An Essential

Guide to
Zero Trust
Security
CYBER DEFENSE GUIDE FOR FUTURE
CYBER RESILIENT ORGANIZATION

1st Edition

Dhiman Deb Chowdhury, MBA, DBA & Hesham Elbakoury

INNOVAX TECHNOLOGIES, LLC | WWW.INNOVAXTECH.COM
An Essential Guide to Zero Trust Security, 1st Edition

Copyright © 2019 by Innovax Technologies, LLC

Limit of liability/disclaimer of warranty: the publisher and the author make no representations or
warranties with respect to the accuracy or completeness of the contents of this work and specifically
disclaim all warranties, including without limitation warranties of fitness for a particular purpose. no
warranty may be created or extended by sales or promotional materials. The advice and strategies
contained herein may not be suitable for every situation. This work is sold with the understanding
that the publisher is not engaged in rendering legal, accounting, or other professional services. if
professional assistance is required, the services of a competent professional person should be
sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact
that an organization or website is referred to in this work as a citation and/or a potential source of
further information does not mean that the author or the publisher endorses the information the
organization or website may provide or recommendations it may make. Further, readers should be
aware that internet websites listed in this work may have changed or disappeared between when
this work was written and when it is read.

All rights reserved. No part of this publication may be reproduced, distributed, or

transmitted in any form or by any means, including photocopying, recording, or
other electronic or mechanical methods, without the prior written permission of
the publisher, except in the case of brief quotations embodied in critical reviews
and certain other noncommercial uses permitted by copyright law.

Innovax Technologies, LLC

Email: info@innovaxtech.com
web: https://www.innovaxtech.com
Table of Contents
1.0 How bad is it out there? .................................................................................................................. 1
1.1 The value at risk due to cybercrime. ..................................................................................................... 3
1.2 How do hackers steal data? .................................................................................................................. 4
1.3 Why traditional cyber defense doesn’t Work? ..................................................................................... 6
1.4 What is Zero Trust? ............................................................................................................................... 6
1.5 Zero Trust Strategy ............................................................................................................................... 8
1.5.1 Elements of Zero Trust Security Model .......................................................................................... 8
1.5.2 Starting with a Governance Framework....................................................................................... 10
1.6 Implementation of Zero Trust Network Security Model ..................................................................... 12
1.6.1 Identity and Access Management (IAM) ...................................................................................... 13
1.6.1.1 Trusted Platform Module (TPM) ........................................................................................... 13
1.6.2 TACACS+ Protocol ........................................................................................................................ 14
1.6.3 Multi-factor Authentications (MFA) ............................................................................................. 15
1.7 Software Defined Perimeter (SDP) ...................................................................................................... 15
1.7.1 Architecture ................................................................................................................................. 17
1.7.2 SDP Workflow .............................................................................................................................. 19
1.7.3 SDP Applications .......................................................................................................................... 20
1.8 Micro-Segmentation ........................................................................................................................... 20
1.8.1 Micro-segmentation in Networks ................................................................................................ 21
1.8.2 Micro-segmentation in Workloads and Applications ................................................................... 23
1.8.3 How it works ................................................................................................................................ 25
1.9 Things to Note..................................................................................................................................... 26
1.10 Working with Innovax™ .................................................................................................................... 26
1.11 Reference .......................................................................................................................................... 29
 1.0 How bad is it out there?

Let’s face it, hackers are more sophisticated in their strategies and techniques now a days.
To make matter worst, data theft is increasingly becoming organized crime and state actors
are also involved. There are substantial evidences that some state actors using
cyberattacks as a tool to cause economic sabotage in United states and Europe and the
phenomena is growing around the world. Cybercrimes have caused staggering financial
losses globally, as per Juniper Research, the amount in 2019 was USD$2Trillion (CPO, 2019).
Across Europe, 421Million data records were breached in October, 2019: highest number of
data records stolen in a single month (Irwin, 2019). This is just tip of the iceberg as only 10%
of data breaches are reported. Even some of world’s most secured public cloud services
are not safe as well. In the fallout stemming from the massive Capital One data breach in
July, 2019 and Amazon Web Services’ (AWS) ties to the breach, two U.S. senators are calling
for an investigation into the incident. A disgruntle AWS employee is behind bar and
charged with wire fraud, computer fraud and abuse for the intrusion into data of Capital
One and more than 30 other organizations (Q13fox, 2019). If you think this was worst data
breach thus far, you will be shocked to learn that account records including name,
password, credit card and social security number information of 1.2 billion people were
found unprotected online in recent days. It is one of the biggest data breaches in recent
years and currently under investigation by FBI. Additionally, the esteemed agency received
1.5Million complaints of data theft in last two years.

Continued cyber terrorism and increase sophistication of the cyberattacks against

government and non-government firms forced Executive Office of the President of United
States to direct Office of the Director of National Intelligence (DNI) to conduct through
analysis on the pattern of attacks and groups involved behind such attacks. The DNI has
classified cyber threat actors into six groups, each driven by distinct objectives and
motivations (CEA, 2018):

Nation-states: DNI identified four state actors, Russia, China, Iran, and North Korea
behind many attacks across the globe. These groups are well funded and often engage in
sophisticated, targeted attacks motivated by political, economic, technical, or military
agendas but their motivation varied at times.

Corporate competitors: Some firms that illicit access to proprietary IP, including financial,
strategic, and workforce-related information on their competitors may often funded by this
state actors. However, few may have acted alone to cause financial harm to competitors
and steal their business secrets.

Hacktivists: This group may include private individual or group of hackers who are
motivated by political agendas or ideological reasons to carry out high-profile attacks.

1
 Organized Criminals: These are cybercriminal collectives who are motivated by profit
seeking to carry out disruptive attacks to steal personal data and company secrets which
they sell on dark web or use such materials to collect ransom.

Opportunists: Motivated by a desire for notoriety, this group of amateur hackers typically
attacks organization using widely available codes and techniques and thus considered least
advanced form of adversaries.

Company Insiders: This group of attackers are typically disgruntled employees or ex-
employees who are motivated by a desire to take revenge or gain financial attacks their
present or former employer’s data resources. However, there are variations as evident I the
case of Capitol One data breach in which an amazon engineer stole its customer data for
financial gain. Insiders can be especially dangerous since traditional cyber defense setting
provide lesser protection against attacks originated from intranet.

The attribution of cybercrime is often difficult though it is possible to identify criminals of

the act with the help of cyber experts and collective help of law enforcement agencies, only
10% of the cybercrimes are reported in the united states (CPO, 2019). More than 90% of the
cybercrimes goes unreported. This situation is even worst in Europe and other countries.
Of the 10% cases that were reported shows staggering rise of cybercrime year over year.

