Blog
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Blog
- Hits: 473
The SolarWinds hack and the constant stream of revelations about the tools and tactics used are a good case study even though it's been more than a year since the event (plus the attackers had other targets).
What draws attention to our topic (Zero Trust) is the involvement of Greg Touhill, chairman of the Appgate Federal Group, who said that he was not surprised by the SolarWinds event but only disappointed.
He was already fully involved in Zero Trust's strategy and was extremely concerned about the integrity of the supply chain of the products and services of the company where he worked.
What is important to note is that he and his working group had identified numerous risks to the existing supply chain, especially from the point of view of the insertion of a malware/backdoor at the level of a provider (thus, an external entity, with certain presences in cybersecurity policies).
It even predicted the risk of a threat actor entering a provider's software development lifecycle and deliberately introducing a backdoor.
Read more: What could prevent ZTA (Zero Trust Architecture) – Case study.
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Blog
- Hits: 427
Logically, the discussions we have started here would be related to the elimination of the idea, the term, etc., of the threat (this is the effort of the debates about Zero Trust).
So, what would be the rationale for using this new term, of "threat", "threats" associated with Zero Trust?
Especially since perimeter, for example, has often shown that it is effective close to a limit... So do the appropriate policies... Or the old cybersecurity efforts that have been developed over time, since cybernetics took the unbridled momentum of the present moment.
Proof of the fact that there is something wrong is the fact that cybercrime is beginning to overcome the limitations of the imagination but, above all, it reveals to us the fragility of what already exists. The fragility that, already, also gives thought about the governmental, state levels (see the measures at the state, the governmental level that is imposed with the character of law).
And everything is "based" on an undeniable truth: The world of cybernetics is advancing far beyond human possibilities of adaptation, in fact, its requirements are those that permanently exceed us, without considering the financial possibilities of modifying the old and new structures of adaptation, evolution, etc., for example, to the new structures called Zero Trust, SASE, etc.
Read more: Threats associated with ZTA.
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Blog
- Hits: 405
As a recap, Zero Trust is a security model, a set of principles for designing a system, and a coordinated strategy for cybersecurity and system management based on recognizing that threats exist both within and outside the traditional boundaries of the network.
Zero Trust repeatedly questions the premise that users, devices, and network components should by default be trusted based on their network location.
Many definitions and discussions about Zero Trust (ZT) underline the concept of eliminating perimeter defenses of wide-area (e.g., firewall) with a definition in relation to existing perimeters (micro-segmentation, micro perimeter), as part of the functional capabilities of ZTA (Zero trust Architecture).
Zero Trust incorporates comprehensive security monitoring, granular, dynamic, and risk-based access controls, system security automation in a coordinated manner and in all aspects of the infrastructure to focus specifically on protecting critical assets (data) in real-time in a dynamic threat environment.
Read more: Zero Trust Principles
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Blog
- Hits: 419
Zero Trust is the intention to move defenses from static perimeters (the concept of de-perimeters), based on the network, to focus on users, assets, and resources (data and service protection).
This idea of de-perimetering arises because, traditionally, everything seems to be focused on perimeter defense and authenticated subjects have access to a certain level of authorization to a more or less wide collection of resources once they are in the internal network.
As a result, unauthorized lateral movement in the environment attracted a significant amount of problems, and thus the imperative of zero trust appeared.
Therefore, such an architecture, zero trust (ZTA – Zero Trust Architecture) will use zero-trust principles to plan infrastructure and workflows, the basic intention being to prevent data breaches and to limit internal lateral movement, and, consequently, to prevent unauthorized access to data and services, together with the most minimal access. That is, approved and authorized subjects (combinations of users, applications, and or services as well as devices that can access the data to the exclusion of all other topics, that is, attackers).
Read more: Introduction in Zero Trust Architecture (ZTA)
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Blog
- Hits: 412
Select your language
