Post-Event Report: Help AG Security Spotlight Forum, March 2019

As the region’s trusted security advisor, Help AG plays an ongoing role in raising awareness about the latest cyber security trends in the Middle East. Our Security Spotlight Forum (SSF) event, hosted in premier venues across the Middle East, has become an excellent platform for achieving this on a quarterly basis.
As was evident at the recent RSA Conference, one of the largest cyber security events in the year, Zero Trust is set to be among the most important security trends of 2019. Having rapidly evolved since the introduction of the term by Forrester in 2014, the Zero Trust concept now encompasses cloud, identity, threat intelligence, privileged access management, data protection and more.
And while we aim to keep our blogs short, we didn’t want to leave out any of the insight and expert advice shared at our Security Spotlight Forums. So, if there’s a specific aspect of this approach to security you’re keen to learn more about, here’s a quick reference for what’s ahead in this post:

• Help AG: Evolution of Zero Trust Architecture
• Symantec: Data Protection On-Premises and in the Cloud
• Fortinet: The Zero-Trust Enforcement Point
• Pulse Secure: Identity, the Foundation of Zero-Trust
• Infoblox: Secure DNS: A Clear Element of Zero-Trust
• Skybox Security: Zero Trust Starts with Visibility

 
So, with that said, let’s dive in!
Help AG: Evolution of Zero Trust Architecture
In line with the theme of the event, Nicolai Solling, CTO, Help AG covered what Zero Trust is, how the concept has evolved and how organizations can get started or enhance their current Zero Trust deployment.
He elaborated on the various points where technical trust is established: network and infrastructure, identity, endpoint, and data. Help AG’s approach to Zero-Trust is that of visibility at all layers. Good security decisions are made possible only with the right visibility – after all one can’t really protect what one can’t see.
Organizations need to make sure they don’t forget cloud either; with the absence of the perimeter, identity management is key. Access Control creates context around devices and users- your access control solution therefore needs to integrate with and augment your infrastructure’s security and visibility.
Symantec: Data Protection On-Premises and in the Cloud
Zero Trust is about ensuring that the right systems, people and applications can access each other in the right way, but protecting data is equally important. In this session, Symantec explained how they use DLP, CASB and native encryption capabilities to ensure that data can only be accessed by those who it is intended for, both on-premises as well as in the cloud.
Forrester’s Zero Trust extended (ZTX) Ecosystem Model provides a framework for the modern Security Platform. Key pillars of the ZTX ecosystem are: network security, data security, workload security, workforce security, device security, visibility and analytics, automation and orchestration. Symantec’s Integrated Cyber Defense (ICD) is strategically aligned- it’s all about protecting data and systems, preventing threats, allowing for quick, efficient and orchestrated incident response. Symantec DLP solutions are all designed to protect your most important, high-value data.
Forrester Research predicts that over two-thirds of the value of an organization exists in the form of secrets, including valuable intellectual property like product plans and source code, M&A and strategy documents, and unreleased financial results and projections. Effective, complete Data Loss Prevention solutions must be able to protect this type of data as well. Symantec DLP is designed specifically to help you protect all your information—both traditional structured data and high-value unstructured data—no matter where it resides or how it’s accessed. When it comes to DLP response, the best practice approach is “Automation first, people second.”  With Symantec, you can customize response rules to match your business processes and remediate 60-70% or more of incidents automatically.
Fortinet: The Zero Trust Enforcement Point
The firewall is an increasingly important enforcement point of traffic within the network. When integrated with other devices, a firewall can be enhanced by richer context and intelligence and thereby enabled to act as an orchestration device for other devices in order to make the right decision.
NSS Labs estimates expect encrypted traffic to reach 75% of total traffic, providing hackers yet another venue to hide behind encrypted flows and find ways into enterprise networks- large catastrophes may follow, if the internal networks are flat and access control is based on implicit trust. Micro-segmentation – a prime example of which is the Software Defined Data Center – does provide a way to segment networks, devices, users, and applications leading to greater agility and control. But these resources may be liable to attacks, and once compromised, can spread malware laterally.
There is where intent-based segmentation can effectively inspect all types of East-West, North-South traffic and enforce consistent security policy, preventing cyber-attacks. Intent-Based Segmentation involves segmenting IT assets in accordance with business intents, establishing access control using adaptive trust and applying high-performance advanced security to improve security posture, mitigate risks, achieve compliance and operational efficiency.