Figure 1. The average annual cybercrime by industry (Accenturesecurity™, 2019)

In a global survey, jointly conducted by Accenturesecurity™ and Ponemon Institute across

11 countries and 16 industries with 2647 respondents from 355 companies found

2
 cybercrime increased more than 67% in last five years. The impact of these cyberattacks to
organization, industries and societies is substantial, the report alleges. The figure above
depicts cost of cybercrime by industries. Banking and Utilities industries continue to have
the highest cost of cybercrime across the sample organizations surveyed in this report with
an increase of 11 percent and 16 percent respectively in 2018. The Energy sector remained
fairly flat over the year with a small increase of four percent, but the Health industry
experienced a slight drop in cybercrime costs of eight percent. The organization spent
more than ever to deal with the cost and consequences of cybercrime – the cost of
cybercrime increased US$1.4million to US$13million according to the survey.

1.1 The value at risk due to cybercrime.

The cybercrime is not only causing immediate harm and financial losses to organizations,
industries and governments but it is also jeopardizing the business values that would
otherwise can be obtained through good cyber security practices. In many cases,
cybercrime has threatened business operations and stifle innovation and growth. In today’s
internet-enabled economy, businesses are vulnerable to cyberattacks and consequences of
potentially devastating loss of trust.

USD$5.2T

Figure 2. Business value risk from cybercrime presented by industry segments (accentruestrategy™, 2019).

Such loss of trust and impediments in innovation and growth could cause a staggering loss
of US$5.2Trillion in business values within next five years if businesses fail to implement
best practices of cyber defense (accenturestrategy™, 2019).

3
 1.2 How do hackers steal data?

In traditional deployment, an innate trust is applied to users of intranet while increase

scrutiny reserved for external traffic. Such concept is fundamentally flawed. In many cases,
attacks are originating internally from malware plagued user endpoints than directly from
outside. Lockheed martin Cyber Kill Chain® framework explains this phenomenon very
well. The framework identifies 7 steps adversaries take to achieve their objective in cyber
intrusion.

Figure 3. Lockheed Martin Cyber Kill Chain® depicting how hackers gain access to network resources (Lockheed Martin, 2019).

Collectively these 7 steps comprise of APT (Advanced Persistent Threats) technique that
hackers use to gain access to network resources and stay undetected for a period of time:

• Reconnaissance: This is first step in hacking which involves information gathering

about people, host and network. Hacker may scan press release, internet, social

4
 networks and other media to learn about people of a targeted organization, next
step is discovering possible victim (s). Hacker may use tool such as nmap and ping
scan etc to gain an understanding of networks and hosts involved.
• Weaponization: In this phase, hacker uses information gathered previously to
prepare for attack It may involve creating believable Spear Phishing e-mails which is
look alike of e-mails that can be potentially received from a known vendor or other
business contact. Victim may be then directed to a fake web page identical to
vendor’s website through a technique called “Watering Holes”. The sole purpose is
to capture your username and password, or to offer you a free download of a
document or something else of interest. The process will help hacker gain required
credential gain access to the network in order to successfully exploit any
vulnerabilities that they may find.
• Delivery: Now, hacker starts the attack that may include a series or things e.g.
Phishing e-mails with weaponized attachment or redirection to fake web page
where user credential is collected. If the Phishing e-mail contains a malware as
attachment, then attacker waits for someone to open the attachment and for the
malware to call back.
• Exploitation: In this phase, hacker uses victim’s credential e.g. username and
password to access the network. If victim opened the malware laced attachment,
then hacker remotely accesses to computer.
• Installation: In order to keep sustain access in the network, hacker install code for
backdoor access, possibly launch attack to other computers and may create admin
accounts and turn off firewall rules etc.
• Command & Control: Now, hacker may have access of other computers, an
understanding of network and even better credentials to gain uninterrupted access
to data and applications. At this point hacker is in control of network infrastructure.
• Action on Objectives: With control of network, hacker now have upper hand to
achieve their objectives. They could be stealing product design, user data and other
confidential information to either monetize the data or use it to cause harm to
targeted organization.

As evident from the steps of APT (Advance Persistent Threat), hacker may use a computer
of an internal user to launch attack to the network. Same can be done through network
devices and Wi-Fi or IOT gateways. According to ZDNET, thousands of Wi-Fi gateway
including Huawei HG532 and Realtek RTL81XX were exploited by Gafgyt malware that takes
advantage of known vulnerabilities to rope these devices into a botnet for the purpose of
setting Distributed Denial of Service (DDOS) attack (ZDNET, 2019). This brings us to the very
question of “Trust” for devices and users that are inside or outside of network perimeter
and trying to connect to network.

5
 1.3 Why traditional cyber defense doesn’t Work?

In a traditional network setup, Cyber Defense is often emphasized on perimeter with

consideration that attacks often originates from outside the organization. This notion of
cyber defense can be explained through the analogy of Castle defense strategy where
assumptions are given that data can be protected by keeping it behind the fortress walls.
For it, IDS/IPS works as the portcullis while firewall provides sentineled access to incoming
traffic. This fortification though protect organization against some forms of cyber thefts, it
is unable to contain lateral movements once wall is fallen or ensuing insider attacks. It may
well be that criminals can penetrate through the crack in the walls or using internal
resources to attack against the targeted organization. Therefore, it is imperative to contain
attacks or marginalized the lateral movement incase of walls are fallen. In case of the
fortress analogy, if dynamic walls sprung up and mazes are created it would
compartmentalize adversaries and contain attacks to smaller pockets within castle. But
there is a problem, unlike human being who can innately identify stranger from friend and
appropriately facilitate trust, network infrastructure is incapable of distinguishing friend
from foe. It requires well planned initiatives, tools and mechanisms to enable anomaly
detection capability in a network infrastructure. However, combining these two distinct
mechanisms of identification and compartmentalization, you could innately build a modern
fortress that is adoptive to future threat.

The drawback in traditional cyber defense is that it lacks dynamism and adoptive ability to
protect against evolving threat thus leading to many of the failures reported in recent years
resulting in staggering financial losses and productivity. Cyber security today is in
crossroads of evolution. In the same way that a fortress inner and outer walls were built in
response to advances in siege technology, a new approach is needed today for
cybersecurity to protect against ever evolving threats. This new approach combines the
existing concepts of “converged security” with dynamic perimeter and “depth in defense” to
the new tenets of “zero trust”. The idea here is that devices and users must build their own
trust to get appropriate access to resources. At the same time IT resources are fortified at
workloads and application levels as if dynamic walls are created to safeguard every nooks
and corners of castle in case the main walls are breached. This notion of “Zero Trust”
contains attacks before it begins whether the origination is outside the wall or inside.

