Webinar Takeaway: Zero Trust-Modelle ohne Reibungsverluste umsetzen

My key takeaways

• the concept of pure perimeter security (inside is good, outside is evil) is outdated
• What is zero trust
  • invented 2010 by John Kindervag
  • not automatically trust and grant access to a known user, device, account… but check if priviledged
• To implement a zero trust concept a lot of components and different software can be used. But in a broad scenario it increases the probability of a miss due to the increasing complexity
• Compromised credentials are used in 80% of all breaches
• EDR are good in detecting malware and attack tools but not the anormal use of valid credentials
• Detecting anomalies in the behaviour of users or systems offers a good chance of detecting an attacker
  • e.g. on a computer which is usually only used by a dedicated user, another user is logging in
    • may be valid, may be an indicator of compromise => send MFA request to this user to verify validity

Env

• Provided by Crowdstrike
• Presenter: Sascha Dubbel, Sr. Sales Engineer Identity Protection & Zero Trust EMEA
• Whitepaper (reg. required)