2.1 Defining Zero Trust Networks - ZN

00:01

Now let's look at the learning objectives or the next section, which is defining. Zero trust networks in this section will look at the fining zero. Trust networks will also look at an example using Barris Total, which is a pretty popular website

00:20

that is used to scan

00:22

You are l's and hashes,

00:24

um, to give us a sense of, ah, threat score and how that fits into zero trust.

00:30

We'll also look at what zero trust networks are,

00:34

and we'll also look at what zero trust networks are not in the next section. Thank you so much. Stay tuned.

00:42

So let us define zero trust networks.

00:46

The concept of zero trust is that we don't place inherent trust in our users devices, applications in traffic.

00:55

Let me share with you a quick illustration using baseball umpires debate in their different philosophies of officiating the game.

01:03

The first umpire states. There's balls and their strikes, and I call them the way they are.

01:08

The second umpire disagrees and says There's balls and their strikes, and I call them the way I see them.

01:17

That's no better, says the third umpire. There are balls and there are strikes and they aren't anything until I call them.

01:25

So the first umpire really represents objective truth.

01:30

It's independent of the mind of the no er truth,

01:33

and they're to be discovered type of truth.

01:37

The second Umpires. Truth is, as each person sees it, type of truth, in my opinion. And the third umpire represents the type of truth that each of us create for ourselves.

01:52

So two questions to think about after this illustration.

01:56

Which umpire do you believe you have in your network in the form of network security

02:01

and number two?

02:04

Which umpire do you believe you get with zero trust networks?

02:08

Zero Trust networks Aim is to be the first umpire that calls it the way it is.

02:15

Zero trust networks are designed to move away from traditional network architectures that create their own truth or narrative

02:23

about your network or decides to monitor, detect and prevent differently. Based on how things are viewed by a particular vendors virtual or physical appliance

02:35

you may have in your network or your security stack.

02:38

So let's take a quick example of virus total.

02:43

So Lyons Total is a website that checks against many anti virus products and their scan engines to essentially call a vote on whether or not a file or you are. L is viewed as benign or malicious by some or all anti virus scanners available on the Web site.

03:00

And this approach seems to me to represent how Annie bars products call things, the way they see it and not the way they are.

03:07

Anti virus products represent Umpire number two

03:12

C virus Total tries to calculate its threat score from more than one data point, which is a good pig.

03:20

We need that replay value the same way we do

03:23

in sports to get it right.

03:25

Security architectures should not rely on its own knowledge and should not create its own narrative.

03:32

With zero trust networks, Maur information needs to be supplied to the operator and Ministry of Console Appliance that makes the decision to allow or deny access,

03:45

which makes productivity safer and faster.

03:51

Zero Trust

03:52

model is a concept.

03:54

This model sees trust as a vulnerability,

03:59

so trust in a user device application and the traffic must be traced back to something without compromise, and the management of that must be guarded. You know this model treats all host as if they're on the public Internet, and with that assumption

04:15

they must be considered compromise or hostile.

04:19

So zero trust is really about securing the network in a way that makes all service is better and faster for all users, all devices, all applications and all the traffic.

04:31

You know, I was listening to a podcast a few weeks ago, Title the Architect show,

04:35

and a CTO was speaking about security.

04:40

He used the analogy that cars have breaks so they can go faster

04:46

and not go slower.

04:47

And with good security, we could enable our workforce toe work faster because we have the right breaks in place, meaning the right security in place

04:57

when cars didn't have brakes, he said.

05:00

They only reached speeds around 30 miles per hour, But when brakes were introduced, cars achieved higher speeds.

05:06

And that's the difference security should make in our networks.

05:11

And that impact should be felt by user's devices applications and our traffic,

05:16

as you would trust, can help us go faster.

05:18

And I would try to flush that out with a battle card of sorts between traditional VPN

05:25

and these galas private access solution. During this course, which integrates zero trust

05:30

in its VPN replacement.

05:35

So zero trust is not an all in one

05:39

physical appliance or virtual machines supplied by a vendor.

05:44

But many security focused software and hardware vendors have adopted the zero trust model.

05:49

As you can see on the slide, the vendors very in terms of what they're known for.

05:56

Zero trust gonna be applied to firewalls. Web filtering service is

06:00

remote access and identity management fighters.

06:04

Later, wrong, we will discuss how's the scale. Er's software as a service solution and their private access technology can replace traditional VPN

06:15

and look at the benefits for the scale of private access in terms of zero trust and also the pit bulls we currently face with traditional VPN.

06:25

If we look back at some of the biggest breach is right. We know that VPN credentials provided to third party vendors or contractors

06:33

played a major role in financial damage and reputational damage for big organizations.

06:40

You know, back in 2013 Target was breached due to credentials stolen from an H back company

06:46

that was contracting to do work for them.

06:48

Home Depot suffered a similar fate in 2014 when vendor supplied log in credentials were stolen and then used to steal sensitive customer information.

07:00

So with us having a high level understanding of what zero trust networks are and are not, we will start to understand how the Zero trust model could be could have helped with breaches similar to Target and Home Depot and Sony and many others we have heard about on the news or read about online.

07:19

So quick recap on this section

07:23

we define zero trust networks. We looked at what zero trust Eriks are and what they are not.

07:30

And we look forward in the next section at the fundamentals that make up the zero trust model.

07:34

Thank you for being here. Stay tuned.

07:39

So welcome back. Just a quick pop quiz. Just a check. What we've learned so far,

07:45

a number one we've got Does zero trust place inherent trust and user's devices applications in traffic

07:54

number two, we have does zero trust see trust as a vulnerability and number three

08:00

was target face in a major breach in 2013 or 2014

08:05

And all of this week we covered in the last section defining zero trust

08:11

and just wanted to make sure that, um,

08:13

you know, you were able to

08:15

get a sense of

08:16

what it is that we're talking about, what it is we're discussing just to give you this quick learning check so we'll move on to those answers.

08:31

So for the first question, the answer is no. Zero Trust does not place an Aaron trust in user's devices applications in traffic.

08:41

Um, you'll probably get pretty familiar with the notion that zero trust networks never trust and always verify. Obviously, there's gonna be some trust that needs to be placed

08:52

on the user on the device, the application and the traffic, but not inherently. There's gonna be a lot of checks and balances when it comes to zero trust networks on number two. Does your trusty trust as a vulnerability? Yes, it does. The more trust we have in something, the more likely that we're not gonna see or detect.

09:13

Um

09:13

ah, potential threat or malicious actor. So vulnerability, um,

09:20

in terms of trust is how zero trust sees it.

09:24

And then we have for our target major bridge. This happened in 2013.

09:30

Um ah. Company that size could potentially have breaches every year because they are

09:37

for such a big target, right? But the breach that I'm reference in happened in 2013 and we did touch on that as well in the last section.