1.4 What is Zero Trust?

The first step towards protecting internal attacks is to treat internal devices and users same
as you would treat external users and devices. Essentially considering all devices and users,
external or internal as potential source for adversaries to launch attack. Rooted in this

6
 concept of “Zero Trust” is a security model that organizations should not automatically
“trust” anything inside or outside its network perimeter instead verify everything trying to
gain access to its network resources. The term “Zero Trust” first coined by John Kindervag, a
former principal analyst of Forrester Research and currently serving as Field CTO at Palo
Alto Networks. The first example of such network was deployed by Google through its
“BeyondCorp” initiative. The guideline set forth by Google helps define a path for other
organizations to formulate and realize their own implementation of “Zero Trust network”.

Figure 4. BeyondCorp components and workflow (Ward & Beyer, 2014).

The concept of “BeyondCorp” dismisses traditional perimeter defense security model and
the notion of network segmentation as the primary mechanism for protecting sensitive
resources. Instead, it advises that all applications and resources can be only accessible
through a user and device-centric authentication and authorization workflow.

Major components of BeyondCorp consists of cooperating elements only allows

authenticated devices and users have access to enterprise applications as shown in the
figure above for which Google® intranet is considered unprivileged network. The workflow
for this implementation includes secure identification of devices against device inventory
database followed by users’ access through single sign-on (SSO) and verification against
user/group database. The concept of BeyondCorp as depicted in figure above treats both
internal and external networks same without any privilege distinctions. For each network,
device and users are expected to earn trust to gain access to network.

7
 This notion of no privilege distinction between internal and external networks is central to
building “Zero Trust networks”. However, it is important to consider “zero trust” in the
context of an organization specific model including network traffic pattern, applications,
device, user, vendor access requirements and network deployments.

1.5 Zero Trust Strategy

As for devising a security strategy, it begins with an attitude: Do not trust, always verify.
Gone are the days when creating impregnable walls to keep adversaries at bay was a
considerable option for enterprise cyber defense. The example of APT discussed earlier
suggest, impregnable walls are ineffective when threat originates from inside. Rather than
depending on the impregnable walls of perimeter defense consider the possibilities of
adversaries in disguise who may pop up in any part of the network. This consideration will
help you begin with a plan for action where devices and users whether internal or external
must build their own trust in order to gain access to IT resources. That said, “Zero Trust
Security” is a journey for which end goal is to eliminate unauthorized access and restrict
lateral movement of all adversaries external or internal in case of a breach. To begin the
journey, map the routes with clear milestones.

1.5.1 Elements of Zero Trust Security Model

Zero Trust is a strategic initiative, as such it requires bringing together business objectives,
employees, leaders, security professionals and organization specific framework to achieve
pragmatic and effective security implementations. Additionally, the effort needs to
incorporate, coordinate, and integrate a challenging combination of policies, practices, and
technologies to succeed. The diagram below depicts Zero Trust security elements that are
taken into context to devise a “zero trust” security model.

Data Foundation: The main purpose of creating a Zero Trust architecture is to protect
data. Hence, a clear understanding of organization’s data assets is critical to implement a
successful zero-trust architecture. It is imperative that you categorize data assets in terms
of mission criticality and accordingly develop a data management strategy as part of overall
“Zero Trust” approach.

Device level Security: One of the critical aspects of building “zero trust” security model is
to enforce policy of “trust building” among devices that are connected to the network and
users who uses the network to gain access to IT resources. Collecting real-time data on
connected devices including identification, access management and policy enforcement is
critical. We will discuss some of the methods that can be implemented to identify the
devices and accordingly create policy for access management.

8
 Figure 5. Elements of "Zero Trust" Security.

People or User level Security: The rule of earning “trust” as it applicable to devices so is
applicable to users. A centralize policy engine can able enforce such criteria for allowing
users access to limited IT resources and access to more mission critical data will further
require users build their trust in gaining more access based on pattern analysis on their
access data and job requirements etc. Proper IAM (Identity and Access Management)
and/or Software Defined Perimeter (SDP) tools can assist in such enforcement, please refer
to IAM and SDP sections in this document for further details. It may well be that existing
tools are not good enough and requires further customization, as such Innovax™ can help
develop and customize such tools for you.

Network Security: Ignore what Pundits says about your impregnable walls of perimeter
defense. Keep it, no need for complete overhaul instead augment where needed with
technologies further strengthen the impregnability but enforce it with dynamic walls that
bubbles up across the network to limit movability once an adversary is detected. This
enforcement can be done through a number of ways through a combinations of IAM, SDP,
policy enforcement, zoning, creating secured network slice both physical and virtualized to
segment elements of networks from each other and host level micro-segmentation to

9
 isolate applications. The ability to segment, isolate, and control the network is central
creating cyber resiliency and thus imperative for a Zero Trust Network.

Application & Workload Security: The important first step for application and workload
level security enforcement is to discover the traffic pattern interdependencies and
appropriate isolation requirements based on compliance guidance. Given the data center
traffic patterns and compliance guidance, zoning can be handy to isolate appropriate
applications and data as per governance requirements. This can be followed by multi-
factor authentication (MFA) process. Despite all possible measures, adversaries may find
their way to applications, considering such possibilities it is imperative to create micro-
segmentation at container, hypervisor and even at micro-services level. This mechanism of
isolation is central to “Zero Trust” model and should be implemented with careful
observation as not to adversely impact workload access and performance.

Security Automation and Orchestration: though certain tools such as SDP and micro-
segmentation provides automation, orchestration and visibility, it is imperative that a “zero
trust” security consider automation and orchestration as critical element of the
implementation. Such consideration should include from device level access to network
level management, events and logs etc. It is good practice to consider automation and
orchestration requirements first before planning to deploy “zero trust” model.

Security Visibility and Analytics: It is difficult to response appropriately if you cannot see
the threats or understand it and the techniques of adversaries. The critical part of “zero
trust” model is to create such visibility and ensuing capabilities to analyze the threats. You
should leverage tools like security information management, advanced security analytics
platforms, security user behavior analytics, and other analytics tools to observe activities of
adversaries if any in real time and orient defenses appropriately. The analysis of networks,
event and log data can help develop proactive security measures before an actual incident
occurs.

