WEBVTT 1 00:00:00.200 --> 00:00:04.799 Right, So today we're diving deep into zero trust networks. 2 00:00:05.320 --> 00:00:07.879 It's this model kind of flips the script on how 3 00:00:07.919 --> 00:00:11.400 we think about network security, you know, turns that whole 4 00:00:11.480 --> 00:00:14.720 castle walls idea on its head. And our guide for 5 00:00:14.759 --> 00:00:17.679 this whole thing is Evan Gilban and Doug Bart's book 6 00:00:18.320 --> 00:00:24.000 Zero Trust Networks Building Secure Systems in untrusted trusted networks. 7 00:00:24.079 --> 00:00:27.800 You know how companies they spend so much on floer 8 00:00:27.839 --> 00:00:31.039 walls and all that to keep like the bad. 9 00:00:30.839 --> 00:00:33.759 Guys out right, keep them out? Yeah, well, zero trust, 10 00:00:33.840 --> 00:00:36.640 zero trust's different. It starts with this whole other question 11 00:00:36.960 --> 00:00:40.560 what if what if they're already in Exactly, it's a 12 00:00:40.600 --> 00:00:43.759 fundamental shift, and it is instead of just focusing on 13 00:00:43.840 --> 00:00:47.880 this strong perimeter zero trust, it kind of assumes that 14 00:00:47.920 --> 00:00:51.759 the breach has already happened, and it builds security from 15 00:00:51.799 --> 00:00:52.920 the inside out. 16 00:00:52.960 --> 00:00:56.960 So it's less fortress more or like a super secure city. 17 00:00:57.240 --> 00:00:59.439 That's a great analogy, always on guard. 18 00:01:00.880 --> 00:01:04.079 Think of it like in a zero trust network, every 19 00:01:04.319 --> 00:01:08.400 single user, every device, every application has to prove that 20 00:01:08.480 --> 00:01:12.319 it's trustworthy all the time. No more free passes just 21 00:01:12.359 --> 00:01:13.719 because you're on the internal network. 22 00:01:13.760 --> 00:01:16.040 And that's that's what really got me with this book. 23 00:01:16.200 --> 00:01:19.640 From the get go, they start with this story about 24 00:01:19.640 --> 00:01:23.359 this e commerce company. Oh yeah, they've got like all 25 00:01:23.400 --> 00:01:25.959 the bells and whistles, right or firewalls, firewalls, all these 26 00:01:25.959 --> 00:01:28.840 security zoned. But guess what they. 27 00:01:28.719 --> 00:01:29.519 Still got hacked. 28 00:01:29.719 --> 00:01:30.079 Hacked. 29 00:01:30.439 --> 00:01:35.680 Yeah, the attackers they got in they moved laterally within 30 00:01:35.719 --> 00:01:38.280 the network. Oh wow, and all their defenses they just 31 00:01:38.359 --> 00:01:41.879 didn't see it coming. It just exposes this weakness in 32 00:01:41.920 --> 00:01:43.799 the whole perimeter. 33 00:01:43.439 --> 00:01:45.920 Model, right, yeah, that assumption. 34 00:01:45.560 --> 00:01:49.400 That everything inside a zone is safe, yeah, is trustworthy? 35 00:01:49.640 --> 00:01:52.280 Yeah? Okay, I'm starting to see the problem here. Yeah, 36 00:01:52.280 --> 00:01:55.519 but like how does this how does zero trust actually work? 37 00:01:55.760 --> 00:01:56.000 You know? 38 00:01:56.959 --> 00:02:00.599 Well, at its core, zero trust it boils down to 39 00:02:00.640 --> 00:02:06.439 three man things user and application authentication, device authentication, and trust. 40 00:02:07.599 --> 00:02:10.360 But before we like dive into the technical stuff, we 41 00:02:10.400 --> 00:02:12.240 do to understand the philosophy behind it. 42 00:02:12.319 --> 00:02:14.439 Okay, I know, I like where this is going a 43 00:02:14.439 --> 00:02:16.159 little philosophy, I'm in. 44 00:02:16.719 --> 00:02:21.319 So, where does trust actually begin in a zero trust system? Okay, 45 00:02:21.520 --> 00:02:25.840 Well it starts with us humans, We as the operators, 46 00:02:26.000 --> 00:02:29.560 were the like the first source of trust, you know, 47 00:02:29.879 --> 00:02:32.280 and from there that trust it kind of flows down 48 00:02:32.319 --> 00:02:37.039 to our systems our applications through a whole chain of things, 49 00:02:37.080 --> 00:02:41.319 like especially digital certificates. Think of it like a chain 50 00:02:41.360 --> 00:02:46.199 of command where every single link is really carefully vetted. 51 00:02:46.360 --> 00:02:51.719 Okay, so you're saying our human trust gets like translated 52 00:02:51.840 --> 00:02:56.479 translated into this technical chain of trust like certificates. 53 00:02:56.639 --> 00:03:01.560 Exactly. So these certificates they're issued by these really carefully 54 00:03:01.719 --> 00:03:03.960 vetted certificate authorities. 55 00:03:04.159 --> 00:03:04.439 Right. 56 00:03:04.520 --> 00:03:07.879 So they're like digital passports. They vouch for, you know, 57 00:03:07.960 --> 00:03:12.840 the identity of users, devices, application. But it's not like 58 00:03:13.199 --> 00:03:15.639 set it and forget it, right. You know, we're always 59 00:03:15.680 --> 00:03:19.400 checking these certificates making sure they're still valid, haven't been 60 00:03:19.840 --> 00:03:21.039 you know, messed with. 61 00:03:21.120 --> 00:03:24.240 Right, because things change exactly. That's where that that whole 62 00:03:24.280 --> 00:03:26.919 idea of a web of trust comes in, right, Like 63 00:03:26.960 --> 00:03:30.199 instead of just having one central authority. 