侵略如火.不动如山.微软如何通过.零信任.守护企业安全
“零信任”-网络安全的新纪元
微软 “零信任”架构
企业如何实现“零信任”?
这些安全事件的共性是什么?
入侵者利用特权及管理账户的权限进行攻击
入侵者充分利用企业内部网络的默认信任关系来进
行横向移动
被攻击目标缺乏完善的访问控制措施
缺乏完善、深入的安全监测与响应能力,导致未能快速发现并
阻止攻击行为
Data
Infrastructure
Devices
Application Network Identity
Data
Infrastructure
Devices
Application Network Identity
Trust but verify Never trust, always verify
资源/资源组
Data
Infrastructure
Devices
Application Network Identity
Devices
Security
Policy Enforcement
Identity
User/session risk
Multi-factor
authentication
Identity provider
Device identity
Device risk &
compliance state
Classify, label,
encrypt
VisibilityandAnalytics
Automation
Emails & documents
Structured data
Data
Adaptive
Access
Apps
SaaS Apps
On-premises Apps
Network delivery
Internal Micro-segmentation
Network
Infrastructure
JITandVersion Control
Access & runtime
control
Threat protection
Data
Infrastructure
Devices
Application
Network
Identity
可信度 最小权限
IaaS
PaaS
Int. Sites
Containers
Serverless
身份验证凭据 身份验证凭据
微软 “零信任” 架构
- 2021-06-22
- 阅读167
- 下载0
- 34页
- pdf