< Return to Video

Simplifying Zero Trust for User-Based Security

  • 0:00 - 0:02
    Hello everyone, and welcome to the
  • 0:02 - 0:04
    Security Speakeasy Show,
  • 0:04 - 0:06
    where we talk about network security.
  • 0:06 - 0:09
    And today, we're going
    to cover a topic that's of
  • 0:09 - 0:12
    interest to a lot of security
    professionals around the world.
  • 0:12 - 0:15
    We will talk about zero trust,
  • 0:15 - 0:17
    and what PaloAlto Networks offers to
  • 0:17 - 0:20
    address zero trust for identity.
  • 0:20 - 0:23
    And we have the right person
    to talk about on this topic.
  • 0:23 - 0:35
    [Music]
  • 0:35 - 0:38
    My name is Neha Kumar, and I'm
    the Senior Product Marketing Manager
  • 0:38 - 0:43
    at PaloAlto Networks.
    And joining me today is Brian Levin,
  • 0:43 - 0:45
    who's a product line manager for
  • 0:45 - 0:47
    identity and access, and is responsible
  • 0:47 - 0:50
    for cloud identity
    products and initiatives.
  • 0:50 - 0:54
    Brian, welcome to the show. Now, everyone
  • 0:54 - 0:55
    in the industry and the media has been
  • 0:55 - 0:57
    talking about zero trust.
  • 0:57 - 0:59
    Can you tell us what exactly is zero
  • 0:59 - 1:02
    trust, and why are
    companies talking about it?
  • 1:02 - 1:05
    [BRIAN]: Thank you for having
    me on the show today.
  • 1:05 - 1:08
    Zero trust is a very
    hot topic within the industry,
  • 1:08 - 1:10
    and specifically because
    the industry's changed,
  • 1:10 - 1:12
    and there's a lot more
    remote work going on.
  • 1:12 - 1:15
    So, zero trust is a policy where it's
  • 1:15 - 1:19
    important to give least
    privileged access to
  • 1:19 - 1:20
    all users. So that means that you must
  • 1:20 - 1:23
    verify users, applications,
    and devices on your network
  • 1:23 - 1:26
    before allowing them to access any assets.
  • 1:26 - 1:29
    This is becoming increasingly
    important because, of course,
  • 1:29 - 1:30
    network boundaries have changed,
  • 1:30 - 1:33
    and people are working from everywhere.
  • 1:33 - 1:35
    Users and applications are spanning
  • 1:35 - 1:36
    multiple products and services
  • 1:36 - 1:38
    across multiple different locations, and
  • 1:38 - 1:41
    it just makes it more and more important
  • 1:41 - 1:43
    to really focus on zero trust and having
  • 1:43 - 1:45
    zero trust policy in place.
  • 1:45 - 1:47
    There's...it's been a huge focus
  • 1:47 - 1:49
    recently, because in the recent White
  • 1:49 - 1:51
    House press announcement,
  • 1:51 - 1:53
    they've recommended zero trust as a way
  • 1:53 - 1:56
    to secure your networks,
    and NIST and the U.S. government
  • 1:56 - 2:00
    have both come out with standards
    on how to implement zero trust.
  • 2:00 - 2:02
    It's a focus here at PaloAlto networks
  • 2:02 - 2:04
    because we take a very holistic approach
  • 2:04 - 2:06
    at the way we implement zero trust. A lot
  • 2:06 - 2:09
    of other companies are looking at ZTNA,
  • 2:09 - 2:12
    or remote access of users
    as being zero trust,
  • 2:12 - 2:14
    but we're focused on the end-to-end
  • 2:14 - 2:17
    strategy of zero trust,
    which spans campus branch,
  • 2:17 - 2:19
    remote users, of course, data centers,
  • 2:19 - 2:23
    public, private, cloud,
    and SAS applications.
