Zero Trust Architecture

Zero Trust Architecture (ZTA) is no longer a buzz-word, but a proven strategy mandated by the federal government, and adopted across industries. Agile IT has been implementing ZTA best practices since prior to NIST guidance and have continued to refine our practices as new guidance is issued. For this purpose, we model our approach on the GSA’s newest eight-pillar model which consists of:
• Identity
• Devices
• Data
• Network
• Application
• Infrastructure
• Visibility and Analytics
• Orchestration and Automation

Identity – The Center of Security

With hybrid and remote workspace now the norm, protecting your users identities is often the most critical step in defending your environment. Agile IT’s proven method leverages Microsoft tools including Azure Active Directory and Microsoft Defender for identity to enforce:

• Multifactor Authentication and Conditional Access – Explicitly validate trust of users and endpoints requesting access to your resources. This helps build a de facto security perimeter around these modern resources with modern controls and provides simple consistent policy enforcement across them.
• SSL and SAML – Juggling passwords leads to simple and/or repeated passwords. By establishing a single trusted source for identity across all of your applications you simplify your user’s day to day work and greatly enhance security.
• Azure Privileged Information Management – Least privileged access with just-in-time (JIT) and Just-Enough-Access (JEA)

Devices

Bring Your Own Device policies can simplify life for your users, but can be a nightmare to understand the security behind it. Agile IT deploys Microsoft Endpoint Manager and Defender for Endpoint to protect mobile devices, workstations, and servers.

• Mobile Device Management (MDM) and Mobile Application Management (MAM) – Agile IT gives you the option to manage corporate owned devices, or protect your data on employee owned devices.
• Microsoft Endpoint Manager – Cross-platform Unified Endpoint Management (UEM) across Windows, Linux, Mac, iOS, and Android.

Data Protection

From intellectual property theft to ransomware, data is the number one target in your environment, no matter what your business is. Agile IT establishes strong data loss prevention across your environment, SaaS applications, and 3rd party clouds with Microsoft Information Protection and Defender for Cloud.

• Data Loss Prevention (DLP) – Achieve granular access control to your most valuable information, making it easy to revoke access to your information even when it leaves your environment.
• Governance – Meet stringent industry controls with Compliance Manager, Data Governance, and Advanced eDiscovery

Network Security

As more users work from home, coffee shops, and on the road, traditional network protections have changed greatly. In many cases, defending endpoints, identity, and data is sufficient to protect most critical resources. The network layer can be used to enable granular controls but should be guided by a zero trust policy engine rather than static policies at the perimeter.

• Passive Monitoring – Monitor network traffic for anomalous behavior with Microsoft Defender while enabling automatic response with Azure Sentinel

Infrastructure

The entirety of your technology environment must be protected, This includes IoT like medical devices and manufacturing equipment, SaaS applications like SalesForce and your own development environments. Aggressively monitoring and repairing out of date and vulnerable systems is critical.

Isolate and Retire – Identify out-of-date and vulnerable hardware and software and isolate or retire platforms that can not be updated.
Identify your Biggest Risks – AgileMAX can help you employ Secure Score in Microsoft Defender for Cloud to understand where technical investments will have the most impact.

Visibility and Analytics

Even if every part of your environment keeps logs, you are left in a reactive state if you only consult them after an incident. Having a central location to monitor your environment lets you act on intelligence rather than react to incidents.

• Log Analytics Workspace – Agile IT can help you connect every piece of your environment for log ingestion into Log Analytics Workspace, both preventing attackers from destroying logs, but also giving you 100% visibility into threats
• Microsoft Defender – Microsoft Defender’s many flavors bring threat analytics directly where you can see them and act on them with NO 3rd party agents.

Orchestration and Automation

Without intelligent automation and orchestration there are two states of monitoring: Alert fatigue and missed alerts. Agile It can enable Azure Sentinel, Microsoft’s cloud native Security Orchestration, Automation & Response (SOAR) solution in your environment and help you in establishing playbooks to intelligently and automatically respond to alerts.

• eXtended Detection and Response – Agile It can combine the Security Incident & Event Management (SIEM) functionality of Sentinel with the advanced threat hunting capabilities of Microsoft Defender.
• A true 24/7/365 Security Operations Center – Use your own SOC team with Agile IT Security Onboarding or employ AgileMAX as a true cloud Managed Security Service Provider (MSSP).