Presentation is loading. Please wait.

Presentation is loading. Please wait.

Considerations for End-to-End Trust

Published byMarvin Milton Houston Modified over 4 years ago

Similar presentations

Presentation on theme: "Considerations for End-to-End Trust"— Presentation transcript:

1 Considerations for End-to-End Trust
John J. Walsh Chief Technology and Strategy Officer BlackRidge Technology 2019 Enterprise Information Symposium

2 Shift Cyber Economics Asymmetry and Improve Resilience
Advantage: Attackers Advantage: Defenders Cost Cyber Gap COST TO ATTACK Today’s Situation Tomorrow’s Solution Large attack surface Reactive and slow People/process lag Ineffective/costly technology Assigned identity Reduced/invisible attack surface Predictive and fast response Adaptive/autonomous Mobilization of skilled people System architecture vice tools Assured identity Cyber resilience COST TO DEFEND Resilience

3 From Content-Centric to Connectivity-Centric to Software-Defined
Looking ahead…Looking back. Waves of IT Industry Growth in the Information Age Moore's Law Metcalf’s Law Law of Transformation 10000 Connectivity- Centric Content - Centric Software Defined Chief Information Officer Department of Defense 1000 Network - Centric PC- Centric Number of Users (Millions) 100 Systems-Centric 10 1 1970 1980 1990 Adapted from David Moschella, “Waves of Power” 2030 Creating an Information Advantage Age of connectivity is accelerating and is obsoleting traditional perimeter and security architectures Migrating to software-defined environments is presenting a new host of opportunities and challenges

4 Enterprise, Internet of Things (IoT), and Cyber Physical Systems (CPS)
Enabling new capabilities and challenges for security and integrity of data. Connecting sensors, smart devices, and systems Bundled technologies enable new outcomes in smart cities, nations, and government With them come new levels of complexities and challenges We carry forward the challenges of managing each system and new, often un-anticipated challenges will develop 70% is legacy software and hardware infrastructure A “System of Systems” Problem in a “Trust No One Environment”

5 New Challenges With Proliferation of ML and AI
In Security Frameworks, Systems, and Architectures IIC Security Framework Systems of Systems Many Considerations: NIST Security Framework Distributed Connectivity Centric; ... SDE Data integrity and rights management Privacy of data and network connections Identity access and management controls: Human to Machine; M2M Scalability, validation, and maintainability Total cost of ownership Interoperability and automation in distributed architectures Encryption versus enhance monitoring/analytics Operating in multiple contexts/models Adaptive / autonomous defense Cyber resilient architecture Artificial Intelligence noitamrofnI Information Content Centric Distribution Decision rights Data Integrity requires an adaptive, end-to-end trust model.

6 From Zero Trust (Trust No One) to Adaptive Trust and Response
Data Integrity – authentication and assured identity Enforce rules and policies at a granular level (individual device/machine) and software-defined: Segmentation and segregation Enhanced monitoring and analytics Adaptive response (changing trust levels) Permissioned asset scanning – “cloak” Authentication and permission in a blockchain Address cloud migration and vulnerabilities Keeping data and the network connectivity private Software-defined environment Support brownfield (installed) architectures with edge-agnostic identity authentication at low levels of the network

7 While Authenticated Identity is a Foundational Element…
RSA: 95% Successful Breaches involve Compromise of Identity in Some Way to Gain Access DISCIPLINES OF SECURITY: IDENTITY IS THE BASE SECURITY More than security in integrated architectures: Security Data Integrity Data Rights Management Access Management and Control Information/Data Transaction Credential Management and Controls Certificates Support Multi-factor, Big Data, Analytics …. INFORMATION SHARING ACCESS CONTROL AUDIT ENCRYPTION FORENSICS THREAT MIGRATION THREAT MIGRATION DATA LEAKAGE AVAILABILITY POLICY/ GOVERNANCE NON- REPUDIATION INVENTORY IDENTITY ..... And there is an explosion of new techniques and methods to establish identity

8 Establish a Unified ID Abstraction Layer
Transport Technology Enforce Policy and Rules System of Systems Zero Trust Environment Tokenize, transport, and resolve, non-interactive authentication, and assign risk (attestation) Achieve Outcomes It requires a transport architecture that can unify an abstraction layer for policy and rules enforcement.