1.5.2 Starting with a Governance Framework

There is no need to reinvent the wheel here, depending upon your business needs and
compliance requirements, a best way to proceed is to start with appropriate Governance
guidance e.g. HIPAA, PCI DSS, GDPR, and/or NIST Cyber Security Framework etc.

For example, NIST (National Institute of Standard and Technology) cyber security
framework version 1.1 is a good guideline to follow (NIST, 2018). The Cybersecurity
Enhancement Act of 20141 (CEA) authorizes NIST to identify cyber security risk and develop
risk mitigation guideline for voluntary use in USA by critical infrastructure owners and
operators. In addition, NIST cyber security framework is considerably easy to follow and

10
 widely accepted as de-facto standard. The framework includes five distinct functions and
categories for which each function includes a set of categories: Identify, Protect, Detect,
Respond and Recover.

Keeping this framework as presented below, an incumbent organization should consider

augmenting each function as appropriate to develop the strategy for “Zero Trust Security”.
For example, “Identify” function can be modified further to include “discovery” function for
network traffic pattern and application access requirements as subset or create a new
function thus augmenting the framework. Similarly, other functions such “Protect”,
“Detect”, “Respond” and “Recover” functions also need to be augmented as appropriate to
develop a comprehensive “Zero Trust Strategy”.
Table 1. Function and Category Unique Identifiers of NIST “Framework for Improving Critical Infrastructure Cybersecurity” (NIST,
2018).

Function Unique Function Category Unique Category

Identifier Identifier
ID Identify ID.AM Asset Management
ID.BE Business Environment
ID.GV Governance
ID.RA Risk Assessment
ID.RM Risk Management Strategy
ID.SC Risk Management Strategy
PR Protect PR.AC Identity Management and
Access Control
PR.AT Awareness and Training
PR.DS Data Security
PR.IP Information Protection
Processes and Procedures
PR.MA Maintenance
PR.PT Protective Technology
DE Detect DE.AE Anomalies and Events
DE.CM Security Continuous
Monitoring
DE.DP Detection Processes
RS Respond RS.RP Response Planning
RS.CO Communications
RS.AN Analysis
RS.MI Mitigation
RS.IM Improvements
RC Recover RC.RP Recovery Planning
RC.IM Improvements
RC.CO Communications

11
 The function and category table of NIST cybersecurity presented above is furnished here as
the guideline. IT operators are hereby recommended to develop organization specific
model for “zero Trust” for which NIST guideline will be helpful.

The NIST framework may also help you gain compliance to other governance requirements
such as HIPAA or PCI DSS etc. For example, an organization can easily map HIPAA security
rules to NIST framework presented herein and vice versa (DHHS, 2016). Thus, if NIST
framework was augmented to develop organization specific “Zero Trust Security” model, as
such can be innately adjusted mapping underlying NIST framework to HIPAA security rules.

1.6 Implementation of Zero Trust Network Security Model

Moving towards “Zero Trust” IT security model is somewhat an expensive undertaking.

However, good news is that Zero Trust is built upon your existing infrastructure
architecture and normally do not require any changes to underlying infrastructure.
Contrary to many vendors’ claim, there is no “zero trust” product; it is a collection of
technologies, software, tools and techniques to achieve a goal, “Zero Trust”. Rather than
depending on vendors to dictate the term and tell you how to implement “zero trust”,
incumbent organization must devise a “zero trust” strategy first having business objectives
in mind. A simple but effective mechanism of implementing zero trust is to start with some
basics such as Network Access Control (NAC), malware and antivirus protections for user
devices and if possible invest in EDR (End Point Detection and Response) and IDS/IPS
(Intrusion Detection & Prevention System) tools which will be handy in intrusion detection
and monitoring. These techniques and tools are traditional and yet essential to some
extent. Once such tools are in place, next step to move forward in your plan is to
implement Identity and access management (IAM), Micro-segmentation and SDP (software
Defined Perimeter).

Many would suggest you that traditional notion of network segmentation and firewalls are
ineffective. We would suggest against it. Rather than removing your existing install base
and starting with a fresh approach, it is better to take the thought that “Zero Trust” is a
framework for IT security and there is no better way to do it than understanding your
objectives and breaking those objectives in bite size pieces to achieve overall goal of “Zero
Trust” security. Hence, we can begin our journey following through the discussion of APT. If
you are considering reducing the risk of APT as one objective to create “Zero Trust
Networks” than IAM could be the first approach you will take assuming you have some
traditional tools are in place as discussed earlier.

12
 1.6.1 Identity and Access Management (IAM)

The IAM also known as Identity Management is a framework of business policies, processes
and technologies that collectively enables the management of digital identities of users and
devices. The goal of IAM is to ensure that any given identity has access to the right
resources whether it is applications, databases or networks and such is done within the
correct context. There are many tools and methods are available for IAM but herein three
distinct approaches will be discussed: a) TPM for device level encryption and identity,
advanced AAA (Authentication, Authorization & Accounting) mechanism such as TACACS+
Protocol and b) Multi-factor authentication for users.

1.6.1.1 Trusted Platform Module (TPM)

Today, many devices including whitebox switches, routers, OEM networking equipment, servers
and laptop/desktop are equipped with a powerful yet essential Hardware-Based Endpoint
Security module known as TPM. It’s a small cryptographic IC (Integrated Circuit) provides a
hardware-based approach to manage user authentication, network access, data protection and
more that takes security to higher level than software-based security. The TPM module is
based on the Trusted Computing Group’s (TCG) root of trust and should be essential part of
IT security model, today. There are two versions of TPM specification: TPM 1.2 and TPM 2.0.
The TPM 1.2 spec was first introduction by TCG aimed at solving following issues:

• Identification of devices
• Secure generation of keys
• Secure storage of keys
• Non-Volatile RAM storage
• Device health attestation

TPM 2.0 enable greater crypto agility, enhanced authorization, quick key loading in addition
to legacy TPM1.2 feature support. Some of the key advantages of TPM 2.0 over TPM 1.2 are
as follows (Challener, 2015):

• Poor entropy leading to weak keys

• Supply chain risks / Counterfeit hardware
• Keeping bad guys off of your internal network
• Keeping malware infected hardware off of your internal network
• Massive password database releases
• Multi-factor authentication
• Email Security
• FIPS certified / Common criteria certified encryption engines
• Securing your root certificates
• Merging physical and logical controls

13
 The diagram below is a typical depiction of network switch that includes TPM as part of CPU
subsystem.

Figure 6. Typical depiction of Network switch that includes TPM as part of CPU subsystem.