64 00:03:29.919 --> 00:03:34.680 Right, we've got this whole interconnected network of trust relationships. 65 00:03:34.680 --> 00:03:38.159 It's it's kind of like this complex ecosystem where trust 66 00:03:38.240 --> 00:03:41.879 is constantly being evaluated and reevaluated based on like a 67 00:03:41.879 --> 00:03:42.960 bunch of different factors. 68 00:03:42.960 --> 00:03:44.520 That's like a living breathing. 69 00:03:44.360 --> 00:03:45.719 Yeah, yeah, exactly. 70 00:03:45.719 --> 00:03:48.439 Okay, this is this is making more sense now, good, 71 00:03:48.759 --> 00:03:51.919 But I got to ask, how do you know which 72 00:03:51.960 --> 00:03:56.159 threats prioritize. I mean, there's so many out there, so many. 73 00:03:56.240 --> 00:03:58.639 Yeah, So that's where threat modeling comes in. Okay, It's 74 00:03:58.759 --> 00:04:02.560 it's key for any zero trust implementation. It helps us 75 00:04:02.560 --> 00:04:06.479 figure out who's most likely to attack us, what their 76 00:04:06.520 --> 00:04:09.240 tactics are going to be, so we can, you know, 77 00:04:09.400 --> 00:04:10.759 focus our defenses. 78 00:04:11.000 --> 00:04:14.439 So instead of trying to defend against like every possible 79 00:04:14.479 --> 00:04:17.079 thing under the sun, everything, you focus on what's. 80 00:04:17.120 --> 00:04:19.279 What's most likely most likely exactly. 81 00:04:19.279 --> 00:04:23.959 But then wouldn't that leave you open to less common attacks? 82 00:04:24.319 --> 00:04:28.040 Not necessarily. Remember we're always watching, always adapting, right, So 83 00:04:28.360 --> 00:04:32.399 while we may prioritize certain threats, we still got stuff 84 00:04:32.439 --> 00:04:36.560 in place to catch those unexpected things. It's all about 85 00:04:36.600 --> 00:04:39.240 balancing risk and resources. 86 00:04:39.279 --> 00:04:42.079 You know, it makes sense. Okay, So let's say you've got, 87 00:04:42.160 --> 00:04:45.560 like you've figured out your top threats. How do you 88 00:04:45.639 --> 00:04:51.920 actually verify someone is who they say they are. 89 00:04:52.199 --> 00:04:53.079 That's a good question. 90 00:04:53.199 --> 00:04:54.600 That's where authentication comes. 91 00:04:54.399 --> 00:04:57.560 In exactly, and all those mechanisms, especially in a zero 92 00:04:57.600 --> 00:05:01.000 trust environment, we can't just rely on on like simple 93 00:05:01.040 --> 00:05:05.360 passwords anymore, right, right, We need we need strong stuff 94 00:05:05.839 --> 00:05:08.519 that can really stand up to sophisticated attacks. 95 00:05:08.800 --> 00:05:13.800 So are we talking about like layering those classic authentication factors. 96 00:05:13.879 --> 00:05:17.759 Oh yeah, like something you know, likeword, passwords, something you 97 00:05:17.839 --> 00:05:21.079 have token, yeah, like a token or something and something 98 00:05:21.120 --> 00:05:24.439 your are, biometric, biometrics, the whole shebang, the whole the 99 00:05:24.480 --> 00:05:25.399 whole thing, you got it. 100 00:05:25.759 --> 00:05:30.680 And combining them that's essential, right, multi factor authentication, multi 101 00:05:30.720 --> 00:05:34.600 factor that's that's key because it ensures that even if 102 00:05:34.680 --> 00:05:38.319 you know, one factor gets compromised, the attackers still can't 103 00:05:38.319 --> 00:05:38.759 get in. 104 00:05:38.759 --> 00:05:41.120 Can't get in. But I could see that being a 105 00:05:41.160 --> 00:05:47.360 real pain for users, like constantly having to enter passwords 106 00:05:47.399 --> 00:05:49.519 and scan your fingerprint or whatever. 107 00:05:49.680 --> 00:05:52.600 Right, Yeah, it's it's a challenge, you know, And that's 108 00:05:52.639 --> 00:05:55.959 where good design and user education comes in. We need 109 00:05:56.000 --> 00:05:59.120 to you know, implement authentication in a way that. 110 00:05:59.240 --> 00:06:02.199 That makes it easy, yeah, easy for users, but hard. 111 00:06:02.279 --> 00:06:04.680 The hard for the bad guys, for the bad guys. Okay, 112 00:06:04.720 --> 00:06:08.319 And remember it's not about like making it impossible for 113 00:06:08.399 --> 00:06:11.560 people to work, right, It's about making it really really 114 00:06:11.600 --> 00:06:12.439 hard for those. 115 00:06:12.279 --> 00:06:14.759 Attackers to take advantage. 116 00:06:14.319 --> 00:06:15.959 To exploit any weakness, right. 117 00:06:16.160 --> 00:06:19.519 Right, So it's like strong authentications kind of like that 118 00:06:19.759 --> 00:06:22.480 the front line line of defense. Yeah, and the zero 119 00:06:22.560 --> 00:06:25.560 trust network. But what about all the stuff. 120 00:06:25.439 --> 00:06:27.040 The stuff behind the scenes. 121 00:06:26.759 --> 00:06:29.839 The servers and applications all that. How do you secure 122 00:06:29.879 --> 00:06:30.199 all that? 123 00:06:30.480 --> 00:06:34.519 So that's where device identity becomes really important. Like, you know, 124 00:06:34.720 --> 00:06:37.959 just like users devices, they need to be authenticated too, 125 00:06:38.199 --> 00:06:41.240 so we know they're legitimate, legitimate. 