Zero Trust Architecture 9780137899722, 2023906699, 9780137899739, 0137899734

Table of contents :
Introduction
2 Chapter 1. Overview of Zero Trust (ZT)
1 Zero Trust Origins
2 Planning for Zero Trust
3 Zero Trust Organizational Dynamics
4 Cisco’s Zero Trust Capabilities
5 Summary
6 References in This Chapter
7 Chapter 2. Zero Trust Capabilities
1 Cisco Zero Trust Capabilities
2 Policy & Governance Pillar
3 Identity Pillar
4 Vulnerability Management Pillar
5 Enforcement
6 Analytics Pillar
7 Summary
8 References in This Chapter
9 Chapter 3. Zero Trust Reference Architecture
1 Zero Trust Reference Architecture: Concepts Explored
2 Summary
3 References in This Chapter
4 Chapter 4. Zero Trust Enclave Design
1 User Layer
2 Proximity Networks
3 Cloud
4 Enterprise
5 Business Services
6 Summary
7 Chapter 5. Enclave Exploration and Consideration
1 Addressing the Business
Identifying the “Crown Jewels”
3 Identifying and Protecting Shared Enclaves
4 Bringing Blurred Borders Back into Focus
5 Incorporating New Services and Enclaves
6 Using Automation in Enclaves
7 Considerations on the Physicality of an Enclave
8 Summary
9 References in This Chapter
10 Chapter 6. Segmentation
1 A Brief Summary of the OSI Model
2 Upper Layer Segmentation Models
3 Common Network-Centric Segmentation Models
4 North-South Directional Segmentation
5 East-West Directional Segmentation
6 Determining the Best Model for Segmentation
7 Applying Segmentation Throughout Network Functions
8 How To: Methods and Considerations for Segmentation in an Ideal World
9 Restricting Peer-to-Peer or Jump-Off Points
10 Summary
11 References in This Chapter
12 Chapter 7. Zero Trust Common Challenges
1 Challenge: Gaining Visibility into the Unknown (Endpoints)
2 Overcoming the Challenge: The Use of Contextual Identity
3 Challenge: Understanding the Expected Behavior of Endpoints
4 Overcoming the Challenge: Focusing on the Endpoint
5 Challenge: Understanding External Access Requirements
6 Overcoming the Challenge: Mapping External Communication Requirements
7 Challenge: Macrosegmentation vs. Microsegmentation
Microsegmentation for the Network
8 Overcoming the Challenge: Deciding Which Segmentation Methodology Is Right for an Organization
9 Challenge: New Endpoint Onboarding
10 Overcoming the Challenge: Consistent Onboarding Processes
11 Challenge: Policies Applied to Edge Networks
12 Overcoming the Challenge: Ubiquitous Policy Application
13 Challenge: Organizational Belief That a Firewall Is Enough
14 Overcoming the Challenge: Defense in Depth and Access-Focused Security
15 Overcoming the Challenge: The Case for Securing the Application, Not the Network
16 Summary
17 References in This Chapter
18 Chapter 8. Developing a Successful Segmentation Plan
1 Planning: Defining Goals and Objectives
2 Plan: Segmentation Design
3 Implement: Deploying the Segmentation Design
4 Implement: The Segmentation Model
5 Summary
6 References in This Chapter
7 Chapter 9. Zero Trust Enforcement
1 A Practical Plan for Implementing Segmentation
2 Endpoint Monitor Mode
3 Endpoint Traffic Monitoring
4 Enforcement
5 Network Access Control
6 Environmental Considerations
7 Practical Considerations Within Contextual Identity
8 Summary
9 Chapter 10. Zero Trust Operations
Zero Trust Organization: Post-Implementation Operations
2 The Life Cycle of Zero Trust Policies
3 Moves, Adds, and Changes in a Zero Trust Organization
4 Summary
5 References in This Chapter
6 Chapter 11. Conclusion
1 Zero Trust Operations: Continuous Improvements
2 Summary
3 Appendix A. Applied Use Case for Zero Trust Principles
1 Business Problem
2 Goals and Drivers
3 Application of the Principles of Zero Trust
4 Conclusion