So we have Harbor who is CEO and CEO of beyond trust. We have max director of threat hunting as dark race and Erin roll, who right now is fellow Analyst at Cole. And so welcome and let's get started. And so maybe all three of you make a very quick introduction and maybe start this one initial statement around their per your perspective on zero trust. Before we then jump into the discussion and we will run more or less, a little chunk out of the, the break, so to speak, but let's get started. Murray, do you wanna start at max and Darren?
Hi as introduced Murray Haber CTO CSO beyond trust. In my opinion, zero trust is essentially a definition that has been owned by multiple vendors over a period of time. Something that many people have been doing throughout. And from the best standpoint that I can prescribe use the industry recommended standards from N to help guide you through the definition, terminology, and instructions on how to make it work for your organization.
Okay, mark.
Hi, I'm max, the director of threat hunting and doc race zero trust is instead of principles, best practices and guidances, which should be seen vendor agnostic in the first place, which has been gaining more and more adoption, especially in the terms of COVID 19 and rapid digitization as people move to the new norm, new normal and working from remote and home.
Okay. And Darren.
Yeah. So I, I think my colleagues here have kind of summed it up really. And, and I think the word I often use is it's an approach. It's not technology or really practice it's, it's a way of thinking. And that thinking says, you know, we need to strongly authenticate, authorize, administer, and audit our users wherever they come from and wherever they're going to. And of course, someone like myself, this been an identity management forever. I, I know Mari too. It's kind of it's, it's what we've always done. So it's, it's kind of puts identity at the center of security and, and really changes that perimeter based view of security and makes it much more contextual around the application.
Okay. So what I like was three of your statements is no one said, oh, we have a zero trust tool and platform, which solves everything because, okay, then also I have also been a very good trigger for further discussion, but yes, I think it's a paradigm, but even a paradigm at the end must be backed by tooling. So we need technology to implement that. And so when we, when we look at the current situations are when we look at today's complex, large scale enterprise systems, for instance, in, I am more of this tooling has some ML, AI already baked inland. Then you have these sort of, I am specific intelligence platforms and a lot of other specific intelligence platforms. And on the other hand, you, you need to look at the generic systemwide platform for security analysis and response management. So how do these various elements from your experience together and max is already nodding. So it looks like you wants to start with the answer. So max,
Yeah. If you don't mind, you hit the nail on the, he there thing. In my daily job, I help respond to big PT infections, new rents and wear waves, talk to our strategic clients. So I see a lot of that complexity, right? There's specific technology silos for every single paradigm out there. And one of the core challenges is that many times security faults beneath these cracks because the tools are not fully in place, not fully working together. So where does it come back to? And I think the core we need to achieve with either IAM based zero trust or, or more generic zero trust perspective is reducing that complexity, which could be done through machine learning. For example, by letting the machines do the heavy lifting and work towards better approach. So I couldn't agree more when you say that there's, you know, the AI based IM applications and the generic platforms, but the problem is that we need to drive more towards the generic platforms instead of having loads of technology silos, which is creating more friction than we need.
Mario, what is your perspective on that?
I look at it from a, a layered model perspective. If we consider standing privileges or always on privileges, especially when they're administrator, you have a very high risk, which is something that traditional privilege access management has attempted to address for a very long period of time. We've entered just in time to help administrate those and reduce the risk service in time. But we know we need to get to a layer of least privilege granting the least amount of rights possible and identity solutions help do that with role based access. But below that is zero trust where you combine the just in time principles, the least privileged principles. And when you truly need administrative rights with user behavior to get to that state. So it's ultimately a goal you have to first think that can my technology or my implementations of technology with my business really handle a zero trust model. Specifically zero trust has software defined perimeters. There really is no network perimeter. Do I have implementations of legacy infrastructure or peer-to-peer networks that just don't fit, but if you can get your internal systems, right, or if you're using newer technologies, you remove admin rights. You can grant just in time, you can honor release privilege and you can do user behavior based on ML or AI to get there. Then you can truly get zero trust to work for you the way that the practical or the theoretical design is meant to
Be. So, so in some way, we also meet and facing a, a paradigm shift away from, from static to realtime trust in time analytics to observing what happens is that what, what you also would see Darren?
