Compliance und Risiko
An Expert Discussion on Zero Trust
Zero Trust is the key strategy moving forward to secure the always changing hybrid workplace. Listen in as two of our industry experts discuss how risk insights are key component of Zero Trust security.
Eric Skinner: [00:00:00] Hey everybody. I'm Eric Skinner and I'm Greg Young. And we're both here today to chat with you about the new Zero Trust capabilities that have been announced by Trend Micro. So, hey Greg, why is Zero Trust getting so much attention right now?
Greg Young: [00:00:19] It's getting a lot of attention now, although it's really the changes have been coming for a few years, a few things, one is attackers have changed how they're doing things in the sort of legacy architectures we have aren't really working that well. And second is that; complexity has really overtaken us. And how do we deal with that complexity while the old models aren't working? So we have to look at new things such as, how we assess risk and posture and new ways to do with our software defined enterprises.
Eric Skinner: [00:00:44] Right? And at the end of the day, a lot of it is about making life harder for attackers, right? So that they're inherently less trusted in the environment. They're not getting to piggyback on the trust that is inherent in a lot of people's architectures today.
Greg Young: [00:00:57] Right and doing this without just adding more people to it as well.
Eric Skinner: [00:01:00] Right. So when people say Zero Trust and they know what it means, what, what do they mean?
Greg Young: [00:01:06] We had this old saying in security, which wasn't really good, which was trust, then verify. And it's really gone to the reverse. Now we have to verify things before we trust them. And that's fundamentally the way it should be. We have so much information about who people and things are. We should really enable that information into our decisions.
Eric Skinner: [00:01:22] Right. So, Trend's doing two things as part of this announcement and, let's look at each of those. So, first of all, there's risk insights, which is really about assessing the health of users' identities and their devices and the applications they're connecting to in order to help inform a better Zero Trust decision. So why are risk insights so important, right?
Greg Young: [00:01:44] Twofold. One is that the decision to trust something is not binary and it shouldn't be based on old information. Like, hey, you're an employee, therefore we trust you. And this idea of posture is crucial to this as well. It has to be real time and based on a whole bunch of information that we collect, and we can utilize it, shouldn't be an old static or binary kind of decision.
Eric Skinner: [00:02:04] Right, and a lot of vendors seem to be glossing over this right now. You know, it's a step that's getting skipped in all the marketing about Zero Trust, anyway.
Greg Young: [00:02:11] Yeah, absolutely. So, there's this a lot of focus on just either taking old products and just putting Zero Trust on them. Or, not looking at the underlying sort of posture, both these decisions. So it's one thing to say, yeah, we're going to change how complex things are, or we're going to change an approach for making things more software defined, how we're tackling security. But this idea of posture and making these risk decisions is fundamental getting information and making these decisions on it has to be the foundation for any Zero Trust architecture.
Eric Skinner: [00:02:39] Right. So Trend is taking this very seriously. We are assessing a risk across the breadth of the organization in a very detailed way. And, we're piggybacking off the amazing visibility that we already get from our XDR solution. So what we're doing is assessing the health of devices based not only on threat activity, but also based on the security posture of that device, whether it's properly configured, whether it's got vulnerabilities in the OS or applications and so on, but then we're also looking at identities, helping assess for example, if that identity has been compromised. If that identity is now being used to send out internal phishing emails, things like that, the health of the applications that users are attempting to connect to, and even the kinds of data that they're accessing or transferring. So this really provides a really strong visibility for a SOC team that might be doing investigation of an incident or, a potential incident, but much more than that. It's powering decisions in an automated way.
Greg Young: [00:03:44] Eric, where's the information coming to make these insights?
Eric Skinner: [00:03:47] Well, we get some benefit from the XDR platform that is able to provide a lot of insight into threat activity and suspicious activity in the environment. And that helps inform part of the insight, but we're also gathering sensor data from our endpoint from the email system from the as your ID environment from network stacks that are present in the customer environment, third-party and otherwise. So, we have a range of different sensors, the ones I mentioned in more, that get calculated into the risk assessment for these users.
Greg Young: [00:04:23] Okay, and how was all those information presented?
Eric Skinner: [00:04:26] Well, you know, one of the things that becomes readily apparent is that this information is useful for SOC teams and managers, and maybe even CISOs to have a look at the overall health state of their organization or individual users. And look at trending over time and exploring the particular reasons why health scores are high or low. We do that through dashboards in Vision One environment, like the one you're seeing here. But we're also providing full access to the risk insights through APIs, because that's exactly what's needed for automated decision-making for any other layer in the environment, whether that's a third-party application, that's trying to apply Zero Trust principles or a customer's own applications. I think that's a great opportunity to chat in fact about secure access, which is one of the other components of our story here today. But it's something that customers spend a lot of time thinking about access control and Zero Trust these days. So why that is Greg?
Greg Young: [00:05:26] Yeah, so secure access is the biggest part of a security right now. That step just as you're connecting into resources. We're talking about a lot in Zero Trust because historically, you know, attackers have been using lateral movement. They know that if they go from a low trust zone, trying to get over to a higher trust one, or get from an unmanaged or poorly managed zone to another one. It's really changed everything. Of course, a lot of our decisions historically have been done around sort of just a few criteria where you're trying to go and what your membership is. And a lot of times it's very, very static, but the access is crucial and that's the first step toward security.
Eric Skinner: [00:05:59] Exactly. And that's why a little bit later this year, we're going to be, releasing some capabilities around secure access in two aspects. Zero Trust Network Access, which is known as ZTNA out there, helps establish these secure point to point connections for example, an employee to a specific corporate application without requiring VPN and crucially based on that risk insight on a continuous assessment about whether that user should have that access. And then broadening out to SASE or Secure Access Service Edge, which helps a customer expand beyond that ZTNA connection to look at all the connections in the environment and assess the risk of connections to external SaaS applications, internal applications, branch to branch connections, and so on. Based on risk insights and have enforcement ability, to stop connections. If the continuous assessment shows that something in that health status has changed.
Greg Young: [00:06:55] Okay, so we've covered two really sort of fundamental things about this announcement. The first is the risk insights, the getting new kinds of information to base decisions on, and then secure access to actually implement that information into a security relevant way. What's Trend doing that makes our Zero Trust solution stand apart?
Eric Skinner: [00:07:13] I think there's two critical things. The first is that we're taking risk insights so seriously and providing the industry's best insight into what's going on in a customer environment, based on the breadth of what we take into consideration as we calculate that risk insight, email systems, identity systems, SaaS applications, and so on.
And, if the customer wants to use that with their third parties Zero Trust applications they absolutely can. But we feel we're also delivering a well-integrated platform with those risk insight capabilities, the secure access capabilities, that leverage things like our existing endpoint capability and that get well integrated into the vision one console. So it makes it simpler to achieve a, really positive step in a customer Zero Trust started as strategy. All right, well, Hey, thanks for spending time with me, chatting with us today, Greg. I appreciate it.
Greg Young: [00:08:09] Yeah. Thanks Eric. And there's going to be more information available of course, on all this, so look forward to talking to you more.
Eric Skinner: [00:08:15] Okay. Thanks.