventory
Device
Inventory
User
Inventory
WORKFORCEWORKLOADWORKPLACE
Device
Inventory
User
Inventory
+ Network / Location Context
PoliciesPolicies
Zero Trust Use Case Scenarios
Workload / App
Inventory
Device
Inventory
User
Inventory
WORKFORCEWORKLOADWORKPLACE
Device
Inventory
User
Inventory
+ Network / Location Context
PoliciesPolicies
© 2020 Cisco and/or its affiliates. All rights reserved.
Ø“No more network centric authentication”
ØShifting to “a serverless world”
ØApplication Services relationship@uto-discovery
ØConstantly Monitor flows
ØApplyMachine Learning, baselining activities, identify anomalous, …
ØEstablish and Simulate Trust Policies
ØMulti-domain enforcement
ØAgents
ØPolicy-based network
Ø3rdparty OPEN integration
WorkloadWORKLOAD
Ø“No more network centric authentication”
ØShifting to “a serverless world”
ØApplication Services relationship@uto-discovery
ØConstantly Monitor flows
ØApplyMachine Learning, baselining activities, identify anomalous, …
ØEstablish and Simulate Trust Policies
ØMulti-domain enforcement
ØAgents
ØPolicy-based network
Ø3rdparty OPEN integration
WorkloadWORKLOAD
© 2020 Cisco and/or its affiliates. All rights reserved.
•Mode 1 Applications transition to Micro-
Services
•Safeguard Interaction between Mode 1 and
Mode 2
•Securely expose Mode 2 Services to ultimate
consumers
WORKLOAD
•Mode 1 Applications transition to Micro-
Services
•Safeguard Interaction between Mode 1 and
Mode 2
•Securely expose Mode 2 Services to ultimate
consumers
WORKLOAD
© 2020 Cisco and/or its affiliates. All rights reserved. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Embracing Other contextual data
13
Embracing Other contextual data
13
© 2020 Cisco and/or its affiliates. All rights reserved. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public#CiscoLiveLA
© 2020 Cisco and/or its affiliates. All rights reserved.
Expand to a much wider scope with context data exchange
Expand to a much wider scope with context data exchange
© 2020 Cisco and/or its affiliates. All rights reserved.
•Publish/Subscribe Model with Bi-directional Context Sharing and
Consuming Control
Cisco Platform Exchange Grid (pxGrid)
IOT Ecosystem partner (e.g. MRI)
Policy Enforcement Point
•Publish/Subscribe Model with Bi-directional Context Sharing and
Consuming Control
Cisco Platform Exchange Grid (pxGrid)
IOT Ecosystem partner (e.g. MRI)
Policy Enforcement Point
© 2020 Cisco and/or its affiliates. All rights reserved.
•Platform Exchange for context sharing and innovative integration
between
•IOT Devices
•Thin Applications
•Further information
•Cisco Zero Trust
•https://www.cisco.com/c/en_hk/products/security/zero-trust.html
•pxGridWhite Paper
•https://pubhub.devnetcloud.com/media/pxgrid-
api/docs/overview/Cisco_pxGrid_White_Paper_09192018_JE.pdf
•https://developer.cisco.com/site/pxgrid/
Call for Collaboration
•Platform Exchange for context sharing and innovative integration
between
•IOT Devices
•Thin Applications
•Further information
•Cisco Zero Trust
•https://www.cisco.com/c/en_hk/products/security/zero-trust.html
•pxGridWhite Paper
•https://pubhub.devnetcloud.com/media/pxgrid-
api/docs/overview/Cisco_pxGrid_White_Paper_09192018_JE.pdf
•https://developer.cisco.com/site/pxgrid/
Call for Collaboration
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 18
- Slides 18
- Age 276 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views