The Assignment

The assignment is to complete a zero-trust architecture and software recommendations white paper for a company that has the following structure:

• Company, ABC Financial Services is a multi-national company with headquarters in Columbus, OH with ~30,000 employees, ~10,000 producers and business partners, and many customers.
• Company has two data centers in the Ohio Area, and each has a connection to multiple cloud suppliers: Amazon Web Services and Microsoft Azure
• The company has 5 locations in the United States that are major office locations
• The company has many sales/service offices that may include call centers
• The company has sales representatives that are not employees of the company and have their own access devices that access certain applications within the companys network.
• The company permits their associates to access their network with mobile devices (iOS or Android) that are personally owned.
• Company employees travel and use their company owned devices and personally owned devices in remote locations and work from home.
• The company provides a mobile application to their customers and allows access to their website.
• The company has many business partnerships and provide secure access to each others applications using common business integration methods such as API, event streaming, file transfer and direct network interface.
• The company also supports access from IoT devices using edge devices to consolidate data to use in preventative activities as well as to improve service.

The assignment should include specific recommendations for:

• Application Servers
• Security Policies governing employees role in protecting company assets

(While costs and timelines to implement are an integral part of this solution, these do not need to be included in this assignment)

The following are the parts of the network that need to be secured:

4. Security Threat Detection and Response - EDR Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is an integrated endpoint security solution Some techniques include: that combines real-time continuous monitoring and collection of endpoint - SIEM data with rules-based automated response and analysis capabilities. - SOAR - EDR 5. Security Policies The term SIEM is derived from the correlation of Security Information Management and While there are software and segmentation procedures to protect corporate networks, Security Event Management Tools. Security Information Management (SIM) tools are employees must also be educated as to their role in protecting access to customer and designed to primarily provide historical monitoring of a company's environment. corporate data. User attacks such as phishing, viruses, and malware can compromise an Security Event Management (SEM) tools provide real-time monitoring. These employee's system and as the user is authenticated and given access privileges, harmful items technologies have been combined into SIEM and provide information security may be introduced into the network by an unsuspecting user. professionals through a monitoring console. While external e-mail can be identified as a possible threat, employees should be educated on SIEM product capabilities include gathering, analyzing, and presenting information from how to be wary and skeptical of external e-mail and instructed not to click on a URL they don't a variety of sources including: recognize. Phishing can happen in e-mail, social networks, or by telephone. Just as Zero Trust applies in the network environment, it also applies within each employee's domain. - network and security devices, On-going orchestration and management - identity and access management applications, - vulnerability management and policy compliance tools Overall, monitoring of the current environment, review of new vulnerabilities and threats as - operating system, database, and application logs, well as management of new applications and significant changes to applications, (e.g. - and external threat data. replacement, movement to the cloud) must be done to keep the security trust environment viable. Event correlation is a defining characteristic of SIEM technology. Correlation establishes relationships between log entries or events that are generated by devices, systems or applications based on characteristics such as the source, target, protocol, or event type. A major benefit of correlation is that it filters out duplicate and redundant data to reduce event noise and allow administrators to address high priority issues immediately with the right information to make informed remediation decisions. O What is SIEM? A complete guide to SIEM - its benefits and importance (logpoint.com) Other techniques for include SOAR and EDR - SOAR (security orchestration, automation, and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events without human assistance. The goal of using a SOAR platform is to improve the efficiency of physical and digital security operations. O What is SOAR? And 5 tips for getting started with security automation CSO Online