SlideShare ist ein Scribd-Unternehmen logo

Zero Trust Enterprise Network at Adobe

‱
‱
Vishwas Manral
Vishwas Manral

Overview of implementation of Zero Trust in Adobe

Technologie
1 von 19
© 2019 Adobe. A Path to Achieving Network Security ZEN Den Jones, Aron Anderson, Carlos Martinez
© 2019 Adobe. xxx Zero-Trust: Why Do We Need It? We mistakenly consider the corporate network safe Network perimeter no longer a security boundary Evolving tactics, techniques & procedures (TTP’s) External (SaaS) Resources Authentication ignored the device
© 2019 Adobe. xxx Defining Zero Trust – What Is It? All networks considered untrusted Authentication is now based on user and device posture Security boundary evolved
© 2019 Adobe. xxx Internal Applications Defining Zero Trust – What Is It? Security boundary evolved All networks considered untrusted ZEN Platform Authentication is now based on user and device posture External (SaaS) Resources
© 2019 Adobe. xxx Purpose § Transform our network and applications to a “cloud-like” state § Enable application access without the need to be internal or use VPN § Secure network level access based on user and device posture 5
© 2019 Adobe. xxx Leverages Existing Investments In
 Authentication Network Access Control Logging Endpoint Detection & Response Device Management
© 2019 Adobe. ZEN Overview LEGEND Client challenged for certificate Active Directory Compliance check to Access Policy Engine AuthN request to IdP Client challenged for certificate Compliance check to Access Policy Engine Allow access if all conditions met 1 2 3 4a 4b 4c 5 xxx
© 2019 Adobe. ZEN Overview LEGEND Request goes to web app App makes AuthN request to Okta Okta delegates AuthN request to vIDM vIDM challenges client for certificate Certificate sent for authentication CRL/OCSP Check CRL/OCSP Response Compliance Check Response (Compliant) If cert valid, vIDM generates SAML response and send to Okta Okta validates SAML, challenges for MFA generates new SAML response and sends to app App validates SAML and if valid, redirects user to protected application content 1 2 3 4 5 6 7 8 9 10 11 12 xxx
© 2019 Adobe. xxx Demo – compliant device 9
© 2019 Adobe. xxx Demo – non-compliant device 10
© 2019 Adobe. xxx User Behavior Analytics (UBA) § Applying data science and algorithms to identify anomalous activity
© 2019 Adobe. xxx Purpose § Scale detection and prioritize analysis § Identification of anomalous events based on ML and statistical analysis § Leverage existing investments § Built using existing log and data sources (user auth events, endpoint posture) § Engage the user in the security process § User notification with call to action § Programmatic activity based on user response § Device posture published to central portal (Trust Score Engine) 12
© 2019 Adobe. xxx User Analytics Overview 13 API call to log sources ‱ Logon events for specified window ‱ User or device specific info (travel data example) ‱ Data filtering to specific employee and event types Generate features based on checks ‱ Examples: ‱ IP correlation (Adobe owned) ‱ Match based on threat intel (UAS, Geo, IP) ‱ Inclusion of known travel data ‱ Comparison with attribute whitelists ‱ Statistical and ML analysis using historical data Data tracking and escalation ‱ Add features to dataset (including DB) ‱ Escalation to users using email and portal (API based) ‱ Parsing of user responses (Escalation or updates to user whitelist)
© 2019 Adobe. Progress To Date § Certificates deployed to over 42,000 devices § 2000+ ZEN enabled applications § 30+ applications available via proxy § Trust Score Engine in production § Positive user response and interactions § 17,000+ employees don't have to change passwords every 90 days § Increased business process and user visibility § Identification of previously undetected malicious activity § Support for user workflow improvements xxx
© 2019 Adobe. Lessons Learned § No single off-the-shelf solution exists § Bringing vendors together is time consuming § Technology overlap
© 2019 Adobe. IDSA Participation Benefits § Forum for pushing cross-vendor initiatives § Provides reality to the vendor ’echo-chamber’ § Exposure to vendors, technologies, use cases, best practices § Improves knowledge and effectiveness of the team § Help drive innovation in the industry with vendors and solution providers
© 2019 Adobe. IDSA-DP-002 17
© 2019 Adobe. xxx Resources § Adobe Zero-Trust Whitepaper https://adobe.com/go/projectZEN § Trust Center https://trust.adobe.com § Open Source CCF v2.0 https://www.adobe.com/go/open-source-ccf § Security @ Adobe blog https://blogs.adobe.com/security/ § Advisories and updates https://www.adobe.com/support/security § Twitter: @AdobeSecurity, @DenJonesCyber (Den Jones)
© 2019 Adobe.

