John Kindervag, the creator of Zero Trust, explains how the five-step Zero Trust model maps to the concepts of security graphs and containment to enable a new level of protection.
John Kindervag, the creator of the Zero Trust model, has found a new way to put its principles to work. It involves the use of artificial intelligence (AI)–driven security graphs to implement a microsegmentation and containment strategy aimed at protecting valuable resources even in the face of the inevitable breach.
Now chief evangelist at Illumio, Kindervag says security graphs are a great help in implementing the five-step Zero Trust model and, importantly, keeping it up to date over the long haul.
Security maps eliminate the element of chance
For too long, security professionals often lacked a way to make sense of the information at their disposal to ensure security. Even when it was available, they had no way to display and interact with it effectively.
“The value of the security graph is that it collects information and presents it as a map,” Kindervag says. “To me, the map was always the most important thing, because without one, you’re more likely to be lost, and whatever decision you make, you’re leaving some element of it up to chance.”
Maps are indeed important to the concept of containment, which is built on the Zero Trust mantra of not allowing anyone or anything access that is not explicitly authorized.
Mapping the five-step Zero Trust model
It’s helpful to review the five-step approach to creating a Zero Trust environment to understand the connections to security graphs and containment.
1. Define protect surface
Step 1 is defining the protect surface, or the resources you want to protect. This task is made simpler by the security graph, which is a database of all your systems and applications.
2. Map transaction flows
Step 2 involves mapping transaction flows to show how users, applications, data, and systems interact.
3. Architect a framework
Step 3 involves architecting a framework to address the job of securing your Protect Surfaces. In both cases, security graphs make these jobs far simpler and the results more accurate.
“It used to take weeks to do this kind of thing,” Kindervag says. It involved talking to administrators and others about how various processes worked and which systems were involved. “You were always guessing. You didn’t have actual data to back it up. It was just, ‘Well, Joe says the database talks to this thing and that thing.’”
4. Implement architecture, create policies
Step 4 is implementing your architecture onto your network and creating policies that enforce containment and microsegmentation. The security graph provides clear context, making it easy to identify the most sensitive resources that require strict policies.
5. Ongoing maintenance
Finally, step 5 is continued maintenance over time. The Illumio Platform makes this a natural process. With an assist from sophisticated AI models, it continuously shows which connections have been approved and denied and — where no policy exists — encourages users to investigate whether one is warranted.
But it all starts with the maps created from security graphs and all the AI tools that go into creating them. “Maps are important. That’s why we say cybersecurity needs better cryptographers,” Kindervag says. “Wars are won and lost based upon the quality of maps.”
Learn more about how to create effective maps and establish a robust cybersecurity defense. Contain the breach with Illumio.