126 00:06:42.279 --> 00:06:44.480 Haven't been messed with. And certificates are part of this too. 127 00:06:44.560 --> 00:06:45.920 Oh yeah, they're key here. 128 00:06:46.279 --> 00:06:48.800 So it's like each server gets its own. 129 00:06:48.680 --> 00:06:50.800 Little digital ID card, digital. 130 00:06:50.519 --> 00:06:54.680 ID card, I like that. But those certificates have those 131 00:06:54.759 --> 00:06:58.160 private keys, right right, Yeah, how do you keep those safe? 132 00:06:58.399 --> 00:07:01.759 That's where hardware security modules or HSMs come in. 133 00:07:02.000 --> 00:07:02.800 HSMs. 134 00:07:02.879 --> 00:07:06.759 Yeah, think of them like these tiny super secure vaults. Okay, 135 00:07:06.959 --> 00:07:08.519 designed to protect those keys. 136 00:07:08.920 --> 00:07:09.120 You know. 137 00:07:09.360 --> 00:07:13.720 One common type is a TPM Trusted Platform Module, which 138 00:07:13.759 --> 00:07:15.800 is often like built right into the computer. 139 00:07:16.519 --> 00:07:19.439 So it's like it's like giving each server a little 140 00:07:19.439 --> 00:07:21.839 bodyguards for its secrets. 141 00:07:21.839 --> 00:07:23.319 It's most valuable secrets. 142 00:07:23.560 --> 00:07:25.959 Yeah, okay, this is all starting to click. Good, But 143 00:07:26.040 --> 00:07:28.120 how does this play out in the real world, Like, 144 00:07:28.199 --> 00:07:31.279 are there companies actually doing this at scale? 145 00:07:31.399 --> 00:07:36.160 Absolutely? In fact, Google's beyond COREP initiative. It's a prime 146 00:07:36.199 --> 00:07:40.959 example of zero trust in action. Okay, they took this 147 00:07:41.079 --> 00:07:45.439 really radical approach. They basically treated their internal network like 148 00:07:45.519 --> 00:07:46.519 the public Internet. 149 00:07:47.240 --> 00:07:48.759 So they just decided to ditch. 150 00:07:49.040 --> 00:07:54.439 Basically, they said, it's inherently untrusted the whole perimeter the 151 00:07:54.560 --> 00:07:55.480 public Internet. 152 00:07:55.560 --> 00:07:56.079 That's bold. 153 00:07:56.560 --> 00:08:00.839 It was. It was a huge undertaking, but the recognized 154 00:08:00.879 --> 00:08:04.519 that the traditional approach just it wasn't working anymore. You know. 155 00:08:04.720 --> 00:08:08.839 They needed a new way to secure their their massive network, 156 00:08:09.319 --> 00:08:10.319 their applications. 157 00:08:10.319 --> 00:08:11.920 So how did they actually do it? I mean, I'm 158 00:08:11.959 --> 00:08:13.759 guessing it wasn't just like a flip a switch. 159 00:08:14.439 --> 00:08:18.560 They developed a system that verifies the user and the 160 00:08:18.639 --> 00:08:22.839 device before it grants access to any of the applications. 161 00:08:23.360 --> 00:08:28.000 So it's like every request goes through airport level security 162 00:08:28.240 --> 00:08:29.600 no matter where it's coming from. 163 00:08:29.759 --> 00:08:35.120 Wow. So like no more just scrolling through the employee entrance. 164 00:08:35.759 --> 00:08:39.279 Everyone gets the full everyone gets checked checked. But Google 165 00:08:39.399 --> 00:08:40.240 is Google. 166 00:08:40.360 --> 00:08:41.519 They have the resources. 167 00:08:41.559 --> 00:08:43.759 What about companies that don't have that. 168 00:08:43.759 --> 00:08:46.759 Don't have Google sized resources. It can still be done. 169 00:08:47.279 --> 00:08:50.879 A great example is Page your Duty. A smaller company, 170 00:08:50.960 --> 00:08:54.879 they took a more pragmatic approach, so instead of building 171 00:08:54.919 --> 00:09:01.000 everything from scratch, they used their existing configuration management system, 172 00:09:01.480 --> 00:09:06.799 which was CHEF, to implement those core zero trust principles. 173 00:09:06.840 --> 00:09:10.399 So they like use the tools they already had. Yes, 174 00:09:10.799 --> 00:09:15.320 they start building out that framework. Okay, that's that's encouraging 175 00:09:15.759 --> 00:09:18.320 for companies that are, you know, maybe a little intimidated 176 00:09:18.320 --> 00:09:18.679 by all of. 177 00:09:18.720 --> 00:09:23.200 This intimidating they do. So they focused on dynamically calculating 178 00:09:23.240 --> 00:09:29.240 and enforcing firewall rules on individual hosts. Okay, creating this 179 00:09:29.440 --> 00:09:34.000 like micro segmentation, you know, within their network. It's like 180 00:09:34.120 --> 00:09:38.120 building many fortresses, many fortresses around each of those. 181 00:09:37.960 --> 00:09:40.879 Assets, around each one. Yeah. I like that. I'm curious 182 00:09:40.960 --> 00:09:43.240 how did they, like, how did they deal with encryption? 183 00:09:44.120 --> 00:09:48.080 Yeah, so they were smart about it. They prioritized out 184 00:09:48.080 --> 00:09:52.399 of process encryption. Okay, so that means they separated the 185 00:09:52.480 --> 00:09:54.440 encryption from the application, from. 186 00:09:54.320 --> 00:09:56.600 The applications themselves instead each application. 187 00:09:56.840 --> 00:10:01.720 Yeah, they created this dedicated security. It's a much more 188 00:10:01.840 --> 00:10:07.320 centralized and standardized approach, which makes things more secure. 