Empfohlen

Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Building a Zero Trust Architecture
Building a Zero Trust ArchitectureBuilding a Zero Trust Architecture
Building a Zero Trust Architecturescoopnewsgroup
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 

Empfohlen

Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Building a Zero Trust Architecture
Building a Zero Trust ArchitectureBuilding a Zero Trust Architecture
Building a Zero Trust Architecturescoopnewsgroup
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Spring security
Spring securitySpring security
Spring securitySaurabh Sharma
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastCloudflare
 
Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSecurity Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesVMware Tanzu
 
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...apidays
 
Cloud Computing Essentials in Alibaba Cloud
Cloud Computing Essentials in Alibaba CloudCloud Computing Essentials in Alibaba Cloud
Cloud Computing Essentials in Alibaba CloudFerdin Joe John Joseph PhD
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
GCP Cloud Storage Security
GCP Cloud Storage SecurityGCP Cloud Storage Security
GCP Cloud Storage SecurityJoseph Holbrook, Chief Learning Officer (CLO)
 
Event driven microservices
Event driven microservicesEvent driven microservices
Event driven microservicesAnthony Martin
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and ComplianceQuadrisk
 
Microservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesMicroservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesAmazon Web Services
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
ztna-2-0-report.pdf
ztna-2-0-report.pdfztna-2-0-report.pdf
ztna-2-0-report.pdfAnto664537
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
Ping Identity
Ping IdentityPing Identity
Ping IdentityPing Identity
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...apidays
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastCloudflare
 
Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSecurity Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesVMware Tanzu
 
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...apidays
 
Cloud Computing Essentials in Alibaba Cloud
Cloud Computing Essentials in Alibaba CloudCloud Computing Essentials in Alibaba Cloud
Cloud Computing Essentials in Alibaba CloudFerdin Joe John Joseph PhD
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Event driven microservices
Event driven microservicesEvent driven microservices
Event driven microservicesAnthony Martin
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and ComplianceQuadrisk
 
Microservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesMicroservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesAmazon Web Services
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
ztna-2-0-report.pdf
ztna-2-0-report.pdfztna-2-0-report.pdf
ztna-2-0-report.pdfAnto664537
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...apidays
 

Was ist angesagt? (20)

Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Spring security
Spring securitySpring security
Spring security
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSecurity Patterns for Microservice Architectures
Security Patterns for Microservice Architectures
 
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
 
Cloud Computing Essentials in Alibaba Cloud
Cloud Computing Essentials in Alibaba CloudCloud Computing Essentials in Alibaba Cloud
Cloud Computing Essentials in Alibaba Cloud
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
GCP Cloud Storage Security
GCP Cloud Storage SecurityGCP Cloud Storage Security
GCP Cloud Storage Security
 
Event driven microservices
Event driven microservicesEvent driven microservices
Event driven microservices
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Cloud Audit and Compliance
Cloud Audit and ComplianceCloud Audit and Compliance
Cloud Audit and Compliance
 
Microservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesMicroservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web Services
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
ztna-2-0-report.pdf
ztna-2-0-report.pdfztna-2-0-report.pdf
ztna-2-0-report.pdf
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security Keys
 
Ping Identity
Ping IdentityPing Identity
Ping Identity
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
 

Ähnlich wie Zero Trust Enterprise Network at Adobe

IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
 
DesafĂ­os de la Ciberseguridad en un ecosistema digitalmente transformado
DesafĂ­os de la Ciberseguridad en un ecosistema digitalmente transformadoDesafĂ­os de la Ciberseguridad en un ecosistema digitalmente transformado
DesafĂ­os de la Ciberseguridad en un ecosistema digitalmente transformadoCristian Garcia G.
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Amazon Web Services
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2jeffirby
 