9 Enabling Capabilities for End-to-End Trust
For all Segments and Network Environments High Assurance Network/Micro-Segmentation Identity-Based Policies, Access, and Compliance Enhanced Monitoring, Detection, Analytics, Adaptive Response Permission for Scanning of Network Connected Assets (Cloaking) Authentication to and Permissions for Blockchain

10 Secure Cloud Access and Privileged Users
Keeping the data and network connectivity private Problem Adversary monitoring traffic and side-channel attack Remote users and devices need access at any time Both government and industrial sectors are require secure cloud access from endpoint, maintenance of the privacy of the data and their operating networks "Low side” commercial cloud data enrichment must have identity assurance to pass up to "high side” applications Solution Cloak endpoint to cloud connection - all traffic to cloud entry point Assure identity of endpoint into cloud and enable compartmentalization, segmentation, segregation within the cloud. Secure cloud access – including remote locations Secure logs documenting access Enables the privacy of data and their supporting networks to the cloud

11 Management and Data Plane Segmentation
Many First Adopters – with enhanced monitoring (SIEM) Problem Network of thousands of security devices and sensors provide a high security risk to Government and Commercial Solutions Cloak the cloud management plane using virtual and hardware gateways Identity-based policy enforcement to ensure that only administrators and authorized users can access, scan, operate within network Locks down the management plane to privileged users only (e.g., admin, security) Log all activity with identity attribuiton to provide a means for enhanced monitoring, insider threat detection, and adaptive response.

12 Segmentation / Segregation
Segmentation and Segregation in Energy and Industrial Sectors Russian Attacks, Moody’s Risk Ratings, and Govt are driving the Utilities/EP to Action Segmentation / Segregation Extending to OT - Zones DHS Guidelines and Recent Security Tips (ST18- 001) and Technical Alerts (TA18-074A) BlackRidge TAC is the foundation of NREL Tested and Validated 9 Layer Security Solution

13 Tier I Segmentation/Segregation of Power and Energy Grid
Substation, Messaging Bus, Operations Center, Cloud Access, and Partner Subsystems Authentication Mechanisms Hosted Cloud Partner Subsystems Secure Virtual Utility Operations Center Active EnvirAoFnGment Secure Virtual Environment Secure Message Node iSPEED Substation Active Directory Directory Platform Secure Message Node Milsoft Core Application Servers Milsoft Core Application Servers Subnet iSPEED Secure Message Node iSPEED Secure Message Node iSPEED RunSafe D (SCADA Digi SIEM Controller) Partner Core Device Secure Data Bus Secure Message Nodes Situational Awareness Response Center Private Facilities

14 Tier 2 Segmentation/Segregation of Legacy 0,1,2 Layers
Legacy systems are a tapestry of older sensors, controllers, and trust policies. Legacy handle by in-Line device for identity and protection

15 Summary of Considerations for End-to-End Trust
Data Integrity in Networks and Clouds Keeping data and the networks private in commercial infrastructure Authentication of endpoints and data Ability to establish trust and risk level (attestation) Rules and Policy Enforcement High assurance micro-segmentation/segregation Mapping - “cloaking assets”; authentication to blockchain Adaptive/autonomous response – supports analytics and controls algorithms Enhances privileged access management Data rights management and monetization Enhanced Monitoring and Analytics Including encrypted payloads (eliminate need for break and inspect) Extension of Architecture Capabilities To Operational Technology (OT) and legacy or brownfield environments Agnostic to endpoints and architecture; topology independent SDN/SDP VNR future compatibility 15

16 Questions John Walsh Chief Technology and Strategy Officer 16

Download ppt "Considerations for End-to-End Trust"

Similar presentations

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.
A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,

A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.

Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.
INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Similar presentations

Ads by Google