Scribd
Upload
10 views25 pages

CERC2021 stc Issa Alsuwait

The document discusses the Zero Trust security model, emphasizing its importance for protecting critical infrastructure against evolving cyber threats. It outlines core principles of Zero Trust, including continuous verification of identities and devices, and highlights the role of AI and ML in enhancing cybersecurity. The document also provides a strategic approach for adopting Zero Trust and its relevance in the context of increasing identity attacks and the need for robust security measures.

Uploaded by

Jay Lewis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views25 pages

CERC2021 stc Issa Alsuwait

The document discusses the Zero Trust security model, emphasizing its importance for protecting critical infrastructure against evolving cyber threats. It outlines core principles of Zero Trust, including continuous verification of identities and devices, and highlights the role of AI and ML in enhancing cybersecurity. The document also provides a strategic approach for adopting Zero Trust and its relevance in the context of increasing identity attacks and the need for robust security measures.

Uploaded by

Jay Lewis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

Securing

5G Critical Infrastructure
SA Commercialization
With Zero-Trust Security Model
Pioneering Experience in Middle East

stc Kuwait cyber security department


November , 2021
Agenda
01. What is Zero Trust?

02. Zero-trust security Model importance for Critical Infrastructure

03. Zero Trust Access Control Strategy

04. Sample Attack Approach with Zero Trust Model


05. The Time of AI & ML based cyber security systems for critical infrastructures

06. References
What is
01 Zero Trust?
CERC2021 stc Kuwait

Trust No One
All access must be
authenticated authorized and
VERIFIED ALL THE TIME
IT/OT environment evolving

Employees, contractors, partners


customers

Bring your own devices and IoT

Explosion of cloud apps (Azure,


Blockchain, E-Government integration…)
Expanding Perimeters

Multi sources of signal


Annual Report 2019 | stc group

Zero Trust Core principles

Verify explicitly

ZERO TRUST
Zero Trust across the digital estate

Identity Devices Apps

Infrastructure Networking Data


Zero
Trust
Objective:
Verify and secure every
identity with strong
authentication and keep an
eye on users during the
session.
Identities
Zero
Trust
Objective:
Allow only compliant and trusted
apps and devices to access data,
and keep device under monitoring
while connected to the network

Devices
Zero
Trust
Objective:
Harden defenses and
detect and respond to
threats in real time.

Infrastructure
Zero
Trust
Objective:
Move beyond traditional
network security
approaches, Utilize AI
and ML traffic analysis.

Network
Annual Report 2019 | stc group

Zero Trust Security Model Definition

Zero Trust is a security model, a set of system design principles, and a


coordinated cybersecurity and system management strategy based on an
acknowledgement that threats exist both inside and outside traditional
network boundaries.

Zero trust assumes there is no implicit trust granted to assets or user


accounts based solely on their physical or network location (i.e., local area
networks versus the internet) or based on asset ownership (enterprise or
personally owned).

References: - NSA - National Security Agency - PP-21-0191 | February 2021 Ver. 1.0
- NIST - National Institute of standards & Technology SP 800-207, Zero Trust Architecture
Why Zero-trust security Model
02 important for Critical Infrastructure?
Why Zero-trust security Model important for Critical Infrastructure?

3. Assets increasingly leave network


• BYOD, SaaS, Contractors & 3rd Parties

4. Attackers shift to identity attacks


• Phishing and credential theft
Why Zero-trust security Model important for Critical Infrastructure?

Faster detection
Increased of internal Reduces lateral
visibility attacker/compromised movement after attack
accounts

Reduces alerting time


Limit post
once an attack has
occurred attack damage
03 Zero Trust Access Control Strategy
Never Trust. Always verify.

Increase Remediate
Assurance Risk
Allow
Allow limited Block
full access Access access

Signal to make an informed


decision Decision based on
organization’s policy Enforcement of policy across
resources

Re-evaluate during session


Zero Trust Extend policy enforcement into the session level

Continuous policy
assessment and In-session monitoring and policy enforcement
enforcement

Access Data Edit files Run Commands/


Process

User Risk

Risky user behavior User Risk


User behavior
logged for future
Update user’s session risk through analyzed against
analysis and
additional evaluation session policy
Investigation
Sample Zero Trust remote exploitation scenarios where most attempts would have been
successful in non-Zero Trust environments.

Access Method Attempts to Access Network Repositories (Servers & Software) Visibility Analytics

Allowed: User role and device are authorized


to access specific data based on policy and
context

Malicious actor
compromises Blocked: Lateral movement prevented by
user’s device and segmentation and default-deny policy
credentials

Blocked: Blocked: User role is not authorized


access

Limited: Access to application or service is


Logged analysis
Access via user’s device limited based on least privilege
detects attempts

Blocked: Dynamic analytics detect


suspicious activity by user account and block
access

Access via malicious actor’s device Blocked: Device is not authorized


using user’s stolen credentials
04 Zero Trust Model Adoption Approach
Forrester’s Five Steps to adopt Zero Trust

As per Forrester Zero trust adoption


strategy, the below five mile stones
to be translated into initiatives:

1 2 3 4 5
Identify Continuously
Architect Embrace security
Users, Map the flows monitor zero-trust
zero trust automation and
Systems & of sensitive ecosystem with
micro- orchestration
sensitive data data security analytics
perimeters
05 The Time of AI & ML based cyber security
systems for critical infrastructures
Why AI & ML based Cyber security systems?

There are five core use cases that Artificial Intelligence support to improve the
cyber hygiene and operational excellence:

Incident Analysis Threat Prediction


AI able to perform the incident analysis to provide in-depth AI will pull threat intelligence from internal and external sources
information on the incident impact, who the threat actors are and and provide predictive services for upcoming threats.
provide the attack kill chain and root cause.

Incident Triage Incident Response


AI will minimize false positives by augmenting rules-based AI will apply case-based reasoning and create and/or run existing
detection systems. playbooks to perform an incident response either fully automated
or with a human analyst monitoring it.

Always Hunting
AI Cyber Security systems
AI never sleeps, keeps learning & enhancing detection accuracy, nowadays available for both
and as a result will be able to continuously monitor & discover IT & OT critical
anomalous behaviors as they occur infrastructures
References

1. Department of Defense (2019), DoD Digital Modernization Strategy.


2. NSA - Operational Test and Evaluation (2021), FY 2020 Annual Report. Available at:
3. National Institute of Standards and Technology (2020), Special Publication 800-207: Zero Trust Architecture
4. Institute for Defense Analysis In-Use and Emerging Disruptive Technology Trends.
5. NIST Special Publication 800-207 - Zero Trust Architecture
Shukran!
ُ
ً‫شكرا‬

You might also like