Many OEM vendor’s such Cisco and Juniper provides their own tools enable and manage
TPM. Many IT security practitioners cite complexity and added cost as one reason to not
implement hardware-based endpoint security but as such is an oxymoron. Many COTS
(Common Off The Shelf) devices nowadays uses TPM as integral part of their system, e.g.
whitebox switches. For those buying COTS devices may ask independent NOS (Network
Operating System) vendor to include TPM tool as part of their offering, it should be
mandatory. As for desktop and servers etc, latest windows Operating System includes the
support for TPM including private or public key support. Cloud software such Microsoft
Azure provides complete IAM capability and integration of TPM to its active directory
services. Those opting for linux OS, tools and mechanisms are available to enable TPM. So
why not use it.

1.6.2 TACACS+ Protocol

Next in your list should be available network access protocol such as TACACS+ (Terminal
Access Controller Access Control Service Plus). It was originally developed by Cisco and
later released as open standard in 1993. It’s earlier legacy precursor is defined by RFC 1492.
The primary goal of TACACS+ is to provide centralized database against which to perform
authentication and in actuality TACACS+ provides AAA (Authentication, Authorization and

14
 Accounting). The TACACS+ is based on client-server approach and uses TCP as transport
protocol with default port 49. In contrast RADIUS (Remote Access Dial In User Server) uses
UDP as transport protocol. Both RADIUS and TACACS+ make use of shared key for
encryption and decryption for the communication between client and server. Unlike
RADIUS, TACACS+ encrypt entire payload making it difficult for hackers to sniff and analyze
packets or retrieve payload data including username and services etc. One important
consideration to use TACACS+ apart from its ability to encrypt entire payload is that it can
be used with Active Directory or LDAP server and thus having visibility on device identity
and service requests.

Using both TPM and TACACS+, network security manager can innately eliminate some of
the common vulnerabilities of network for perimeter defense that is effective.

1.6.3 Multi-factor Authentications (MFA)

You are perhaps familiar with it in some form or other. Perhaps you have encountered it
when creating an email account at Yahoo or Google. The MFA adds extra layer of
protection on top of username and password for network resource access. It can be two
factors or even three factors authentications. requires a user to present two or more of the
three possible authentication factors. In order for the authentication to be complete, the
verification system (the computer, the website or application etc) must validate each factor
after it is presented. For example, an SMS code for OTP (One-Time Password) [RFC 6238]
can be used for 2nd level verification. There many mechanisms available for 2nd and 3rd level
authentication, e.g. voice, hardware-based token or even biometric signature. IT security
professionals advice to consider this appropriate based on PCI DSS, SOX, and HIPAA
mandate as applicable to their business.

1.7 Software Defined Perimeter (SDP)

In traditional network, perimeter defense innately assumes that attacks are often
originated from outside and hence, network perimeter worthy of stringent scrutiny. An
analogy of perimeter defense is to compare it with medieval era castle with invincible walls,
a well-defined entry point across the draw bridge (router), portcullis (firewall) and guards
(IDS). Such a design may only protect outside attacks but how about attacks that may occur
inside the wall.

Today, many network attacks may origin from inside or in fact in can come from anywhere.
The dynamics of attacks today are more sophisticated, no way of knowing where it can

15
 originate from and today’s network may blur the line of perimeter making it difficult isolate
traffic. Proliferation of new technology such smartphones, mobile-connected wireless
devices, social networks, and IOTs are creating increasingly more security vulnerabilities
blurring the line between internal and external networks allowing hackers to circumvent
detection. For example, increase use of SaaS and virtualization makes fixed perimeter
defense inadequate. According to McAfee, 52% of the respondents surveyed for indicated
that they tracked a malware infection to a Software-as-a-service (SaaS). Moreover, 6.1
millions DDOS attacks and data breaches are reported in 2017 that occurred due to
inadequate access control.

Software defined perimeters (SDP) address these issues by giving application owners the
ability to deploy perimeters dynamically while retaining the traditional notion of
impregnability and inaccessibility to “outsiders,” with ability to deploy anywhere – internet,
cloud, hosting center, private network or across all these locations.

SDP aims to stop the attacks at the first place. It uses centralized controller that grant
access based on assigned policies. The SDP brings together off the shelf security tools
including PKI, TLS, IPsec and SAML etc, as well as concepts such as federation, device
attestation, and geo-location to enable connectivity from any device to any infrastructure.
The concept is proposed by CSA (Cloud Security Alliance) as a framework for dynamic
network protection which is developed based on the Global Information Grid (GIG) Black
Core network initiative proposed by the Defense Information Systems Agency (DISA)
(Moubayed, Refaey & Shami, 2019). It adopts “need-to-know” model of DISA where the
device’s identity is verified and authenticated first before granting access to the application
infrastructure. Because of this selective process, infrastructure is referred to as “black”
meaning infrastructure is unknown to users and cannot be detected. As a result, SDP can
effectively mitigate many network-based attacks including server scanning, denial of
service, and man-in-the middle etc.

SDP uses centralized or distributed controller to validate device and user credentials and
relies on five separate security layers to grant or reject access:

• Single Packet Authentication (SPA): SPA is associated with device authentication

for which SDP controller uses SPA to reject traffic from unauthorized device. Client’s
device sent first cryptographically encrypted packet to SDP controller where the
device’s authorization is verified before giving it access. Device further sent another
SPA to SDP host which acts as gateway for protected servers to help it determine
the authorized device’s traffic and reject all other traffic.
• Mutual Transport Layer Security (mTLS): The TLS (Transport layer security) was
originally designed as a cryptographic protocol to enable device authentication and
confidential communication for end-to-end communication security over networks.
TLS is an IETF standard and defined in RFC 2246 for TLS 1.0, RFC 4346 for TLS 1.1,

16
 RFC 5246 for TLS 1.2 and RFC 8446 for TLS 1.3. Despite it’s capability for two way
mutual encrypted communications, TLS is typically used to authenticate servers to
client. However, SDP uses full power of TLS standards to enable mutual two-way
cryptographic authentication. Additionally, SDP may also use IKE/IPSEC for similar
purpose of creating tunnels encrypted communications.
• Device Validation (DV): For the continued communication, mTLS can only prove
that device key has not expired or revoked but it cannot prove that it has been
stolen. DV is an extra layer protection in which device is verified that is belongs to
authorized user and is running trusted software.
• Dynamic Firewall: Unlike static firewalls with thousands of rules, SDP uses dynamic
firewall with one constant rule in which to deny access to all connections. After
vigorously verifying device and users, rule will be relaxed granting access to
applications or resources.
• Application Binding (AppB): In this process SDP forces application to use TLS
tunnel this ensures only authorized application can communicate whereas
unauthorized application will be blocked.

