The concept of Zero Trust started with a goal: “Never Trust. Always Verify”. It’s well and fine as a goal but is nebulous at best in actual execution. The NIST guidelines put out last year definitely help, but even so, there are lots of specific practical questions that need to be answered as your organization walks down the Zero Trust path – a path that may take literally years to complete.
One of those questions is the role encrypted communications plays in Zero Trust. The use of SSL, VPNs, and TLS have long been staples in the IT arsenal to secure communications, but they don’t just obfuscate sensitive business traffic; they also can hide malicious communications. And yet, these encryption technologies are a necessary part of operations to secure business data and communications. As you move towards a state of Zero Trust, the ability to have visibility into and dynamically evaluate access requests in an effort to maintain a constant state of “untrustworthiness” becomes critical. When considering all this, it becomes evident how encrypted communications can stifle Zero Trust, and the organization’s ability to identify, isolate, stop, and respond to attacks.
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first discuss:
- The current state of encryption in business and cyberattacks
- What Zero Trust has to say about encryption
- The challenges encryption places on your detection of and response to attacks
- How encrypted communications hurts your Zero Trust efforts
Nick will be joined by Babur Nawaz Khan, Technical Marketing Engineer at A10 Networks. Babur will provide a deeper dive into how attacks leverage encryption to obfuscate activity, and why visibility into security appliances, internet-facing devices, and attacker behavior analytics is crucial for detection and response efforts. Next, he’ll focus on how decryption of network traffic is necessary, where in your communications should decryption take place, and how it should be architected to facilitate zero trust-levels of visibility.
This real training for free event will be jam packed with technical detail and real-world application. Register today!