Developing a Secure and Compliant Cloud Strategy for Financial Services
Developing a Secure and Compliant Cloud Strategy for Financial ServicesDeveloping a Secure and Compliant Cloud Strategy for Financial Services
Developing a Secure and Compliant Cloud Strategy for Financial ServicesBitglass
 
30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love Cloud30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love CloudVuzion
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup SlidesJacksonMorgan9
 
Multi-tenancy In the Cloud
Multi-tenancy In the CloudMulti-tenancy In the Cloud
Multi-tenancy In the Cloudsdevillers
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Standards Customer Council
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Amazon Web Services
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszƂoƛci. ƚmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszƂoƛci. ƚmierte...Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszƂoƛci. ƚmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszƂoƛci. ƚmierte...3camp
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 

Ähnlich wie Zero Trust Enterprise Network at Adobe (20)

IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
 
DesafĂ­os de la Ciberseguridad en un ecosistema digitalmente transformado
DesafĂ­os de la Ciberseguridad en un ecosistema digitalmente transformadoDesafĂ­os de la Ciberseguridad en un ecosistema digitalmente transformado
DesafĂ­os de la Ciberseguridad en un ecosistema digitalmente transformado
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2
 
Developing a Secure and Compliant Cloud Strategy for Financial Services
Developing a Secure and Compliant Cloud Strategy for Financial ServicesDeveloping a Secure and Compliant Cloud Strategy for Financial Services
Developing a Secure and Compliant Cloud Strategy for Financial Services
 
30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love Cloud30 March 2017 - Vuzion Ireland Love Cloud
30 March 2017 - Vuzion Ireland Love Cloud
 
AWS November meetup Slides
AWS November meetup SlidesAWS November meetup Slides
AWS November meetup Slides
 
AWS User Group November
AWS User Group NovemberAWS User Group November
AWS User Group November
 
Cloud & Software Terms Defined
Cloud & Software Terms DefinedCloud & Software Terms Defined
Cloud & Software Terms Defined
 
Multi-tenancy In the Cloud
Multi-tenancy In the CloudMulti-tenancy In the Cloud
Multi-tenancy In the Cloud
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Key Capibilities.pptx
Key Capibilities.pptxKey Capibilities.pptx
Key Capibilities.pptx
 
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
Securing SaaS/Web and Windows Apps in a Hybrid Cloud World (SEC314-S) - AWS r...
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszƂoƛci. ƚmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszƂoƛci. ƚmierte...Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszƂoƛci. ƚmierte...
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszƂoƛci. ƚmierte...
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 

Mehr von Vishwas Manral

IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SVVishwas Manral
 
0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrityVishwas Manral
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunVishwas Manral
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
Docker security microservices
Docker security microservicesDocker security microservices
Docker security microservicesVishwas Manral
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Vishwas Manral
 

Mehr von Vishwas Manral (7)

IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SV
 
0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity0chain Blockhain and off-chain storage integrity
0chain Blockhain and off-chain storage integrity
 
Blockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel AbiodunBlockchain & Security in Oracle by Emmanuel Abiodun
Blockchain & Security in Oracle by Emmanuel Abiodun
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
Docker security microservices
Docker security microservicesDocker security microservices
Docker security microservices
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2Microservices security CSA meetup ppt 10_21_2015_v2-2
Microservices security CSA meetup ppt 10_21_2015_v2-2
 

KĂŒrzlich hochgeladen

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

KĂŒrzlich hochgeladen (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Zero Trust Enterprise Network at Adobe