Collectively, these protocols make it extremely difficult for hackers to access protected
applications and services. Thus, SDP framework can address many security, privacy, and
availability challenges including but not limited authentication & trust, access control, data
privacy, data availability, and services availability.

1.7.1 Architecture

In it’s simplest form SDP Framework consists of two main components: SDP controller and
SDP Host. For the later, SDP host can either initiate connections or accept connections
through the interactions with SDP controller via secure channel as depicted in figure below:

17
 Figure 7. Architecture of SDP depicting SDP controller, Accepting and initiating host as Control and Data Channel path for
communications.

SDP Controller: As the main component of SDP, it determines which SDP host can
communicates with each other. SDP controller contains the details of the authorized clients
and servers, provides the details of rules to the gateway and controls the authentication of
each component. It uses a database for all the above purposes which contains the details
of all the hosts involved. SDP controller authenticates these hosts with the help of
certificates and may relay information as needed to external authentication services such
as attestation, geo-location, and/or identity servers .

SDP Client/initiating Host (IH): Client machine or initiating SDP host trying to access
service communicates with SDP controller to request a list of accepting Hosts to which they
can connect. To facilitate this communication, controller will attempt to verify the client and
obtain information that may include information such as hardware or software inventory.
Once verified, client or IH will be allowed to communicate with Gateway.

SDP Accepting Host (AH): The Gateway acting as AH enforces the rules that prevent
unauthorized access to the protected servers behind it. By default, the gateway will blocks
all traffic, However, once SDP controller provides the list of authorized initiating (clients)
and accepting hosts (servers) and list of permissible services, it sets up rules which allow a
connection to be established between the two while preventing all other traffic.

18
 1.7.2 SDP Workflow

To establish communication SDP maintains a “work flow” process as depicted in figure 2. At

t=0, gateway that comprises AH, initiate TLS connection to controller and sends a SPA
packet as identified by item 1. From t0 to t1, SDP controller verifies the gateway using a
certificate present in the gateway. Once verified establishes a mTLS secured connection
with the gateway as identified in item 2. Followed by this at t=t2, SDP controller sends all
the information about the initiating and accepting hosts as well as the authorized services
to the gateway (item 3). Next, Client initiate communication a TLS connection with SDP
controller at t=t3 and sends its own SPA packet (item 4). At t=t4 identified by item 5,
controller verifies the client using a certificate present in the client and establishes a mTLS
secured connection between itself and the client. Following this Client sends another
encrypted authentication SPA packet
to the gateway at t=t5. Gateway decrypts the packet, verifies information and sets the
firewall rules allowing communication from this client and blocking all other traffic (item 6).
Now client initiate the connection to the service at t=t6 (item 7). At t=t7, the connection is
established and data transfer takes place (item8).

Figure 8. SDP Work Flows depicting authentication and verification phase.

19
 1.7.3 SDP Applications

With the five SDP protocols of authentication and verification, SDP makes it very difficult for
attackers to access protected application. Some of the useful applications of SDP are
described below:

Application Isolation for Enterprise: With increase data breaches, enterprise more than
ever needs SDP to protect servers and applications inside its data center to isolate various
applications such as financial information, HR and other databases while preventing
unauthorized used access through the network.

Cloud Computing: Whether private, public or hybrid cloud, SDP can protect physical
machines as well able to hide, secure and insolate cloud instances.

Software as a Service (SaaS): According to McAfee, 52% of the respondents surveyed for
indicated that they tracked a malware infection to a Software-as-a-service (SaaS). This
implies that SaaS vendors needs a dynamic security tools to protect their services since
traditional security measures are ineffective against modern cyber threats. By offering
Accepting host configuration for SaaS services and initiating hosts mechanisms for all
clients, SDP allows SaaS vendors to leverage the global reach of the Internet without its
added security concerns.

Infrastructure as a service (IaaS): With SDP-as-a-service, IaaS vendor can now offer
protected on-ramp to their customers. This allows customer to take advantage of agility
and cost savings offered by IaaS with security protection enabled by SDP.

Platform as a Service (PaaS): Similar to IaaS, SDP can be integrated to PaaS offering
allowing PaaS vendors to differentiate their services without added security concerns.

Internet of Things (IOT): With 5G rolling out by next year, more and more IOT devices will
be connected to enterprise and service provider networks. However, as such security is
main headache that may slow adoption of IOTs. SDP offers device authentication and
associated security protection enabling service providers and enterprise to integrate IOTs
in their network with ease.

1.8 Micro-Segmentation

In a traditional network, the concept of segmentation is done through different

mechanisms such as Zoning, Firewalls and VLAN etc. The core idea as implied through
segmentation is separation, isolation and effective control to further limit movement
across network. Micro-segmentation, as the name implies, takes this concept to granular

20
 level allowing separations of workload dynamically and even limiting process-to-process
communication where applicable. The proponents of micro-segmentation argue that
network is unaware of application and databases that are running within its perimeter and
hence, segmentation mechanisms may not be effective curtailing attacks in applications or
databases. Some even goes as per as suggesting that Firewalls are too cumbersome and
inflexible for dynamic nature of today’s cloud system. Hence, something more adaptive and
dynamic is needed that can be limit hacker’s exploitation to perhaps single application than
multiple applications or databases. There are numerous tools available to create visibility
and limit attacks in applications using micro-segmentation method. Micro-segmentation is
based on idea of stopping lateral movement in case of an attack. Micro-segmentation, as
it’s name implies takes the concept of isolation, segmentation and security at very granular
level. In data center, the concept of this “Granular Segmentation” is applied to hypervisor,
container and microservices level whereas in a traditional network deployment such
concept can be applied to network slicing, e.g. network slicing for 5G transport. Second and
most important principle of micro-segmentation is “Dynamic Segmentation” that
enhances former with threat intelligence and dynamic implementation of policy
enforcement when a threat is detected.