  • 2:23 - 2:26
    [NEMA]: Thank you, Brian. You know,
    you mentioned that one of the
  • 2:26 - 2:27
    cornerstones of zero trust
  • 2:27 - 2:29
    is to give your users access to all the
  • 2:29 - 2:31
    applications they need
  • 2:31 - 2:33
    with zero trust in mind.
  • 2:33 - 2:34
    Can you elaborate on that,
  • 2:34 - 2:37
    and how does that affect today's reality
  • 2:37 - 2:39
    when we all are working
    from different locations?
  • 2:39 - 2:41
    For example, right now,
    I'm working from home,
  • 2:41 - 2:43
    and then very soon, we're gonna go
  • 2:43 - 2:44
    to the office two days in a week and
  • 2:44 - 2:47
    then a few days, we'll work from home,
  • 2:47 - 2:50
    and we're moving to this
    hybrid work environment scenario.
  • 2:50 - 2:52
    So what exactly is changing with the way
  • 2:52 - 2:54
    networks are being deployed
  • 2:54 - 2:56
    as the world is moving towards this
  • 2:56 - 2:58
    distributed network system?
  • 2:58 - 3:00
    [BRIAN]: Yeah, if we go back, like, five
  • 3:00 - 3:02
    years, or maybe even two years, or
  • 3:02 - 3:05
    a year and a half, everyone was sitting
  • 3:05 - 3:08
    in a office, and in that
    office, there'll be a
  • 3:08 - 3:09
    single point of egress for internet,
  • 3:09 - 3:11
    and that will have a
    single security stack.
  • 3:11 - 3:13
    So, the network was very simple.
  • 3:13 - 3:16
    You would have a single source, or single
  • 3:16 - 3:18
    active directory that will provide
  • 3:18 - 3:20
    identity of all of your users. You would
  • 3:20 - 3:22
    have all the data going
    through a single point,
  • 3:22 - 3:24
    and things were simple at that time.
  • 3:24 - 3:26
    Today, it's much different.
  • 3:26 - 3:28
    People are working from home, sometimes
  • 3:28 - 3:30
    the office, sometimes branches,
  • 3:30 - 3:31
    sometimes a coffee shop, and
  • 3:31 - 3:34
    with that kind of
    distributing the workforce,
  • 3:34 - 3:36
    applications are spanning
  • 3:36 - 3:38
    all of this, all the time. And so, it just
  • 3:38 - 3:39
    becomes more and more important
  • 3:39 - 3:41
    to have that
    consistent security experience,
  • 3:41 - 3:43
    regardless of what applications you're
  • 3:43 - 3:45
    using and what location.
  • 3:45 - 3:48
    [NEMA]: Absolutely.
    So, at PaloAlto Networks,
  • 3:48 - 3:49
    especially, your team works mainly on
  • 3:49 - 3:51
    identity-based capabilities
  • 3:51 - 3:55
    and we've been offering
    user-based security for over a decade.
  • 3:55 - 3:57
    How did this affect, in particular,
  • 3:57 - 3:59
    identity, example, implementing and
  • 3:59 - 4:03
    maintaining user-based
    security and authentication?
  • 4:03 - 4:07
    [BRIAN]: Yeah, that's a great point.
    And if we can go back to
  • 4:07 - 4:10
    the previous example about...in the last,
  • 4:10 - 4:12
    or two years ago, everyone
    was in a single location.
  • 4:12 - 4:16
    Now it's that distribution,
    and with that distribution,
  • 4:16 - 4:19
    that single Microsoft AD server that
  • 4:19 - 4:21
    90% of enterprises across the world
  • 4:21 - 4:24
    we're using, is no longer applicable,
    because we have...
  • 4:24 - 4:27
    ...we have applications that are on-prem.
  • 4:27 - 4:30
    We have cloud applications,
    we have users everywhere,
  • 4:30 - 4:32
    and so there's a couple trends that are
  • 4:32 - 4:33
    really influencing identity and
  • 4:33 - 4:35
    authentication throughout the network.