189 00:10:06.960 --> 00:10:10.879 More secure. This is all super fascinating. So we've seen 190 00:10:10.919 --> 00:10:15.240 how like zero trust can be done by by big 191 00:10:15.279 --> 00:10:18.279 companies and mall companies. Yeah, it seems like there's more 192 00:10:18.320 --> 00:10:21.120 to dig into here. Absolutely, What are some of the 193 00:10:21.360 --> 00:10:25.240 like the deeper implications of this whole approach. 194 00:10:25.759 --> 00:10:28.200 Yeah, you're right, we're just scratching the surface here. Zero 195 00:10:28.240 --> 00:10:31.559 trust it's not just tech. It's a way of thinking 196 00:10:31.559 --> 00:10:33.840 about security. 197 00:10:33.200 --> 00:10:35.440 You know. Okay, and that's where it gets interesting. 198 00:10:35.480 --> 00:10:36.440 It's interesting. 199 00:10:36.720 --> 00:10:40.679 Hold on to that thought. We'll be right back, be 200 00:10:40.840 --> 00:10:44.440 right back after a quick break, quick break to really 201 00:10:44.600 --> 00:10:49.200 dive into the world of zero trust networks. 202 00:10:49.279 --> 00:10:50.639 Zero trust networks. 203 00:10:50.679 --> 00:10:52.960 All right, So before the break for the break, we 204 00:10:53.000 --> 00:10:56.600 were talking about how zero trust it's more than just 205 00:10:56.679 --> 00:10:57.159 the tech. 206 00:10:57.480 --> 00:11:01.279 Yeah, it's it's a whole different way of thinking about security. 207 00:11:01.399 --> 00:11:04.000 Yeah, like a whole whole new mindset exactly. 208 00:11:04.039 --> 00:11:07.399 And that that mindset, it leads to some interesting questions 209 00:11:07.440 --> 00:11:10.320 like how do you measure trust in a in a 210 00:11:10.399 --> 00:11:11.200 digital world. 211 00:11:11.320 --> 00:11:13.240 It's not like you can I can look someone in 212 00:11:13.240 --> 00:11:15.440 the eye exactly, So how. 213 00:11:15.279 --> 00:11:18.519 Do you how do you even start building trust? Yeah, 214 00:11:18.559 --> 00:11:20.919 well you gotta look for clues, okay, what we call 215 00:11:21.039 --> 00:11:22.000 trust signals. 216 00:11:22.200 --> 00:11:22.960 Trust signals. 217 00:11:23.080 --> 00:11:27.960 Yeah, so these are like bits of information that help 218 00:11:28.039 --> 00:11:32.200 us kind of paint a picture of how trustworthy a 219 00:11:32.360 --> 00:11:34.559 user or a device actually is. 220 00:11:34.799 --> 00:11:36.480 Okay, you know. So it's it's like. 221 00:11:36.480 --> 00:11:38.000 Being a digital detective. 222 00:11:38.159 --> 00:11:39.919 A digital detective. Yeah, I like that. 223 00:11:40.000 --> 00:11:44.360 Yeah, we're looking for patterns, anomalies, you know, anything that 224 00:11:44.399 --> 00:11:47.080 looks kind of strange. Like let's say someone tries to 225 00:11:47.120 --> 00:11:49.879 log in from a country they've never been to before. 226 00:11:50.120 --> 00:11:50.960 That's a red flag. 227 00:11:51.399 --> 00:11:52.519 That would be a red yeah. 228 00:11:52.559 --> 00:11:55.000 Yeah. Yeah. Or if or if a user suddenly starts 229 00:11:55.039 --> 00:11:58.480 accessing all these files exactly that they've never touched before, 230 00:11:58.679 --> 00:12:00.879 match before. Yeah, that's that's a little fishy. 231 00:12:01.000 --> 00:12:01.879 That summs up. 232 00:12:02.039 --> 00:12:02.519 Yeah. 233 00:12:02.600 --> 00:12:06.440 We also look at things like you know, device. 234 00:12:06.120 --> 00:12:08.600 Posture, device posture, Yeah, like. 235 00:12:09.159 --> 00:12:12.559 Is the device like up to date, is it patched, 236 00:12:12.879 --> 00:12:18.000 you know, is it running non malware known malware? Yeah, 237 00:12:18.080 --> 00:12:20.840 the more of these trust signals, we can get better, 238 00:12:20.919 --> 00:12:23.320 we can assess assess the risk. 239 00:12:24.000 --> 00:12:27.320 But wouldn't all this create a ton of false alarms? 240 00:12:27.679 --> 00:12:27.960 You know? 241 00:12:28.320 --> 00:12:29.919 That's a good point, Like what if I'm. 242 00:12:29.799 --> 00:12:31.759 Just traveling for work, and right if you need to 243 00:12:32.000 --> 00:12:35.600 and I need to access these files from this new location, right. 244 00:12:35.559 --> 00:12:37.960 Yeah, that's why we need to find that balance, okay, 245 00:12:38.559 --> 00:12:42.559 between security and usability. 246 00:12:42.840 --> 00:12:42.960 Right. 247 00:12:43.120 --> 00:12:45.279 We don't want to lock people out for no reason, 248 00:12:45.360 --> 00:12:49.480 for legitimate reasons. Yeah, So that's where things like machine 249 00:12:49.559 --> 00:12:53.600 learning and AI come in. Okay, they can analyze huge 250 00:12:53.639 --> 00:12:58.919 amounts of data find those subtle patterns anomalies that we might. 251 00:12:58.879 --> 00:13:02.440 Miss right, So it's not just about blindly blocking, yeah, 252 00:13:02.480 --> 00:13:04.080 blindly blocking anything. 