The term “zero trust” was first coined in 1994, which makes it as old as the internet. However, the zero trust security model as we know it today was first described in 2010 by Forrester analyst John Kindervag. That makes it five years older than SOAR (security orchestration, automation and response). Much like SOAR, it has become a go-to cyber risk management strategy for security leaders in recent times. Like SOAR, there are now US government-backed initiatives around zero trust. The US-based National Cybersecurity Center of Excellence (NCCoE) is working on a guide for infosec practitioners to implement a zero trust architecture. Some of the biggest companies in tech and cybersecurity are working on the guide, from AWS, Google Cloud, IBM, Microsoft, and Palo Alto Networks to name a few.
Companies too are increasingly moving from a traditional network and security architecture to a zero trust framework as they undergo their digital transformation journey. In this new model, the traditional perimeter is eliminated and replaced by contextual trust in which access to data is granted only if it is requested by an authenticated user. This model promotes a more granular approach to security, which helps organizations reduce business risk from cyber threats.
If you’re interested in knowing how SOAR works in a zero trust ecosystem, you don’t want to miss our upcoming webinar with Zscaler, one of the leading SASE solution providers. Titled SASE and SOAR for Zero Trust-Enabled, Cross-Platform Threat Response, Zscaler’s Rahim Ibrahim and D3 Security’s Stan Engelbrecht will show you how InfoSec and SecOps teams around the world are solving two of their most important challenges with one simple integration that combines D3’s NextGen SOAR and Zscaler’s SASE platform. Hear firsthand how SOAR enables cross-platform threat response at scale through automation. This will be an interactive webinar, so feel free to post your questions on LinkedIn or Twitter before, during, or after the presentation.
What Is Zero Trust and Why Is It Such a Big Deal?
Part of the reason why zero trust can feel so nebulous is that everyone seems to have their own idea of what its core pillars/components/factors/stages are. If you go down a Google search rabbit hole, you’re likely to wind up more confused than enlightened. Let’s lean on some authoritative sources to get some clarity. NIST Special Publication 800-207 on zero trust Architecture provides a canonical definition that you can refer to. Forrester Research, who originally coined it, does a great job of defining it in this blog post, outlining the three core principles of zero trust. It’s more comprehensible when read in bullet form:
- Default deny
- Access by policy only
- For data, workloads, users, devices
- Least privilege access
- Security monitoring
- Risk-based verification
Comprehensive security monitoring is a core principle of zero trust, and this is where SOAR fits in the zero trust ecosystem. More on that later. First, let’s explore why zero trust has become so popular.
In a post-pandemic world, the line between corporate and personal, physical and digital, and public and private has blurred. Without zero trust networks, this lack of boundaries presents the risk of greater threats to your business, users, data, and devices. Compared to traditional hub-and-spoke network and castle-and-moat security models, zero trust architecture limits the attack surface by blocking inbound connections by default and preventing lateral movement. It limits both insider and external threats and improves the visibility of users, devices, and data on the network, which in turn helps improve incident detection and response.
What Does SASE Mean?
SASE (pronounced “sassy”) is a framework coined by Gartner in 2019. It stands for Secure Access Service Edge, a cloud-based cybersecurity solution comprised of five network security capabilities – SDWAN (software-defined wide area network), SWG (secure web gateway), CASB (cloud access security broker), FWaaS (firewall as a service), and ZTNA (zone-to-zone network access). SASE provides security designed to protect branch offices, remote workers, and on-premises use-cases. There are many benefits to adopting SASE. Notably, it gives security teams the ability to detect anomalous network activity, accurately identify sensitive data, and make informed decisions in real-time. In the context of the upcoming webinar, SASE refers to Zscaler’s Zero Trust Exchange solution. You can read about its benefits here.
NextGen SOAR: Helping You on Your Journey to Zero Trust
For enterprises moving their IT infrastructure to a zero trust model takes time and deliberation. It’s a gradual process that can often take years. NextGen SOAR offers a migration path for SASE buyers to easily adopt SASE capabilities as needed, while still being able to use their existing network and security investments. As a SOAR tool that integrates with a variety of paradigms, NextGen SOAR seamlessly integrates with your existing network and security systems, enabling you to manage your day-to-day SOC (security operations center) workflow as you bring on additional zero trust tools. Your SOC processes are independent of the underlying technology. This allows you to add services and expand your security posture without taking on additional capital expenditures or added operational complexity.
Use Case: Cross Stack Correlation and Remediation
When alerts come in from Zscaler, SIEM, EDR, EPP, or other any source, D3’s Event Pipeline can automatically handle triage, investigation, and response. The ingested alert is analyzed and parsed, and key event fields and artifacts like host name, IP addresses, and MITRE ATT&CK TTP labels are extracted and mapped from the alert. The alert is enriched with threat intelligence sources and via contextual search queries across your security stack (EDR, SIEM, TIP tools, etc.) to actively hunt for related threats. Related events that share common artifacts are grouped together. False positives are auto-closed, and alerts with high severity are escalated to incident status, triggering incident playbooks to kick off response actions. The result is a streamlined and well-informed incident response workflow, all from a single interface.
Join our Webinar with Zscaler on August 17th at 1PM EDT
Zscaler and D3 Security are proud to partner together to help companies around the world reduce their attack surface and improve their security. Join us on August 17th at 1PM EDT to learn how Zscaler’s Zero trust Exchange Platform and NextGen SOAR work together to enable faster detection and response times.
Rahim Ibrahim is the director of technology alliances at Zscaler, whose Zero Trust Exchange platform provides comprehensive security using context-based identity and policy enforcement. A seasoned engineer, Rahim is experienced with zero trust architecture and integration of cloud, security, and containerization technologies. He maintains deep knowledge of Zscaler’s extensive ecosystem including integrations and use cases.
Stan Engelbrecht, CISSP is the director of cybersecurity practice at D3 Security, whose NextGen SOAR Platform allows security teams to respond across the tech stack and deal with 90% fewer incidents. Stan has worked closely with enterprise and MSSP clients to implement numerous SOAR use cases. His expertise has allowed him to experience real-world challenges and opportunities, giving him a rich, broad perspective on security automation.
Even if you can’t make it, we highly encourage you to register. This way, you will be able to have a copy of the webinar that we will send you after the live event. And for those who can join us on August 17th at 10AM PDT / 1PM EDT, you get a chance to ask Stan and Rahim any questions you might have in the Q&A session. Space is limited, so reserve your spot today!