Podcasts
Word Notes
Ep 137
Word Notes 2.28.23
Ep 137 | 2.28.23

ZTNA (noun)

Show Notes
Transcript

Rick Howard: The word is: ZTNA

Rick Howard: Spelled: Z for zero, T for trust, N for network, and A for access. 

Rick Howard: Definition: A technology set design to support the cybersecurity first principle strategy of zero trust, that limits device people and software component access to only designated authorized resources and nothing more.

Rick Howard: Example sentence: The Zero Trust Network Access Solution prevented the attacker from moving laterally within the network. 

Rick Howard: Origin and context: In the early 2000's, the U.S. Military started experimenting with the idea of de-perimeter under the project name the Jericho Forum. The concept was to move away from the old perimeter defense model; to decouple the identification and authorization functions away from the workload. In other words, you don't connect to the sensitive workload and then try to log in. Instead, you connect to a separate system that verifies your identity and validates that you are authorized to connect to the sensitive workload. If you are, then the system establishes the connection to just that workload and nothing else.

Rick Howard: The Jericho Forum captured some of the first ideas about what would eventually be known as the cybersecurity first principle zero Trust strategy, but they never built it. The man who gets the credit for the name Zero Trust and the initial concepts and the model is John Kindervag. . In 2010 while working for Forrester, he published a research report entitled "No More Chewy Centers: Introducing the Zero Trust Model of Information Security," which outlined a security model that assumes that all network traffic is untrusted and must be verified before access is granted. 

Rick Howard: The same year that Kindervag published his paper, Google got hit by a massive Chinese cyber espionage attack called Operation Aurora, the Hackers Unit 61398 of the People's Liberation Army, APT1, as it would become to be known later, targeted 34 major companies, including Google, Microsoft, and Juniper, with three goals: number one, accessing the Gmail accounts of Chinese human rights activists, number two, spying on the Google's internal legal discovery portal, the portal that managed law enforcement requests for information pertaining to ongoing investigations, and finally, number three, stealing the source code and signing certificates of those 34 companies. 

Rick Howard: In response to the Aurora attack, Google's site reliability engineers redesigned their internal security architecture from the ground up. Using the concepts of de-parametrization and the zero trust philosophy. This might be the first publicly acknowledged deployment of ZTNA technologies. A few years later, Google released a commercial product called BeyondCorp that incorporated many of the ideas they developed internally. ZTNA technologies involve verifying the identity of each user, device, and software component attempting to access a resource, and then enforcing policies that determine what level of access each should have based on factors such as role, location, device status, and behavior 

Rick Howard: Nerd reference: John Kindervag, the father of the original Zero Trust idea, spoke at the Create the Future Conference in 2022. 

John Kindervag: So there's a lot of myths about zero trust. The first one is zero trust means making a system trusted. How much trust should there be in a zero trust system? I tried to make it as explicit as as I could, zero. We're trying to get rid of trust, not make system trusted. Zero trust is also not about identity. It consumes identity, but it isn't equal to identity. I can prove that with two words. Snowden, Manning, they were trusted users, they had all the right identity in MFA, but nobody looked at their packets post authentication. And then there are zero trust products, that is not true. There are products that work well in zero trusted environments. But Zero Trust is a strategy designed to stop data breaches and make other cybersecurity attacks unsuccessful. It's a strategy that uses products 

Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.

Word Notes
Podcast Info
HOST(S):
Rick Howard
Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.
Schedule: Tuesdays
Creator: CyberWire, Inc.
ADVERTISEMENT
Sponsored by Kolide
Sponsored by Kolide

Kolide sends employees important, timely, and relevant security recommendations for their Linux, Mac, and Windows devices, right inside Slack. Kolide is perfect for organizations that want to move beyond a traditional lock-down model. Learn more.