253 00:13:03.799 --> 00:13:06.639 Anything that looks a little off. It's about being smart, 254 00:13:06.919 --> 00:13:09.679 using technology to be smart exactly. And you know, at 255 00:13:09.720 --> 00:13:12.120 the end of the day, humans are still a big 256 00:13:12.159 --> 00:13:12.600 part of this. 257 00:13:12.840 --> 00:13:13.120 Okay. 258 00:13:13.240 --> 00:13:16.559 You know, the system can analyze all the data it 259 00:13:16.639 --> 00:13:21.480 wants flag those potential problems, but ultimately it's up to 260 00:13:21.639 --> 00:13:24.559 us security professional to make. 261 00:13:24.440 --> 00:13:27.480 The call, to make the decision. Yeah. Okay, So so 262 00:13:27.519 --> 00:13:34.639 we've got this system verifying identities, gathering all these trust signals, yeah, making. 263 00:13:34.440 --> 00:13:38.120 Decisions decisions about access, about access exactly, how do we 264 00:13:38.159 --> 00:13:41.080 actually like, how do we build it, build this, put 265 00:13:41.080 --> 00:13:41.679 it all together? 266 00:13:41.840 --> 00:13:42.480 Yeah. 267 00:13:42.759 --> 00:13:48.639 So the book recommends starting with a prioritize list, okay 268 00:13:48.720 --> 00:13:51.799 of key things to consider. Okay, you can't do everything 269 00:13:51.840 --> 00:13:53.840 all at once, right right, right, You focus on the 270 00:13:53.840 --> 00:13:57.840 most critical stuff first. You know, for most organizations, it's 271 00:13:58.039 --> 00:14:00.639 a journey. It's a journey, not a sprint, not a sprint. 272 00:14:00.679 --> 00:14:05.919 Okay. So, like like building a house, like building a house, 273 00:14:06.080 --> 00:14:08.759 start with the foundation and then you go from there. 274 00:14:08.840 --> 00:14:12.360 Yeah, okay, so what are some of those those foundation 275 00:14:13.039 --> 00:14:15.440 pieces for a zero trust network? 276 00:14:15.720 --> 00:14:19.519 Okay, So one of the like the most important things, Yeah, 277 00:14:19.919 --> 00:14:24.720 is that everything, every every network flow has to be 278 00:14:24.799 --> 00:14:28.279 authenticated before it's even processed. Okay. So that means like 279 00:14:28.480 --> 00:14:29.399 you're checking. 280 00:14:29.159 --> 00:14:31.200 We're verifying the center. 281 00:14:31.320 --> 00:14:33.840 And the receiver of every single. 282 00:14:33.639 --> 00:14:36.120 Every single packet of data. So you're not just some 283 00:14:36.200 --> 00:14:40.039 more trusting trust because it's inside yeah yeah, yeah, okay, 284 00:14:40.159 --> 00:14:43.720 zero trust. It gets rid of that assumption, okay, okay. 285 00:14:43.759 --> 00:14:47.799 So another key point is that you're authentication Okay, it 286 00:14:47.840 --> 00:14:53.639 shouldn't rely on public PKI providers public key. Yeah. Instead, 287 00:14:54.360 --> 00:14:58.279 we should use our own private PKI system. Man, it's 288 00:14:58.320 --> 00:15:01.440 all that, yeah, to manage all of our certificates and keys. 289 00:15:01.559 --> 00:15:04.960 So you're you're basically saying, like we control our arm 290 00:15:04.960 --> 00:15:07.000 we have to control our own desktomys cystany. 291 00:15:07.120 --> 00:15:11.639 Yeah, we can't rely on on someone else, right, someone 292 00:15:11.679 --> 00:15:13.480 that we don't totally control. 293 00:15:13.360 --> 00:15:17.879 Right, Right. And then and then of course there's encryption. Encryption, Yeah, 294 00:15:18.159 --> 00:15:18.759 gotta have. 295 00:15:18.799 --> 00:15:22.759 Gotta have encryption. Encryption, everything at rest in transit, it 296 00:15:22.799 --> 00:15:24.000 all needs to be encrypted. 297 00:15:24.360 --> 00:15:27.519 It's like that dead armor. It's the armor that protects the. 298 00:15:27.519 --> 00:15:30.200 Data even if it falls into the wrong hands. 299 00:15:30.200 --> 00:15:33.720 Right, but doesn't doesn't all that encryption slow things down? Yeah, 300 00:15:33.840 --> 00:15:37.759 slow things down, especially in in like large networks. 301 00:15:38.480 --> 00:15:41.639 Yeah, it's a concern. But the thing is modern encryption. Yeah, 302 00:15:41.679 --> 00:15:44.039 it's much more efficient than it used to be, and 303 00:15:44.559 --> 00:15:47.840 the cost of a data breach, oh yeah, way outweighs 304 00:15:48.120 --> 00:15:51.279 any performance hit that we might see from encryption. Plus 305 00:15:51.320 --> 00:15:56.440 there's there's techniques okay, like hardware accelerated encryption to help 306 00:15:56.480 --> 00:15:59.519 with that to kind of minimize that that overhead. 307 00:15:59.600 --> 00:16:04.120 Okay, so encryption is a must have. What else, like, 308 00:16:04.320 --> 00:16:07.080 so another thing companies prioritize is a. 309 00:16:06.919 --> 00:16:09.480 Really detailed system diagram. 310 00:16:09.639 --> 00:16:10.039 Okay. 311 00:16:10.120 --> 00:16:15.600 It helps you really see the network, identify any any 312 00:16:15.799 --> 00:16:19.679 gaps in security, and prioritize what you need to do. 313 00:16:21.320 --> 00:16:22.559 Give me a big. 314 00:16:22.360 --> 00:16:24.159 Task, like a huge undertaking. 315 00:16:24.279 --> 00:16:29.000 Especially organizations are large organizations, organization with networks, Like. 316 00:16:28.919 --> 00:16:29.799 Where do you even start? 317 00:16:29.960 --> 00:16:35.240 You start by by identifying every single device, every application, all. 318 00:16:35.120 --> 00:16:37.279 Those data flows within the network. 