Traditional network security is based almost entirely on addresses, ports, and protocols. These constructs are poorly equipped to describe a world of dynamic cloud computing, containers, remote users, and BYOD. As such, most companies have been left to create hardened perimeters, with lax controls on the inside that assume once an entity is inside, it is trustworthy. As continued high-profile breaches demonstrate, this is a failing model. The attacker will breach the perimeter. And when they do, moving laterally to achieve objectives becomes simply a matter of time.
You can no longer assume devices, applications, and users are trustworthy simply because they are inside your perimeter. Zero-trust networking is a model first proposed by Forrester Research that changes the way we look at security. A zero-trust model assumes that all entities are untrustworthy. By adopting this model, you are able to take a more realistic view of the risk within your network and take action to improve your security. Advances in computing power and machine learning have made the practical applications of this model more tractable than ever before.
Harry Sverdlove outlines the specific steps you can take to map out your data flows in your network, identify sensitive or proprietary communications, design policies that secure those flows while assuming all other communication is untrustworthy, and continuously monitor for change. Along the way, you’ll learn how organizations like Google and Netflix are applying this model in their own networks to design secure systems in a world that is inherently insecure.
Harry Sverdlove is founder and chief technology officer at Edgewise Networks, a cybersecurity startup that is transforming the way the industry approaches network security in the cloud and data center by stopping the progression of network-borne threats. Harry has been building and leading technology solutions for 25 years. Previously, he was CTO at Carbon Black (formerly Bit9), where he led the technical and strategic vision and helped establish Carbon Black as a major player in endpoint security; principal research scientist at McAfee, where he was responsible for the architecture of the company’s web safety rating engine; and chief scientist at SiteAdvisor (acquired by McAfee). He is frequently quoted as an expert on cybersecurity in leading media outlets such as the Wall Street Journal, the New York Times, CNN, and CNBC as well as trade and vertical market publications. Harry holds a bachelor’s degree in electrical engineering from the Massachusetts Institute of Technology.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org