F7. The “Zero Trust” Model for Cyber Security
Thursday, May 10, 2018
11:15 AM - 12:15 PM
For decades, security controls have been built around protecting a single, massive corporate perimeter. As seen with the latest breaches in the industry, this method has proven unsuccessful at realizing its core intent—to appropriately protect the critical systems, data, and personnel that allow our companies to successfully operate. Once the perimeter is breached, a threat actor can move freely across security layers and systems, leaving sensitive data vulnerable to compromise.
The Zero Trust model lifts that reliance on a single perimeter and moves it to every endpoint, user, application, and data element within your company. The premise is built on strong identities, authentication, trusted endpoints, network segmentation, access controls, and user and system attributes to protect and regulate access to “toxic” or sensitive data, systems, and applications. Zero Trust is made up of two primary principles, you don’t inherently trust anything on or off your network and that you are applying appropriate security controls based on the sensitivity or toxicity of the data or application you are trying to protect.
In this presentation, James Carder, CISO and VP of LogRhythm Labs, will discuss the Zero Trust model and how you can implement it to enhance your security operations.