319 00:16:36.960 --> 00:16:40.159 Within the network. It can be overwhelming a lot. Yeah, 320 00:16:40.759 --> 00:16:43.720 but there are tools to help you know, automate that. 321 00:16:43.919 --> 00:16:46.000 Okay, So you're not saying like we got to like 322 00:16:46.200 --> 00:16:49.440 no pen and paper, pen and paper map the whole network. 323 00:16:49.080 --> 00:16:52.320 Out, No, no, no, there's there's network discovery tools and 324 00:16:52.399 --> 00:16:56.519 asset management solutions to help you create that inventory. 325 00:16:56.639 --> 00:16:58.200 So you've got your diagram. 326 00:16:58.080 --> 00:17:00.799 Diagram, then you need to figure out all those network flows, 327 00:17:01.320 --> 00:17:03.879 you know, document what they're supposed to be doing, who's 328 00:17:03.879 --> 00:17:08.000 supposed to be talking to who, and why. That information 329 00:17:08.640 --> 00:17:13.279 it's crucial for creating those granular policies that control access 330 00:17:13.319 --> 00:17:17.480 to your in a world that's that's constantly changing. 331 00:17:17.519 --> 00:17:22.119 Dynamic and always changing. Wouldn't that be like impossible to 332 00:17:22.200 --> 00:17:22.799 keep track of? 333 00:17:22.920 --> 00:17:24.880 Oh, it would be it would be impossible to do 334 00:17:24.920 --> 00:17:28.279 it manually. Right, That's that's where automation comes in. Automation 335 00:17:28.599 --> 00:17:29.079 comes in. 336 00:17:29.839 --> 00:17:30.680 You know, we. 337 00:17:30.559 --> 00:17:36.640 Need tools they help us that can automatically discover, monitor, 338 00:17:36.839 --> 00:17:39.119 and force all those policies. 339 00:17:39.119 --> 00:17:41.920 So it's like having like an army of an army 340 00:17:41.960 --> 00:17:43.759 of little digital security guards. 341 00:17:43.519 --> 00:17:49.359 Digital security guards patrolling making sure everything's in check in check. 342 00:17:49.440 --> 00:17:49.680 Yeah. 343 00:17:49.720 --> 00:17:53.880 Configuration management systems like the one page your duty used, 344 00:17:54.519 --> 00:17:56.079 they can they can really help here. 345 00:17:56.279 --> 00:18:01.400 They help ensure that all the devices configured directly, insistently, 346 00:18:01.839 --> 00:18:02.480 and then the. 347 00:18:02.480 --> 00:18:06.599 Security policies are across the board, across the entire network. Right. Okay, 348 00:18:06.680 --> 00:18:10.119 so we got a plan. We have plan for building. 349 00:18:10.359 --> 00:18:14.960 Infrastructure for structure right, what about the people, you know, 350 00:18:16.079 --> 00:18:18.119 the human element, the humans. 351 00:18:18.720 --> 00:18:21.359 How do we get them on board, on board with 352 00:18:21.480 --> 00:18:24.920 all of this? You're right, that's that's critical because change 353 00:18:24.960 --> 00:18:25.519 is hard. 354 00:18:25.559 --> 00:18:28.599 Change is hard. User education and training. 355 00:18:29.119 --> 00:18:31.480 Okay, so important any of this, Yes. 356 00:18:31.359 --> 00:18:34.279 Especially for something like zero trust. You know, we need 357 00:18:34.319 --> 00:18:39.680 to explain to people why this matters, how it helps them, 358 00:18:40.119 --> 00:18:42.880 how it's going to like affect their day to day work. 359 00:18:43.039 --> 00:18:46.559 So instead of just like throwing a bunch of rules 360 00:18:46.559 --> 00:18:47.720 at them and saying, like, do. 361 00:18:47.640 --> 00:18:49.839 It to it, we got to bring them along. You've 362 00:18:49.839 --> 00:18:50.440 got to bring. 363 00:18:50.400 --> 00:18:53.079 Them along, bring them along, and it's not it's not 364 00:18:53.119 --> 00:18:57.640 a one time thing. You've got to constantly reinforce the 365 00:18:57.640 --> 00:19:02.640 importance of security, provide updates on new threats, best practices, 366 00:19:03.119 --> 00:19:06.519 and make sure the systems are actually designed with the 367 00:19:06.640 --> 00:19:08.200 user in mind, because. 368 00:19:07.920 --> 00:19:10.079 If it's too hard to use, they're going to find 369 00:19:10.119 --> 00:19:10.839 ways around it. 370 00:19:10.960 --> 00:19:12.920 Exactly. We've got to find that. 371 00:19:12.799 --> 00:19:14.119 Sweet spot, sweet spot. 372 00:19:14.279 --> 00:19:18.319 Yeah, Okay, between security and usability. People need to understand 373 00:19:18.640 --> 00:19:22.839 that this isn't about spying on them making their lives hard. 374 00:19:23.119 --> 00:19:28.160 It's about protecting everyone, protecting everyone all these new threats, right. Yeah, Okay, 375 00:19:28.160 --> 00:19:32.599 so we've covered like a lot of ground here we have. 376 00:19:32.759 --> 00:19:35.680 From the very basics of zero trust, like how do 377 00:19:35.720 --> 00:19:37.119 you actually do what? 378 00:19:37.240 --> 00:19:39.920 How do you implement it? Right? But no security is 379 00:19:40.119 --> 00:19:41.440 like perfect, It's. 380 00:19:41.240 --> 00:19:44.400 True, nothing's fool proof. In fact, the book actually spends 381 00:19:44.400 --> 00:19:48.839 a whole chapter looking at zero trust from the attacker's perspective. 