Infoblox: DNS – A clear element of Zero Trust
One of the main reasons we implement Zero Trust in the first place is to avoid cyber-attacks such as the spread of malware and exfiltration of data. As both good and bad network actions start with a DNS request, the security benefits of inspecting DNS can be significant.
In this session, Infoblox covered how just small changes and investments to your infrastructure can significantly increase your ability to block Command and Control as well as other malicious DNS attacks. There are different ways how Infoblox offers protection against threats. One of the most important ones is reputational. This involves using threat intelligence to prevent those requests that have been caught in some form or fashion before. From Infoblox, you get one of the industry’s best feeds because, not only do they have a lot of valuable data coming in from customers and DNS environments, they also have a cloud-based reputational feed with their own SOC. The next approach is a signature-based. And the last one is the most compelling and is what sets Infoblox apart from everybody else. This analytics based on the company’s DNS expertise that involves looking at every single packet and looking at the context of the query.
The Infoblox ActiveTrust Solution consists of three components: DNS Firewall (stops malware C&C communications through DNS); Threat Intelligence Data Exchange (TIDE) (a flexible platform that ensures the collection, aggregation and distribution of high-quality threat data both to internal and external infrastructure); and Infoblox Dossier (serves as a single plane of glass for all your threat investigation needs). Infoblox DDI for Cloud and Virtualization extends the industry-leading DDI platform to support cloud and virtualized platforms.
Pulse Secure: Identity, the Foundation of Zero Trust
Pulse Secure delivers one of the strongest access control solutions for remote users, network users as well as users connecting to cloud applications.
Reliance on silos within a Hybrid IT environment, to attempt to achieve ubiquitous secure access, has created a new set of challenges for customers. Pulse Secure has designed a solution that allows secure access for any user on any device to apps in a hybrid IT environment, including providing solutions for access from mobile and cloud. This helps IT and security teams to enable workers to be continuously productive. The Pulse Secure approach provides a comprehensive access solution anchored by a unified policy and compliance framework, powered by a single user client and controlled with centralized visibility, management and analytics. Together, they make the approach for secure access for Hybrid IT flexible, scalable and reliable.
By offering a flexible path to SDP, the company extends its foundation of Zero Trust access for hybrid IT and provides enterprises and service providers unrivaled provisioning simplicity, security posture fortification and lower total cost of ownership.  Help AG has been successful in deploying Network Access Control with Pulse Secure in organizations ranging from 10 users to 10,000 users!
Skybox Security: Zero Trust Starts with Visibility
Complete and accurate visibility underpins every aspect of the Zero Trust framework. In order to create effective micro perimeters, you must understand your infrastructure, how well it’s aligned to the goals designed in security policies, and where risks lie.
In this session, Skybox Security discussed how the visibility of the hybrid network and asset layer combine to give you the insight needed to implement and maintain the Zero Trust model. Skybox helps tighten access controls and tune IPS signatures. This ensures that the security designed in policies is being adhered to in the actual network. It automates not just rule creation workflows, but also rule re-certification to ensure access is limited to the needed services in the needed time frame. Additionally, it helps identify misconfiguration issues as well as the vulnerabilities on network devices that would render security controls useless are vulnerable to exploit.
Adopting the Zero Trust approach delivers many benefits on top of improving the security of your network- one can reduce the scope of compliance audits by improving network segmentation and creating micro-perimeters. Moreover, it leads to centralization of security management by reducing the number of management consoles needed for the network, and your team can focus on more substantive security activities. Zero Trust further enables you to break down departmental silos and improve cooperation through visibility and transparency, making your organization more agile with a mature security program.
In Conclusion
As is evident from this post-show report, we covered a lot of ground in just half a day. This is why our customers unfailing look forward to attending our Security Spotlight Forum to ramp up their knowledge on key cyber security topics in the quickest and most effective manner.
We hope you’ve found this summary useful and as always, our experts are ready to help you solve all the cyber security challenges your organization faces. We promise more great topics in the year ahead and hope you join us at our next SSF! Till then, stay tuned to Help AG!