Yeah, I think I, as always aware, I agree with my colleagues here that I think Murray used that term layering. I think it's really important to come back to your first question in, in the ML and AI space. I think we, I, I personally don't believe we should talk about the technology cuz the only thing that's relevant there is behavior, right? And, and I think that as we look across these complex systems, we're now understanding the importance of that, that, that truly understanding norms norm is so important and dealing with the complexity that comes with that. I mean, it's, you know, death by tools, you know, something that's just, how many more tools do you want me to buy, deploy, manage. It's just very, very complicated to, to get there. And, and I think something that I've heard several times today's been listening in is this idea of, of, of creating an ecosystem that's behaviorally where and responsive. I think that's, what's really gonna drive us to the next, what help us deal with the challenges that come with where we are really
So means we need technology, which helps or standards, which help us to have these various systems communicate in, in an efficient manner to, to transport information from, from various points where we collect data to certain systems, which analyze all that stuff. So that would be done from what you're saying, all saying, I, I would say being one consequence that we need ways to, to, to make all these various, so to speak sensors and analytical systems interact in a, in a smart and smooth manner. So, so when we, when we look at this, how would a future or typical sort of security operation center, intelligence operation center, or CDC, however you'd like to name it, how, how would that look like for maybe most, from an IM perspective and from an overall security perspective? So what would be your, your idea on, on how this could look like max?
So as somebody who's leading an Analyst team and works with many leading socks in the world and does Analyst themself, I see the leading AAM towards, as a great support function. Everybody who knows this, when you got an incident, one of the first questions you ask yourself is who is the user involved? What is the service credential involved? What happened there? So having a way of quickly getting that situation, awareness is key from the stock perspective, I don't wanna live in the IAM tool. I just want my analysis tool, which could be a saw SIM, an NTA, EDR, whatever my leading tool is. I want to have quick access, best integrated natively into my analysis tool to get all the awareness I need. So the closer I can get to the tool, to the IM information, the better with the less friction.
So, so IM needs to deliver more and easy accessible and well structured information at the end of the day. Daron.
Yeah. I, I, I definitely agree with that. I mean, it's about context and, and you know, I'm really fascinated by what max does for a, for a living, right? That that notion of, of threat intelligence and research is such a critical part of what's happening nowadays because the indicators of compromise are, are extensive, right? I mean, am I in the middle of being owned right now? I is this nefarious. What's, you know, some poor soul and it's it's max and his team have to work that out. Right? The, and the impetus that's coming to, the inputs that are coming to them are so varied. These days, you need context, right. You know, who is a person? What else do they have access to? I mean, that's something, I mean, you, how important, right? If we see an indicator of compromise for Darren right now, what else could potentially be in play? How quickly can you get that information? And I guess we've been talking about this forever. You know, these things have to come together and be shared. And I, I think that's often not been the case in the way the tools are designed. So hopefully that's part of the future we're looking towards.
I think we have also one other. So, so first I see from an Analyst Analyst perspective, I see a couple of areas and don't want to name any interest vendors here, but we're really ion of information. And, or the distribution of information is really improved. That is, I think there just really modern on the horizon. There solutions coming up and things are getting better even while we clearly have to look at status cetera. And the other thing which clearly helps us and benefits us is that we are got much better in APIs and exposing data over the past years and that we have more power to, to work on, on amounts of data than we ever had before. I think that helps us in that space. So ma what is your perspective here?
That's similar to being the last speaker in all of this commentary. I agree with my peers. I do think there is an interesting gap, however, to Martin your point, and that is the APIs. While we do have good standards, like skim for identity, there are very few standards or similar types of API calls or even protocols for the exchange of context information. So vendors are left building custom integrations per vendor for IML, for user behavior. And that is a gap that still needs to be filled, that there can be a centralized communication repository or communications protocol that is an open standard where you can query different systems for their knowledge or their current behavior or their current attributes to help make those context decisions until something like that evolves into the foray. We are basically left with vendors, having partnerships and custom integrations with varying degrees of attributes that can be used as a part of that context model. So I think we're at the beginning of this and it shows a lot of promise, but I'm looking forward to seeing some types of industry standards to help make the communication pass smoother between every vendor
And, and data models do become very challenging because if you look at trust devices and network and identity related information, we have different in some way different data models. And so yes, a little bit challenging. So let's look at, in the intro of time, we don't have that much time anymore, maybe at a total different aspect of the entire thing. So when we look at how does at all is evolving also with work from home cloud first devs and devs. And so how, how will or how mass security in security organization change. So, so where does security, what do the tools fit in? Who should the tools? So how should this organization look like? And maybe more you start this time. So does your, the first month
Sure. The work from home problem or our new normal, however you wanna look at it has helped zero trust in a way that that software defined perimeter is now us at home. We can't control our home networks. We, as people can control our home networks, the business cannot, the business cannot control our wifi or any of the other attributes like someone else working for a different company on the same wifi network at home, our spouses, our loved ones, or even our kids doing schoolwork. So with that in mind, we're now able to take the zero trust model and apply it to the endpoints that we can manage and implement best practices for them to connect back into the organization with just in time controls and least privilege or to all the cloud resources, which are accelerating, especially in terms of security to manage those endpoints because being, having a device and just turning on and connecting VPN to get policy or antivirus or updates is not very efficient, powering on and connecting to the cloud is quite efficient because as soon as it can connect, it can do all of the security management that's needed the concepts of zero trust when apply to that really help accelerate the management, the connectivity of applications, and even the users when they're using cloud resources.