1.8.1 Micro-segmentation in Networks

Much of discussion related to micro-segmentations are focused on data center and even in
scholarly literature, there is a gap on discussion related to how micro-segmentation can be
applied to network level. Like zero trust, micro-segmentation is also a model that can be
applied to any segment of networks. For this discussion, let us consider 5G network as an
example. In a standard deployment, network slicing is used to isolate and restricted
through a logical instantiation of a physical network with all the needed functionalities that
is needed for running a given service. Network slicing can be implemented in number of
ways such through VPN tunnels, network overlay and/or using Segment routing in
conjunction with VPN or network overlay protocols. As 5G is offering higher bandwidth and
enhance user experience, a number of services can be implemented each having their own
services and thus network slicing become useful. In the figure below depicts typical
network slicing for 5G implementation allowing traffic distinction, segmentation and
isolation. Service provider may implement appropriate QoS and traffic shaping for each
network slice. As shown in the figure, traffic for industrial IOT, Autonomous Vehicle,
Devices and mobile phones can be isolated and assigned to their respective network slice.
Network underlay can be either IPV6 or MPLS, Segment Routing can provide effective traffic
path while VPN tunneling e.g. VPLS, L2VPN and overlay protocol such as VxLAN can be used
for segmented transport of each network slice. Such isolation and restrictive traffic
treatments make network slicing very effective.

21
 Figure 9. Network slicing example for micro-segmentation.

Each network segment can be further granularized with appropriate security policy for
each. For example, traffic processing at the MEC (Multi-access Edge Computing) or edge
micro data center can implement AAA (Authentication, Authorization & Accounting) entity
for each network slice and further granularizing at given NFV (Network Function
Virtualization) level. However, AAA functionality of a micro-segment should not be heavy
so to avoid complexity. For instance, massive IOT deployment does not require features
such as handover or location update, which are being used with mobile devices (Mämmelä
et. al, 2016). This is because such IOT service connects immobile sensors to measure
different parameters such as humidity, precipitation and thus mobility is not required,
however security is critical.

The figure below depicts an example of micro-segmentation in a single domain that is built
on top of LTE FWA architecture. In this example, one general IOT network slice and two
micro-segments are created, one for smart metering and the other for personal health.

22
 Figure 10. Typical implementation of micro-segment in 5G Networks: Micro-segmentation for IOT network slice.

1.8.2 Micro-segmentation in Workloads and Applications

While network segmentation and dynamic perimeter defense such as Software Defined
Perimeter (SDP), provides protection against lateral movements within the networks,
hackers access to precious data can be further restricted through the implementation of
micro-segmentation at workloads, applications and even hypervisor level. In a traditional
data center design, segmentations are done based on consideration that traffic is “north to
south” meaning user access to server or client to server traffic. For such segmentations,
standalone Firewall and zoning techniques are used to enforce security policy. This adds
undue complexity and performance issues to modern data center design where more than
70% of traffic are “East to West” or “West to East” meaning “server to server”.
Communications between servers to servers are often get chocked due to hair-pining of
east-west traffic at standalone firewall. As shown in figure below, VM to VM traffic for the
same rack or across the racks are required to pass through standalone firewall and subject
performance issues. Additionally, more rules in standalone firewall are difficult to keep
track and overtimes becomes cumbersome to manage.

23
 Figure 11. Firewall is inadequate to create effective segmentation in modern data center due to east-west traffic pattern.

Network centric segmentation that are implemented through standalone firewall is

subject to two key operational barriers: throughput capacity and security management.
However, there are variations of network centric segmentation known as “Network Fabric
based” micro-segmentation that allows further granularization and dynamic security policy
assignment at granular level. One example of such implementation is Cisco® ACI™.
However, the limitation of such approach is that it only works for Cisco switches and
cannot be integrated with third party network devices.

Today, data center applications deployments are dynamic meaning VM instances and
associated applications can be spin up and down instantly. If firewall rules need to be
manually added, deleted, and/or modified to accommodate this dynamic nature of VM
deployments, rate of change in firewall will quickly overwhelm IT operations. However,
such firewall rules are dynamically implemented at hypervisor and host based micro-
segmentation model. Proponents of hypervisor and host based micro-segmentations
argue that dynamic firewall rules at hypervisor and host level does not impact performance
the way it would for centralized firewall. More importantly, with hypervisor and host based

24
 micro-segmentation path between applications can be further restricted through firewall
rules and only access can be granted through approved path. In this way, if hacker mange
to attack a single application the exposure can be limited to that application only.

Micro-segmentation can be implemented in two ways:

Agent-less: This approach generally depends on existing third-party APIs, span ports and
netflow etc to collect and control traffic. This mechanism allows the possibility to collect
visibility flows, contexts and alerts which in turn can be used to set security policies. Many
networking devices that support standard interface like netconf for SDN (Software Defined
Networking) can be integrated with an orchestration platform to create security policies for
micro-segmentation. In a typical environment, a controller namely “packet handler” can
perform this job by applying policy to handle particular characteristics of a traffic flow. As
shown in figure below, the packet handler connects to different

Agent-based: In contrast, agent-based approach uses a small footprint microcode to be

placed in network devices and servers within userspace of the underlying OS. An API can
collect required information for security policies to be implemented. Agents can be
deployed through existing management and automation tools such as Ansible, Chef,
Puppet, SSCM or built into cloud workload templates.

1.8.3 How it works

Implementation of micro-segmentation is typically realized through seven steps (Klein,

2019):

Discovery and identification: The critical task before deploying micro-segmentation is to

undergo discovery process is finding the information about applications and processes
running within the data center and traffic paths. This requires deep visibility into data
center assets.

Dependency mapping: Next, relationships among the data center assets need to be
identified. This process can be simplified and accelerated with the aid of graphic
visualization and mapping tools.

Grouping of applications for Security policy: Once application dependencies are identified,
operators should devise logical grouping for given application in order to create appropriate
security policies. For example, web applications can be logically group together for specific
security policy to be applied than those would be applied to logical group of HR or finance
applications.

Security Policy implementation: Once logical grouping of application is done and operator
has consideration on specific rules that are needed to be applied to these logical group of

25
 applications, micro-segmentation policies can then be created, tested and refined as needed
for each logical group.

Deployment of Security Policies: Once the security policies are created for each logical
groups, Operators should consider deploying security policies in phases as not to disrupt
appropriate user access to given applications.

Monitor: System administrator should continue to monitor for anomalies in the network
or application access. For example, if web applications are shown to be accessing data
from HR applications or traffic are flowing between the two distinctly different logical group
of application that normally should not be, admin must immediate take action to restrict
such traffic or access. Continual monitoring is critical in enforcing security policies.

Enforcement: As discussed, system admin must monitor for anomaly detection, as such
can be automated through software during the policy creation phase; administrators can
establish rules to trigger a specific enforcement response when a threat is detected.

