TRUST WITHOUT VERIFICATION
• Lack of separation between business-critical systems and systems that are more susceptible to an attack
• Increased likelihood an attacker will achieve their objective
• Diminished ability to prevent movement between security zones
• Elevated risk for both internal and external threats
VERIFICATION & SEGMENTATION
• Access controls may be in place, although a credential compromise still allows a skilled attacker to traverse the network and elevate privileges
• Monitoring may be enabled, although in the event of a ransomware attack critical business functions would likely be impacted
VERIFICATION & ISOLATION
• Enhanced ability to protect critical business functions in the event of a cybersecurity incident
• Protection against insider threats and attackers with trusted credentials
• Reduced costs associated with achieving and maintaining compliance with regulatory obligations
ADAPTIVE, DYNAMIC CONTROLS
• Critical systems are isolated; significantly less susceptible to ransomware and other attacks
• Controls are in place to protect against the entire kill chain
• Controls can be “throttled” to achieve balance between operations and security based on threat intelignece
OPERATIONAL RESILIENCY
A bad actor’s favorite target
More protected, yet still vulnerable
A great step towards resiliency
Resiliency by design; a bad actor’s nightmare
TRUST WITHOUT VERIFICATION
Flat Network & Static Environment
Authentication Controls (passwords)
Expand trust verification & prevent lateral movement
Network segmentation enabled
Multi-Factor Authentication Enabled
Expand trust verification & isolate critical systems
Network isolation enabled
Application control & other Compensating Controls deployed
Zero Trust & resilient architecture
Dynamic Isolation
Adaptive controls based on threat intelligence
OPERATIONAL RESILIENCY