  • 4:35 - 4:38
    One is, of course, on-prem,
    and that's your on-prem AD
  • 4:38 - 4:41
    server that is in your network.
  • 4:41 - 4:43
    Second is something
    called hybrid identity,
  • 4:43 - 4:45
    where you have your on-prem AD, but then
  • 4:45 - 4:48
    you also have a cloud service
    that synchronizes with it.
  • 4:48 - 4:49
    So, all of your on-prem applications
  • 4:49 - 4:51
    would connect to your on-prem server,
  • 4:51 - 4:53
    and all of your cloud applications would
  • 4:53 - 4:55
    connect to the cloud instance of it,
  • 4:55 - 4:57
    and that's called hybrid identity.
  • 4:57 - 4:58
    And then there's multi-cloud identity,
  • 4:58 - 5:00
    which is where you have multiple
  • 5:00 - 5:02
    different cloud-based identity services.
  • 5:02 - 5:04
    In typical enterprises today, those are
  • 5:04 - 5:06
    all mixed, so think about having
  • 5:06 - 5:10
    not just one, but
    two, three, four, possibly
  • 5:10 - 5:11
    even ten sources of identity
  • 5:11 - 5:13
    in a single network.
  • 5:13 - 5:16
    [NEMA]: Absolutely, and I can
    see why that's a challenge.
  • 5:16 - 5:18
    So, as customers are trying to implement
  • 5:18 - 5:20
    user-based security and
    implementing authentication,
  • 5:20 - 5:24
    whether it's single sign-on
    or multi-factor authentication,
  • 5:24 - 5:26
    using these multiple sources of identity
  • 5:26 - 5:27
    information that you just mentioned,
  • 5:27 - 5:30
    whether it's on-prem
    or cloud ID providers,
  • 5:30 - 5:33
    what are some of the key challenges that
  • 5:33 - 5:35
    you're seeing that organizations and
  • 5:35 - 5:37
    security teams are facing today?
  • 5:37 - 5:41
    [BRIAN]: Yeah, so, the two key
    pinpoints that we're seeing
  • 5:41 - 5:45
    security teams and identity teams
    really face as they
  • 5:45 - 5:47
    deploy network security today
  • 5:47 - 5:50
    is, one is making sure that the right
  • 5:50 - 5:52
    resource has that consistent experience
  • 5:52 - 5:54
    when they come from
    many different locations.
  • 5:54 - 5:56
    So I expect it...access apps
  • 5:56 - 5:57
    the exact same way if I'm at
  • 5:57 - 5:59
    home, or if I'm in the office,
  • 5:59 - 6:00
    or if I'm on my mobile phone in the
  • 6:00 - 6:03
    coffee shop. And so that consistency
  • 6:03 - 6:05
    through identity is key. The second is
  • 6:05 - 6:07
    just maintaining authentication.
  • 6:07 - 6:09
    And so with so many different locations,
  • 6:09 - 6:11
    and authentication sources,
  • 6:11 - 6:12
    it's how do I make sure I've accessed
  • 6:12 - 6:14
    the right assets at any given time?
  • 6:14 - 6:18
    And those are the key problems we see.
  • 6:18 - 6:20
    [NEMA]: Absolutely. So,
    you know, at PaloAlto
  • 6:20 - 6:22
    Networks, our goal is to simplify
  • 6:22 - 6:24
    security for our customers.
  • 6:24 - 6:26
    What's PaloAlto Networks doing about
  • 6:26 - 6:28
    this problem, and how are we addressing
  • 6:28 - 6:31
    the problem of simplifying
    user-based security
  • 6:31 - 6:34
    and addressing zero trust
    for our customers?
  • 6:36 - 6:38
    [BRIAN]: Yeah, here at PaloAlto Networks,
  • 6:38 - 6:40
    holistic zero trust approach
  • 6:40 - 6:44
    is top of mind with us.