  • 1. © 2019 Adobe. A Path to Achieving Network Security ZEN Den Jones, Aron Anderson, Carlos Martinez
  • 2. © 2019 Adobe. xxx Zero-Trust: Why Do We Need It? We mistakenly consider the corporate network safe Network perimeter no longer a security boundary Evolving tactics, techniques & procedures (TTP’s) External (SaaS) Resources Authentication ignored the device
  • 3. © 2019 Adobe. xxx Defining Zero Trust – What Is It? All networks considered untrusted Authentication is now based on user and device posture Security boundary evolved
  • 4. © 2019 Adobe. xxx Internal Applications Defining Zero Trust – What Is It? Security boundary evolved All networks considered untrusted ZEN Platform Authentication is now based on user and device posture External (SaaS) Resources
  • 5. © 2019 Adobe. xxx Purpose § Transform our network and applications to a “cloud-like” state § Enable application access without the need to be internal or use VPN § Secure network level access based on user and device posture 5
  • 6. © 2019 Adobe. xxx Leverages Existing Investments In
 Authentication Network Access Control Logging Endpoint Detection & Response Device Management
  • 7. © 2019 Adobe. ZEN Overview LEGEND Client challenged for certificate Active Directory Compliance check to Access Policy Engine AuthN request to IdP Client challenged for certificate Compliance check to Access Policy Engine Allow access if all conditions met 1 2 3 4a 4b 4c 5 xxx
  • 8. © 2019 Adobe. ZEN Overview LEGEND Request goes to web app App makes AuthN request to Okta Okta delegates AuthN request to vIDM vIDM challenges client for certificate Certificate sent for authentication CRL/OCSP Check CRL/OCSP Response Compliance Check Response (Compliant) If cert valid, vIDM generates SAML response and send to Okta Okta validates SAML, challenges for MFA generates new SAML response and sends to app App validates SAML and if valid, redirects user to protected application content 1 2 3 4 5 6 7 8 9 10 11 12 xxx
  • 9. © 2019 Adobe. xxx Demo – compliant device 9
  • 10. © 2019 Adobe. xxx Demo – non-compliant device 10
  • 11. © 2019 Adobe. xxx User Behavior Analytics (UBA) § Applying data science and algorithms to identify anomalous activity
  • 12. © 2019 Adobe. xxx Purpose § Scale detection and prioritize analysis § Identification of anomalous events based on ML and statistical analysis § Leverage existing investments § Built using existing log and data sources (user auth events, endpoint posture) § Engage the user in the security process § User notification with call to action § Programmatic activity based on user response § Device posture published to central portal (Trust Score Engine) 12
  • 13. © 2019 Adobe. xxx User Analytics Overview 13 API call to log sources ‱ Logon events for specified window ‱ User or device specific info (travel data example) ‱ Data filtering to specific employee and event types Generate features based on checks ‱ Examples: ‱ IP correlation (Adobe owned) ‱ Match based on threat intel (UAS, Geo, IP) ‱ Inclusion of known travel data ‱ Comparison with attribute whitelists ‱ Statistical and ML analysis using historical data Data tracking and escalation ‱ Add features to dataset (including DB) ‱ Escalation to users using email and portal (API based) ‱ Parsing of user responses (Escalation or updates to user whitelist)
  • 14. © 2019 Adobe. Progress To Date § Certificates deployed to over 42,000 devices § 2000+ ZEN enabled applications § 30+ applications available via proxy § Trust Score Engine in production § Positive user response and interactions § 17,000+ employees don't have to change passwords every 90 days § Increased business process and user visibility § Identification of previously undetected malicious activity § Support for user workflow improvements xxx
  • 15. © 2019 Adobe. Lessons Learned § No single off-the-shelf solution exists § Bringing vendors together is time consuming § Technology overlap
  • 16. © 2019 Adobe. IDSA Participation Benefits § Forum for pushing cross-vendor initiatives § Provides reality to the vendor ’echo-chamber’ § Exposure to vendors, technologies, use cases, best practices § Improves knowledge and effectiveness of the team § Help drive innovation in the industry with vendors and solution providers
  • 18. © 2019 Adobe. xxx Resources § Adobe Zero-Trust Whitepaper https://adobe.com/go/projectZEN § Trust Center https://trust.adobe.com § Open Source CCF v2.0 https://www.adobe.com/go/open-source-ccf § Security @ Adobe blog https://blogs.adobe.com/security/ § Advisories and updates https://www.adobe.com/support/security § Twitter: @AdobeSecurity, @DenJonesCyber (Den Jones)