Zero Trust: Practical Tips & Canary Tokens Explained #shorts

It takes a while and a lot of resources and a lot of the buy-in from leadership telling you yes, you can keep spending money. So yeah, that's why you know, what John was talking about with the canary tokens, if you don't have the the resources for all of that, absolutely start sprinkling those tokens everywhere. Um anytime you have a secret like a like a vault path, Google Docs, shared Docs, places that you don't want people snooping around. As I said, zero trust attacks look exactly like an insider attack. And so if you want to kind of red team this yourself, you can create a new account that says, "Okay, add this to the all employees group and nothing

else." And see what you can do. See what you can find. Um and then as you're snooping around and you're reading through all these paths and you're trying to access this data, say, "Hey, that's a good spot to put a token, a canary." And so if you don't have the budget for all of that, you know, stuff that we've built out, yeah, canary tokens 100%. >> Um I've been part of um attempts at least to implement zero trust in huge organizations. Yeah. And the biggest issue is or one of the biggest issues is background compatibility and um legacy authentication systems. But then if you um take a look at underlying uh legacy systems, they're still leaking secrets, yeah?

Like uh LDAP and whatnot. >> So so I'm not even going to talk about trying to migrate to zero trust. I've never tried that and I can imagine it's a horrible horrible experience if you're talking about some of these gigantic legacy environments where you got 100,000 employees spread around the world and so yeah, I'm not even going to touch that one. Uh but let's say you're building your detections and you have that type of environment, the the identity detections I talked about at the end may actually work a little better for you because I have like Elastic, we're spread around the world. Um you know, you may tell from my voice, I'm not from Germany, but

I've been living in Germany for 9 years now cuz Elastic said, "I don't care where you live, live anywhere you want." And so I just, you know, decided to stay right here. And so we've been, you know, we have people all over the world traveling constantly, connecting to us from all over place. It's hard to control. A legacy environment, you're going to have buildings and maybe that LDAP environment leaks secrets like crazy, but you can say if this secret is used outside of this subnet or the source outside of this environment, fire an alert. And so you you have some controls that we don't with that. Like I can't control where people log in from like

that versus like certain environments we say you have to use the VPN and then if it doesn't come from a VPN, fire an alert. Do you have any more questions?