Sarah.
Yeah, I think to maybe answer that specific question, you know, who, who owns the tools here? I think as, as when my time as a CSO in the company meeting, I, I always used to, you know, sort think, you know, who's in, who's in the security team here and, you know, one or two guys fill their hands up. I say, no, no, you're all in the security team was kind of became a bit of a joke in the end there, right? You can only play that card once, but you know, as you look at that, everyone's insecurity now in one form or another, and the tooling is so diversified. You know, it specifically on that dev sec dev thing with the DevOps team now have their own security tools and are they being managed by the centralized team? So I'm still an advocate for centralized tools ownership in that respect, you know, tomorrow's point, I mean, you're doing complex things at the network edge around context, those tools, right? The way down to what's happening in, in really educational user training. I think if you bring the tools together and that's very much, I think the role of the CSO in the future is it's about being somebody that brings the tools together and makes them work. Right. So, you know, so max can solve a problem for us, right? And maybe the most important one
And reduces the number of tools or keep them keep the number, at least on the control, like point you brought exactly and too many tools. And yesterday I said, maybe we should just have a simpler rule for every new tool. We retire one old tool on cybersecurity, at least that really should help. So max your perspective, and then we make a short closing statement round, and then we already done.
Okay. Sounds good. I try to fit as much in as possible. That's that's such a great question because we work from home situation trying to light on the complexity again today, the challenges working from home, maybe it's dev SecOps, maybe it's securing your IOT devices, maybe an industrial control systems, maybe your cloud move. There's always gonna be a new challenge. Ask your security teams. Who's got experience in dealing with network conclusions to put the hand up. Who's got experience in cloud security. Nobody's gonna put their hand up. So that's always gonna be moving needle and we always gonna play catch up. But I think we can turn this around with a zero trust paradigm, you know, assume breach use technology that can do a lot of the heavy lifting. Doesn't need us to focus and try to extrapolate threats by saying it's gonna happen there. It's gonna happen there. Use some clever machine learning, use some clever technology to identify where upcoming threats, where anomalies occur. And let's not try to throw more humans at the problem. I sometimes hear things like we need to do education in kindergarten and teach from cyber security. I hate to think that I don't want my kids to learn cyber security there. I want them to become a doctor and astronaut or something. So I'm, I'm very focused on technology. I think that's gonna be one of our avenues out of this issue, hopefully.
Okay. So very short closing statements of each of you, maybe one simple advice in a or to the audience. What first, when it challenge max you there. And
Sure. My advice is, think about what you understand is zero trust and what you want to get out of this. So is it the assume breach mentality? Is it the, we need to implement work from home. What does it mean for you? And then look technology agnostic for the right principles and paradigms, and then look for
Potential tooling. So work your way down
The,
Yeah, I agree with that. I think it's a, a easier trust for what it is. It's an approach and a shift in thinking and, and use that thinking to, to drive the overall architecture. It really isn't about tools. We've got great tools to come. And I do agree with max that, you know, people can't fix a lot of the problems that are coming, but, but see if what it is a different way of thinking and that puts identity at the center and, and, and make that your goal.
Okay. That Murray short statement
Agree with my colleagues. Zero trust is a goal that we should all strive to, but they are very practical steps that you can do to get there, like removing standard privileges, making sure you can document and remove all unnecessary admin rights, getting people to least privilege doing just in time, follow the path down to no one is trusted unless explicitly granted and it'll help you get to the model.
Okay. Perfect. Thank you to all the three of you. Thank you for everybody listening for us and back to battle.
