STLCYBER Meetup - The Sassy Death of the Moat and Castle

Presentation by Bill Doty at STLCYBER

Current security models have revolved around the idea of a protected, safe, controlled network where IT and Cyber can apply time tested and reliable security in defensive layers to protect our crown jewels. The reality has proven to be far different, as we evolve away from the traditional data center and internal controls to a brave new world where the bulk of users, data, and services no longer reside in our perimeter. This new world requires new ways of thinking about security and where we define and place our perimeter to effectively manage and control information security.

  • Traditional Holes (Controls) and What Breaks Them (also, OLD!)
    • Firewall - Management; Complex Rules; Legacy Services
    • VPN - Split Tunneling
    • DLP - MTA/SEG
    • DNS - Cloud Services; Poisoning
    • Directory Services (AD, LDAP) - Hybrid Environments
    • Identity (IAM) - SSO; Legacy System; Containers; Certificates
    • Agents (AV) - Mobile; Zero Day; non-Windows OS; capacity
    • Proxies (SWG) - managing the Cloud; allowing Cloud Services
    • NAT (Private Networks) - Hybrid Environments

NIST is extremely valuable, but the language implies a moat and castle.

  • NIST 800-12rl Section 2.6
    • system life cycle
    • policies, procedures
    • intrusion detection systems, firewalls, configuration settings, and AV
    • gates, guards
    • system assets
  • Time to get SASE!
    • According to Gartner, “SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”