Skip to main content

Identity as a new perimeter and a shift towards novel security approaches.


Security landscape has been steadily changing due to proliferation of cloud computing and online services coupled with increasingly mobile workforce. The traditional perimeter and segmentation-based approaches alone no longer match the needs of this new security landscape. With static, well-defined perimeters eroding, organizations need to implement dynamic security approaches that are flexible and continuous in nature. Identity is quickly becoming a new perimeter and frameworks and architectures such as Zero Trust and Secure Access Service Edge (SASE) are redefining how cybersecurity is tackled.

But novel approaches don’t change the fundamentals. That's why I advocate for a time tested defense in-depth strategy that combines multiple and different methods of protection, both traditional and new, and infuses them with the cutting edge Machine Learning (ML) and Artificial Intelligence (AI) technologies that add behavioral dimension and automation to further enhance the practices around core cybersecurity functions (using NIST nomenclature - identify, protect, detect, respond, and recover).

IMHO, defense in-depth strategy doesn’t mean an assortment of technologies (often random) referred to as “best of breed”. Individual components are important, but they are less important than how those components work together. Approaches that rely on tight integration and hyper automation should be preferred; integrated, purpose-built, cloud-native platforms hold the most promise (e.g. SASE).

Organizations are locked in a race with bad actors (a general term for entities such as individuals, criminal enterprises, nation states, etc.) trying to exploit the weaknesses in their systems while being constrained by budgets and availability of skilled resources. That’s why Governance, Risk Management, and Compliance (GRC) activities are essential for understanding what high-value resources that need protecting are, what regulations need to be adhered to, and how much risk an organization is willing to accept.

When contemplating architecture, a good starting point is - what you already own. Incorporating solutions’ native features and controls to the maximum degree possible, will help with driving down the costs while improving integration and automation capabilities.

Finally, having a trusted advisor at your side armed with platform knowledge and lessons learned will save a lot of time and effort.

Whatever you choose to do, please - 
Be Cyber Safe, not Cyber Sorry!
We are an industry of cryptic names and acronyms 😀 and so I try to spell things out, give them definitions, and illustrate whenever I can -
 
Definitions:
  • User and Entity Behavior Analytics (UEBA) is a type of cyber security process that takes note of the normal conduct of users and entities, then detect any anomalous behavior or instances when there are deviations from these “normal” patterns.
  • Continuous Authentication is form of dynamic, risk-based authentication, that relies on continuous measurements such as location, behavior, and biometrics to change the perspective of authentication from an event to a process.
  • Security Orchestration, Automation and Response (SOAR) is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance.
  • Unified Endpoint Management (UEM) is an approach to securing and controlling desktop computers, laptops, smartphones and tablets in a connected, cohesive manner from a single console.
  • Endpoint Detection and Response (EDR) is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
  • Threat Intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets.
  • Threat Hunting is a pursuit of abnormal activity that may be sign of compromise, intrusion, or exfiltration of data.
  • Incident Response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack.
  • Security Information and Event Management (SIEM) collects and aggregates log data generated throughout the organization's infrastructure, from host systems and applications to network and security devices; then identifies and categorizes incidents and events, as well as analyzes them.
  • Zero Trust is an information security framework which states that organizations should not trust any entity inside or outside of their perimeter at any time. All users, services, endpoints, and data flows need to be attested to, authenticated, and authorized.
  • Secure Access Service Edge (SASE) is an architecture that converges network and security services into a cloud-based platform, centering on identity of users, devices, and applications.

Zero Trust:

Secure Access Service Edge (SASE):
Labels:

Comments

  1. imlanguagesOctober 21, 2020 at 8:33 AM

    I would like to thanks for sharing this article here. Probing for data cloud storage services Arista Networks Charlotte is the place where you get it. Thank you so much.

    ReplyDelete

Post a Comment

Popular posts from this blog

Updating computer's AD Security Group membership without rebooting

I found the following to be very useful - From the elevated command prompt execute “ klist –li 0x3e7 ” to view the logon session of the computer account . To purge them, simply execute “ klist –li 0x3e7 purge ”. A typical use case might involve targeting GPOs based on computer's group membership. When you add computer to the group in order to test the application of policies you can reboot it or, alternatively, run the above mentioned to clear logon sessions, then do “ gpupdate /force ” and check. In a spirit of giving credit where credit is due, I found a few references to this, but the one I learned it from was  http://setspn.blogspot.com/2010/10/updating-servers-security-group.html
4 comments
Read more
  AI Agents as Trusted IoT/Software Defined Devices 🤖 Your Newest Endpoint Isn’t a Laptop; It’s an AI Agent. Are You Ready to Secure It? Dive into the next frontier of cybersecurity. Autonomous AI agents are no longer just code; they are powerful actors in our digital ecosystems. Treating them as simple software leaves a massive security gap. Our latest report introduces a new paradigm: The AI Agent as a Software-Defined Device. Discover the essential framework for securing the agentic future: ➡️ The Agent-as-Device Model: Learn why abstracting agents as software-defined devices, similar to IoT endpoints, is the key to managing their complexity and risk. Secure the “hardware” (host), “software” (agent logic), and “network” (communications). ➡️ A Digital Passport for AI: Move beyond static API keys. Explore how Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) create a cryptographic root of trust, giving every agent a verifiable identity and provable permissions. ➡️...
Post a Comment
Read more

WordPress displays weird characters

Sometimes after a database conversion (e.g. from MySQL to MariaDB) or due to encoding issues a situation might arise when WordPress is showing weird characters. A quick way of remedying the situation would involve examining the pages to discover a pattern (what characters are being substituted, in the example below the apostrophe was replaced by  ’ ) then running an queries against the database to reverse the effect. Here's a quick example (common tables that store content): UPDATE  wp_posts  SET  post_content =  REPLACE (post_content,  'Â' ,  '' )      UPDATE  wp_posts  SET  post_content =  REPLACE (post_content,  '’' ,  "'" )      UPDATE  wp_postmeta  SET  meta_value =  REPLACE (meta_value,  'Â' ,  '' )      UPDATE  wp_postmeta  SET  meta_value =  REPLACE (me...
17 comments
Read more