1.9 Things to Note

Despite the vendor claiming to provide adequate security measure to protect network (e.g.,
workloads and applications), no single “Zero Trust Security” product or solution is good
enough. For example, SDP, or network fabric, hypervisor and host based micro-
segmentation may protect against Access and L2 – L4 level attacks but those products
alone cannot protect against L7 level attacks that may require integration of third party
NextGen Firewall components. Henceforth, it is advisable that operators consider these
facts first before implementing specific products or solutions. Overall zero trust policy
needs careful formulation for which IAM, SDP and micro-segmentation are subsets. These
technologies and techniques thereof need careful consideration for a phased
implementation to provide relatively better overall protection for IT assets.

1.10 Working with Innovax™

Zero trust is a philosophy rather than a product, as such the model innately suggest a
careful strategy to plan and deploy Zero Trust to build cyber resilient organization. At
innovax, we assist our customer with thorough understanding of “zero Trust” and available
technologies to build cyber resiliency and protect data breaches. As a trusted advisor, we
provide vendor agnostic solutions while offering carefully selected partners as part of our
portfolio or suggest preferred vendor of choice for customers. We analyze your ICT

26
 (Information Communication Technology) Infrastructure and suggest right course of action
to devise a organization specific “Zero Trust Policy”. It begins with traditional tools and
techniques followed by advances in technologies and methodologies for Cyber Resiliency.
We emphasize in capability building and work with customers from strategy to execution of
“Zero Trust” policy.

Our Zero Trust Framework includes a set of tools and techniques pulling together a diverse
list of vendors to provide specific part of the solution.

Our partners bring their respective strength in specific areas of enterprise security and best
of breeds technologies to serve such areas of interest while innovax integrate these proven
solutions within its “Zero Trust Framework” providing a comprehensive portfolio for “Zero
Trust Security”.

At Infrastructure level, we analyze for a combination of hardware and software based

preventive security mechanisms to block hackers from gaining access to infrastructure at
device level through “InnovIO™ Defense” solutions as depicted in the figure below.

Figure 12. Innvax™ Zero Trust Framework for future Cyber Resilient Enterprise.

InnovIO Defense: The “InnovIO Defense” may include but not limited to hardware based
crypto engines such as TPM, AES and software tools that enables such hardware-based
security solutions at device level. In addition, depending upon customer needs our
blockchain specialists can develop appropriate encryption for device level transactions and
configs. Subsequently, we have some unique solutions in our portfolio that help secure
device and network level communications, e.g. crypto gateway for IOT endpoints and
computational storage with crypto engine for data encryption at storage level. InnovIO

27
 Defense brings sets of technologies to help customer protects enterprise against hackers
at the entry-point.

InnoBlock™ Blockchain: To further secure your end to end transactions, documents,

forms and data transports, we offer distributed ledger technologies such as blockchain to
encrypt your data. In partnership with Blocmatrix™, we bring hyper ledger blockchain
technology offering customized development applications such as database enabled
blockchain and multitudes of other services e.g. smart contracting, decentralized
applications and cryptocurrency etc.

InnoAI™: The Artificial Intelligence (AI) is a constellation of technology that allows machine
to simulate human intelligence processes of learning (the acquisition of information and
rules for using the information), reasoning (using rules to reach approximate or definite
conclusions) and self-correction. With InnoAI, we bring best of breed AI technologies to
transform your entire business. Our AI services include predictive analytics, data
visualization, chatbot Development, Data Analytics and RPA Automation. More importantly
for zero trust model, we combine blockchain and underlying ICT (Information
Communication technologies) with AI to build a cyber resilient infrastructure that is future
proof.

Software Defined Perimeter (SDP): We have presented at length on SDP, Innovax works
with a number of SDP solution partners to bring best of breed SDP technologies to create
dynamic perimeter defense for your IT infrastructure. Deployment of dynamic perimeter
defense such as SDP may vary depending upon your network setup and traffic pattern. We
conduct discovery and identification of end to end services, traffic pattern and access
requirements to devise a SDP solution for your infrastructure.

Micro-segmentation: The definition of micro-segmentation varies vendor to vendor

depending upon product they offer. Innovax offers you vendor agnostic solutions for
micro-segmentation at network, workload, application and cloud services level. Micro-
segmentation is an essential element of zero trust that assist in limiting exposure by
confining lateral movement of hackers in case they manage to gain access to the network.
Deployment of SDP and micros-segmentation requires careful analysis of network
elements and infrastructure setup to devise appropriate solutions.

28
 1.11 Reference

1. Accenturesecurity™, 2019. The Cost of Cybercrime. NINTH ANNUAL COST OF

CRYBERCRIME STUDY: Unlocking the value of improved cyber security protection. A
report of Ponemon Institute, LLC and Accenture.
2. Accenturestrategy™, 2019. Securing the Digital Economy: Reinventing the Internet of
Trust. Accenture®.
3. Challener, D., 2015. Why TPM 2.0? Reasons for Upgrade; Use Cases for the Latest
Release of the TPM Specification. Johns Hopkins Applied Physics Laboratory.
4. CPO, 2019. 11 Eye Opening Cyber Security Statistics for 2019. CPO Magazine. Data
Privacy Asia Pte. Ltd. Available online at https://www.cpomagazine.com/cyber-security/11-
eye-opening-cyber-security-statistics-for-2019/ .
5. DHHS, 2016. HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework. U.S.
Department of Health and Human Services, Office for Civil Rights.
6. Irwin, L., 2019. List of data breaches and cyber attacks in October 2019 – 421 million
records breached. IT Governance Blog. Available online at
https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-october-2019 .
7. Lockheed Martin, 2019. The Cyber Kill Chain®. Lockheed Martin Corporation. Available
online at https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
8. Klein, D., 2019. Micro-segmentation: securing complex cloud environments. Network
Security, March, 2019, GuardiCore.
9. Mämmelä, O., Suomalainen, J., Ahola, K. & Vehkaperä, 2016. Toward Micro-
segmentation in 5G Network Security. Conference Paper. ResearchGate.
10. Moubayed, A., Refaey, A. & Shami, A., 2019. Software-Defined Perimeter (SDP): State of
the Art Secure Solution for Modern Networks. IEEE Network ( Volume: 33 , Issue: 5 ,
Sept.-Oct. 2019 ).
11. NIST, 2018. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1.
National Institute of Standards and Technology.
12. Q13fox, 2019. Accused Capital One hacker released from federal custody pending trial.
Q13fox.com.
13. ZDNET, 2019. This aggressive IoT malware is forcing Wi-Fi routers to join its botnet
army. ZDNET. Available online at https://www.zdnet.com/article/this-aggressive-iot-
malware-is-forcing-wi-fi-routers-to-join-its-botnet-army/
14. Ward, R. & Beyer, B., 2014. BeyondCorp: A New Approach to Enterprise Security.
Usenix.org.

29