Blog

Articles and stories about BeyondCorp from the ScaleFT team

BeyondCorp Weekly 13

Ivan Dwyer - March 28, 2017



As promised last week, I have videos to share. First, I will shamelessly plug my own talk during the BeyondCorpSF Meetup held at Heavybit Industries earlier this month. The key theme was how Zero Trust is changing our notion of Identity & Access, and what this means from a broader market perspective. Have a watch.

http://www.heavybit.com/library/blog/beyondcorp-meetup-google-security-for-everyone-else/

For a more technical deep dive, Evan Gilman and Doug Barth gave a talk about network design at last week’s SREcon. They dove into their experience designing a resilient, highly available Zero Trust network while at PagerDuty. Great stuff.

https://www.usenix.org/conference/srecon17americas/program/presentation/barth

Thanks to those who answered my call from last week’s newsletter to share thoughts around BeyondCorp in your own work. It’s been great to hear about your initiatives, and the challenges you’re facing ahead. I plan to do a more formal writeup of the common questions/comments I’ve been hearing in conversation to start building up a community knowledge base. I’d love to hear from more of you, so feel free to drop me a note.

Here are a few things that caught my eye this past week.


Answering the #1 Question in Identity Management [RSA]

On the topic of identity, a recent study by IDG found that better authentication is a top want for many organizations due to the difficulties in tracking devices and enforcing policies with new users. Google has been able to enforce better security practices with BeyondCorp through a mandate from the top, and a diligence in tracking users and devices.

Today’s Most Installed Software: Google Chrome, Adobe Reader, Flash Player [Bleeping Computer]

Yet another survey, but one with a single glaring statistic - more than half of active software installs are out of date. Again, better security practices, such as keeping software up-to-date, are a by-product of a BeyondCorp-like system. By enforcing policies when accessing company resources, users will start making better decisions, to the point where it becomes second nature.

Prioritizing Threats: Why Most Companies Get It Wrong [Medium]

Making a bold statement, Michael Davis points out that companies generally focus on single attack surfaces when they should be looking at how things are related to each other. This can be achieved by following potential flows of traffic, and inspecting access controls from one resource to another.

Lessons Learned in Detection Engineering [Medium]

As someone who has really been examining how various companies run their security, Ryan McGeehan shares insight into what he’s found with intrusion detection programs. Here he discusses the relationship between risk and mitigation in terms of monitoring and alerting. Fascinating as always.

Introducing Threat Operations: TO in Action [Securosis Blog]

Closing out his series on threat operations, Mike Rothman puts his theories into action with a hypothetical scenario. The right balance of automated systems and human intelligence lead to more effective workflows and processes to handle extreme situations. Similarly, proper monitoring & alerting mechanisms are crucial to make the right connections.


Upcoming Events

InfoSec Southwest
Apr 7 - 9
Austin, TX

Rocky Mountain InfoSec Conference
May 9 - 11
Denver, CO


That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,

Ivan at ScaleFT

@fortyfivan


Ivan Dwyer

Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.

ScaleFT Zero Trust Access Management
Subscribe to the Newsletter

Subscribe to the BeyondCorp newsletter to get notifications about new posts by email.