Are you attending this week's RSA Conference? This is the
world's leading information security conference and
exposition taking place in San
Francisco. To get ahead of many of the security topics that will be discussed at the show, VMblog spoke with Shehzad Merchant, Chief Technology Officer of Gigamon,
the company providing network visibility and analytics on all
information-in-motion across physical, virtual and cloud environments.
VMblog: What are you most looking forward to at RSA?
Shehzad Merchant: I
look forward to RSA every year. It's a great opportunity to reconnect with
other security professionals. This year, I am particularly excited to see and
discuss some of the technologies that are at the intersection of
virtualization, cloud and cybersecurity. Security for many years had taken a
back seat when it came to digital transformation - driven by virtualization and
the cloud. In fact, security was almost an afterthought in the journey of
digital transformation and the move to the cloud. But we are finally seeing
that change with cybersecurity becoming front and center of the cloud migration
conversation. I am also very excited for our presence at RSA, as we have had an
amazing year with record revenue growth and the strongest fourth quarter in the
company's history. We will be located at booth S-1243 showcasing network
visibility, analytics and security product innovations that work across the
hybrid cloud. I encourage readers to swing by the booth or coordinate a meeting
to learn more about the role of network visibility in any organization's
digital transformation strategy.
VMblog: What are the largest security market trends that
Gigamon is solving?
Merchant: We live in a digital
age where connectivity is almost ubiquitous. And mission critical systems are
now coming online. With this, we are seeing a shift in the nature of
cyber-attacks. Whereas attacks on confidentiality of information used to
dominate the headlines, we are now seeing attacks on the integrity and
availability of systems.
One of the important
approaches to detect breaches in this connected world of users, devices, and
systems, is to monitor the network traffic for footprints that can lead to the
attacker as well as identify and enumerate all the applications, devices, and
users on your infrastructure. This is an area where Gigamon along with its
partner ecosystem is making a big difference. Indeed, this approach is at the
heart of the Zero Trust architecture.
Zero Trust is a
significant architectural shift in how organizations model their security
strategy. It is rooted in the fact that we can no longer imply trust, based on
whether an asset is on the "Intranet" or the "Internet". In other words, all
assets be it a user, device or an application, need to be identified,
authenticated and access controlled. And from there on continuously
monitored.
At Gigamon, we have a
firm belief in all organizations taking a Zero Trust strategy where they
understand, manage, and most importantly, decrease implicit trust across their
infrastructure. Think of Zero Trust as a journey that is always changing and
requires consistent monitoring. It is an ongoing process that provides additional
security with each step.
VMblog: What are some network security best practices you
would deem critical?
Merchant: I would break this down
into three pillars or three areas of best practices. The first is practice good
hygiene - things like multi-factor authentication, network segmentation and
endpoint protection. The second pillar is continuous monitoring and detection.
And here it is important to leverage the network wherever you can for
visibility. The network is perhaps one of the most content rich sources of telemetry.
And the third pillar is automation and rapid response.
And let me offer one
practice to perhaps start deprecating - and that is trusting a user or device
or application just because it is on the "Intranet". That implicit trust is the
root of many breaches. From a Zero trust perspective, whether an asset is on
the "Intranet" or "Internet", it should be treated no differently. Getting to
this point is a journey. But start with setting that as an explicit goal and
then take steps towards that goal.
VMblog: What are some top priorities for security leaders at
RSA to achieve Zero Trust?
Merchant: The starting point for
any security leader is to recognize that Zero trust is a journey that starts
with mapping out and understanding all the assets (users, devices, applications)
on the network. This is the starting point. From here the next set of
priorities quickly evolve to putting in place an authentication and access
control strategy, using multi-factor authentication for all applications,
segmenting legacy assets, and putting in place a continuous monitoring
strategy. These can happen sequentially or in parallel based on the
capabilities and skills in the organization. It is important to not try to do
too much all at once, but pick a few of these areas to focus on and incrementally
move the ball forward.
VMblog: What are some common misconceptions about Zero
Trust?
Merchant: It
is important to recognize that Zero Trust is not a product. Zero Trust is a
framework, and a journey. And while many organizations have a hard time
believing that Zero Trust is achievable, it is a journey that all organizations
can embark on with some basic steps. In most cases, organizations shy away from
the concept simply because they don't know where to start. And many
organizations focus on the end state and attempt to boil the ocean all at once
to get there. My suggestion is don't try to boil the ocean. Start with the
basics and build upon it incrementally. Map out your assets, multifactor
everything, put in place a continuous monitoring strategy and build upon that.
VMblog: How does Zero Trust provide a framework to address
the complexity introduced by digital transformation?
Merchant: Digital transformation
involves the introduction of new
applications that power the transformation. These applications typically run
over a hybrid cloud infrastructure, with users accessing these applications
over any available network - be it the corporate network, a guest network in a
hotel or a hotspot in a cafe, or over a cellular network. Increasingly many of
these applications are accessed via local breakouts from remote locations - aka
SD-WAN, rather than hair-pinning the user's traffic back to a corporate
network. This new world breaks many of the existing security assumptions that
traditional security models or frameworks adhered to. Zero Trust provides a
framework to address this complexity by systematically eliminating implicit
assumptions of trust - for example implicitly treating the Intranet as being
more secure than Internet, even when the user on the Intranet is using his own
personal device that may have surfed suspicious sites over an insecure hotspot.
Approaching security through a "Zero Trust lens" reduces complexity by
providing a consistent approach to security and a consistent user experience
irrespective of where a user is coming from - be it a hotspot, the corporate
Intranet or another location. It helps organizations build in best practices
for visibility into their infrastructure, across private, public and hybrid
clouds.
VMblog: Any 2020 predictions related to Zero Trust VMblog
readers should be aware of?
Merchant: I expect Zero Trust to be scrutinized
heavily in 2020 and in fact I expect that Zero Trust will go through its own
hype cycle in 2020. This may lead to potential confusion as well. However, out
of the ensuing confusion, I expect there will arise a better understanding of
what Zero Trust is, what it is not, and how best to embark on the journey. I
look forward to helping organizations embark on that journey.
##