    We have recently introduced
  • 6:44 - 6:45
    a cloud identity engine, which is a
  • 6:45 - 6:47
    brand new cloud service
  • 6:47 - 6:49
    focused on solving this problem for
  • 6:49 - 6:52
    the industry, and for our customers.
  • 6:52 - 6:55
    We focus on two elements:
    identity and simple authentication.
  • 6:55 - 6:57
    From the identity point of view,
  • 6:57 - 6:58
    what we do is we connect to both
  • 6:58 - 7:01
    on-prem and cloud directory sources.
  • 7:01 - 7:06
    We are able to pull
    all of the data attributes
  • 7:06 - 7:10
    together in a single source, and
    then serve that to all PaloAlto products,
  • 7:10 - 7:15
    whether it's our firewalls, Prisma Access,
    XDR, our management systems.
  • 7:15 - 7:17
    And then with all that in a single place,
  • 7:17 - 7:19
    we're able to ensure that
  • 7:19 - 7:22
    our consistent security policy is issued.
  • 7:22 - 7:24
    And so now, I have that
    exact same experience
  • 7:24 - 7:27
    if I'm at home, if I'm in the office,
  • 7:27 - 7:29
    or anywhere else in the world.
  • 7:29 - 7:31
    I am Brian and I have access to my apps,
  • 7:31 - 7:33
    and that is what's key here.
  • 7:33 - 7:36
    In addition to just the identification,
  • 7:36 - 7:38
    we've solved the authentication
    problem, too,
  • 7:38 - 7:42
    where there's many
    different IDPs out there,
  • 7:42 - 7:44
    and those IDPs need to be configured as
  • 7:44 - 7:47
    an SP for each of my
    different firewalls and
  • 7:47 - 7:50
    cloud services. And so that means that it
  • 7:50 - 7:52
    can take a network administrator
  • 7:52 - 7:55
    or an admin almost a month,
  • 7:55 - 7:58
    to possibly even a year, to configure a
  • 7:58 - 7:59
    single IDP on their network.
  • 7:59 - 8:02
    That's very painful and time-consuming.
  • 8:02 - 8:03
    We've reduced that
  • 8:03 - 8:05
    into allowing you to bring a single IDP
  • 8:05 - 8:07
    on within 10 minutes.
  • 8:07 - 8:09
    And so these are the two ways that we
  • 8:09 - 8:11
    just make the network a lot easier for
  • 8:11 - 8:15
    customers as they migrate to zero trust.
  • 8:15 - 8:17
    [NEMA]: Yeah, Brian, that's really
    fascinating, and
  • 8:17 - 8:19
    I hope our listeners are excited to hear
  • 8:19 - 8:21
    how we're simplifying
  • 8:21 - 8:22
    implementation of identity-based
  • 8:22 - 8:24
    security with Cloud Identity Engine.
  • 8:24 - 8:27
    And by the way, did
    I just hear 10 minutes?
  • 8:27 - 8:30
    [BRIAN]: Yes, 10 minutes
    from a single IDP.
  • 8:30 - 8:33
    [NEMA]: That's very impressive.
    If you would like
  • 8:33 - 8:34
    to know more about
  • 8:34 - 8:35
    Cloud Identity Engine, check out the
  • 8:35 - 8:38
    demos and the technical
    content that we have.
  • 8:38 - 8:40
    You can either Google it, or use the
  • 8:40 - 8:43
    links in the description below.
  • 8:43 - 8:45
    If you have liked the show, hit the
  • 8:45 - 8:46
    Subscribe button,
  • 8:46 - 8:48
    leave a comment, and visit
  • 8:48 - 8:50
    paloaltonetworks.com.
  • 8:50 - 8:51
    Thank you.
Title:
Simplifying Zero Trust for User-Based Security
Description:
more » « less
Video Language:
English
Duration:
09:01

English subtitles

Revisions Compare revisions

Our website uses cookies for analysis purposes.