382 00:19:49.039 --> 00:19:50.880 Okay, so let's let's put on our black hats. 383 00:19:50.960 --> 00:19:51.480 Let's do it. 384 00:19:51.720 --> 00:19:53.960 If if we were going to try to attack a 385 00:19:54.079 --> 00:19:56.599 zero trust network, what would we look for. 386 00:19:57.799 --> 00:20:01.880 Well, one thing that could be a weakness is complexity. 387 00:20:02.039 --> 00:20:05.359 The more moving parts you have, the more chances there 388 00:20:05.400 --> 00:20:06.680 are for something to go wrong. 389 00:20:07.119 --> 00:20:10.000 So like a firewall rule. 390 00:20:09.960 --> 00:20:14.119 Yeah, a misconfigured firewall rule, or a certificate that's been 391 00:20:14.480 --> 00:20:18.880 you know, compromise, compromise that could create. 392 00:20:18.599 --> 00:20:20.599 A vulnerability that someone could sneak through. 393 00:20:20.519 --> 00:20:23.920 That an attacker could exploit r exactly. So that's why 394 00:20:24.200 --> 00:20:27.759 testing and constant monitoring are so important. 395 00:20:27.920 --> 00:20:28.680 Always got to be. 396 00:20:28.680 --> 00:20:31.759 You've got to be vigilant, always on the lookout for 397 00:20:31.839 --> 00:20:32.680 any signs of. 398 00:20:32.640 --> 00:20:36.960 Weakness or compromise or compromise. Yeah. Another challenge I could 399 00:20:37.000 --> 00:20:39.759 see is like how it impacts the users. 400 00:20:40.079 --> 00:20:41.119 Yeah, that's a good point. 401 00:20:41.279 --> 00:20:44.079 You know, if you're always check in every little thing. 402 00:20:44.160 --> 00:20:47.119 If we're verifying every action, requiring. 403 00:20:46.599 --> 00:20:51.160 All this multi factor multi factoration authentication. 404 00:20:50.400 --> 00:20:54.160 Yeah, I could definitely slow people down, create some friction 405 00:20:54.279 --> 00:20:55.079 in their workflow. 406 00:20:56.000 --> 00:20:59.680 So it's it's that balance again, It's that balance security, 407 00:21:00.000 --> 00:21:04.079 security and usability, usability. We got to find that sweet spot, 408 00:21:04.200 --> 00:21:08.200 that sweet spot. And let's not forget about cost. The cost. 409 00:21:08.400 --> 00:21:11.759 It's expensive, all this hardware of self works, all of that. 410 00:21:11.799 --> 00:21:15.160 You need, you need resources, you need people. Right, it 411 00:21:15.160 --> 00:21:18.799 can be a significant investment. But remember they don't have 412 00:21:18.880 --> 00:21:21.839 to do everything at once. Okay, you know, start small, 413 00:21:22.359 --> 00:21:26.440 focus on your your most important stuff, you know, your 414 00:21:26.599 --> 00:21:30.359 your crown jewels, your crown jewels, and expand from there. 415 00:21:30.480 --> 00:21:33.480 So it's it's not like all or nothing exactly. 416 00:21:33.880 --> 00:21:39.599 It's about taking a strategic approach, you know, prioritizing based 417 00:21:39.640 --> 00:21:40.400 on what you need. 418 00:21:40.599 --> 00:21:42.680 You need resource resources. 419 00:21:42.359 --> 00:21:44.640 And there are ways to leverage what you already have 420 00:21:45.279 --> 00:21:46.759 right to help with the cost. 421 00:21:47.039 --> 00:21:52.279 Okay, so we've talked about like the potential downsides downside, 422 00:21:52.319 --> 00:21:54.960 but there's there's a lot of benefits. 423 00:21:55.000 --> 00:21:57.559 Oh yeah, tons of benefits to zero trust. It's a 424 00:21:57.680 --> 00:22:02.799 much stronger, more resilient security model. Just then the traditional 425 00:22:02.880 --> 00:22:06.799 like perimeter based approach. It helped reduce the attack surface. 426 00:22:06.519 --> 00:22:10.319 Limit like the damage if if there is a breach 427 00:22:10.519 --> 00:22:12.319 exactly improves data protection. 428 00:22:12.480 --> 00:22:15.720 It enhances data protection overall. Yeah, and especially as we 429 00:22:15.759 --> 00:22:20.279 move towards more cloud computing, more mobile devices, remote work, 430 00:22:20.519 --> 00:22:23.960 remote zero trust is it's becoming essential. 431 00:22:24.079 --> 00:22:27.759 Yeah, it's it's how we secure sure all our digital. 432 00:22:27.400 --> 00:22:31.119 Stuff, all our digital assets are operations, are operators a 433 00:22:31.200 --> 00:22:35.599 world where the network is is it's all blurring together, blurring. 434 00:22:36.160 --> 00:22:41.359 Okay. So as we wrap up here our deep dive, 435 00:22:41.519 --> 00:22:45.599 it's it's important to really hit home that zero trust. 436 00:22:45.759 --> 00:22:49.440 It's more than just the technology. It's all the mindset. 437 00:22:49.720 --> 00:22:52.119 It's about moving away from that idea. 438 00:22:51.799 --> 00:22:55.079 Of a trusted perimeter. Yeah, you know, it's about embracing 439 00:22:55.119 --> 00:23:00.359 the fact that threats can come from anywhere, anywhere inside 440 00:23:00.839 --> 00:23:01.720 the company. 441 00:23:01.640 --> 00:23:05.519 Your organization. You've got to verify everything. Don't trust anything, 442 00:23:05.559 --> 00:23:06.839 blindly trust nothing. 443 00:23:06.960 --> 00:23:10.000 Build security, Build security from the inside out, from. 444 00:23:09.880 --> 00:23:12.759 The inside out. Yeah, and it's it's understanding that securities. 