Wednesday, November 15, 2023

1:30 PM - 2:30 PM

Fitzroy Theatre

---

ㅤ

Zero Trust, defined by NIST SP 800-207, is widely seen as a framework to significantly improve resilience to attack from even sophisticated nation state threat actors. The standard itself, enhanced by a number of potential frameworks, outlines a key concept of driving implicit trust out of security architecture, meaning that any trust we give components is validated rather than implied. A problem arises in that architects building zero trust architectures seem to forget that the controls which they use to build their ZTA infrastructure are also subject to attack, and we need to drive implicit trust out of them too. Quis custodiet ipsos custodes? But how?
In this presentation, we will deal with the varieties of telemetry we can use in a ZTA to understand, assess and measure trustworthiness; how we should be using defence in depth measures in ZTA control infrastructure to ensure that threat actors compromising our infrastructure doesn't lead to a complete security failure, and how correlation across telemetry sources from MELT, from in-system agents like EDR, and from external monitoring of network activity can be correlated to detect compromised infrastructure, even if sourced from implants or supply-chain attacks.

---

Speaker/s