445 00:23:12.839 --> 00:23:14.079 It's not a one time fix. 446 00:23:14.279 --> 00:23:15.079 It's ongoing. 447 00:23:15.240 --> 00:23:16.079 It's a process. 448 00:23:16.119 --> 00:23:18.720 You got adapt, adapt, you got to improve all the 449 00:23:18.759 --> 00:23:22.759 time always. Okay, So for the listener out there who 450 00:23:22.839 --> 00:23:27.039 might be feeling a little little overwhelmed by all that's 451 00:23:27.440 --> 00:23:29.920 what's like the one thing they should take away. 452 00:23:30.920 --> 00:23:34.880 You know, just start somewhere, Start somewhere. You don't have 453 00:23:34.920 --> 00:23:38.000 to do everything all at once. Okay, start with your 454 00:23:38.000 --> 00:23:42.359 most critical assets, secure those first, and then go from there. 455 00:23:42.519 --> 00:23:44.440 Iterate, iterate, and build it up. 456 00:23:44.559 --> 00:23:48.359 Build up your zero trust posture over time, over time. 457 00:23:48.440 --> 00:23:51.720 And remember it's a journey, not a race. There's going 458 00:23:51.759 --> 00:23:55.559 to be bumps along the way, but the benefits they're 459 00:23:55.559 --> 00:23:58.720 worth it, zero truck. It's all about creating a more secure, 460 00:23:59.240 --> 00:24:03.319 a more resilient digital future, digital future for your organization, 461 00:24:03.440 --> 00:24:04.319 for your organization. 462 00:24:04.599 --> 00:24:08.440 Very well said, thank you. So before we wrap up completely, 463 00:24:08.480 --> 00:24:13.160 I have one final, like thought provoking question for our listeners. So, 464 00:24:13.319 --> 00:24:18.680 if you could like redesign your whole network security setup 465 00:24:18.759 --> 00:24:23.400 from scratch, from scratch, knowing, you know, knowing all this 466 00:24:23.519 --> 00:24:28.279 all this about zero trust, what what would you do differently? 467 00:24:28.519 --> 00:24:31.119 That's that's something for you to think about. Yeah, you 468 00:24:31.279 --> 00:24:34.519 think about your own organizators, think about your own like challenge, 469 00:24:34.559 --> 00:24:38.440 your own unique security challenges. You know, how could how 470 00:24:38.440 --> 00:24:43.160 could you apply these zero trust principles to make things better, stronger, stronger. 471 00:24:43.240 --> 00:24:45.599 Yeah, what what system. 472 00:24:45.240 --> 00:24:47.319 The data is? What data most important? 473 00:24:47.799 --> 00:24:50.839 What are the most likely threats you're going to face? 474 00:24:50.920 --> 00:24:51.119 Right? 475 00:24:51.640 --> 00:24:54.839 And how can you how can you build a security 476 00:24:54.839 --> 00:24:58.680 posture that that kind of assumes that. 477 00:24:58.680 --> 00:25:00.680 Those threats that they're already there. 478 00:25:00.519 --> 00:25:03.920 They might already be there lurking, lurking inside your network. 479 00:25:04.079 --> 00:25:07.359 This whole, this whole deep dive has really opened my 480 00:25:07.440 --> 00:25:09.880 eyes to how, you. 481 00:25:09.839 --> 00:25:13.200 Know, security is not just about security, is not just 482 00:25:13.200 --> 00:25:15.319 about building higher walls, higher walls. 483 00:25:15.519 --> 00:25:19.559 It's about it's about changing, changing how we think about trust, 484 00:25:20.039 --> 00:25:23.079 how we think about trust. Yeah, zero trust, it's it's 485 00:25:23.119 --> 00:25:24.759 a journey, a journey, not a. 486 00:25:25.319 --> 00:25:26.119 Not a destination. 487 00:25:26.319 --> 00:25:33.000 It's it's constantly vigilance, adaptation, a willingness to like challenge 488 00:25:33.039 --> 00:25:35.359 what you think you know. But if you do it, 489 00:25:35.759 --> 00:25:37.599 you'll create a more secure. 490 00:25:37.519 --> 00:25:40.200 And resilient and resilient digital future. 491 00:25:39.960 --> 00:25:40.640 Digital future. 492 00:25:40.680 --> 00:25:44.279 I think I think we've really, we've really gone deep 493 00:25:44.440 --> 00:25:49.160 into this whole wars zero Trust, the world of zero Trust. Yeah, 494 00:25:49.200 --> 00:25:52.359 and you know, thanks to Gilman and Barth, Gilman and 495 00:25:52.400 --> 00:25:53.799 Barth for writing that. 496 00:25:53.720 --> 00:25:55.000 For that awesome book. 497 00:25:55.079 --> 00:25:55.880 It's a great book. 498 00:25:56.319 --> 00:25:58.599 And to you listener, thanks for coming along with us. 499 00:25:58.640 --> 00:26:00.680 Thanks for joining us this deep dive. 500 00:26:00.759 --> 00:26:03.200 On this deep dive, we hope you got some some 501 00:26:03.240 --> 00:26:04.079 good stuff out of it. 502 00:26:04.160 --> 00:26:05.319 Yeah, some good stuff out of it. 503 00:26:05.359 --> 00:26:06.599 Maybe maybe some. 504 00:26:07.359 --> 00:26:09.440 Uhha moments, aha moments. 505 00:26:09.640 --> 00:26:13.160 Remember the best way to learn is to keep exploring, 506 00:26:13.359 --> 00:26:14.480 keep asking those questions. 507 00:26:14.599 --> 00:26:17.519 Keep asking questions, push those boundaries, push the boundaries. 508 00:26:18.000 --> 00:26:24.319 So until next time, stay curious, stay curious, and stay secure.