Security News

Zero trust is a security model that can be summed up as "Never trust, always verify." In other words, whether a connection to a system or data is attempted from inside or outside the organization's network, no access is granted without verification. The first piece of physical security includes on-site monitoring of the data center, such as 24/7 cameras, professional security teams patrolling the site, and locks on cages to prevent unauthorized access to the hardware within the racks.

For network administrators it is no longer only about protecting laptops and PCs, but rather about managing a network comprised of a colorful palette of connected hardware including mobile and low-cost IoT devices. How can you possibly keep your network secure when every device plays by its own rules? The answer is simple: TRUST NO ONE!

These basic practices are just a small part of the larger zero trust security model, which is based on the concept such of "Never trust, always verify," multi-factor authentication, least privileged access, and micro-segmentation. The zero trust security model has been around for over a decade, but did not reach widespread adoption until recently.

CISO at JupiterOne, discusses software bills of materials and the need for a shift in thinking about securing software supply chains. In the wake of the SolarWinds attack last year, President Biden issued an executive order in May advocating for mandatory software bills of materials, or SBOMs, to increase software transparency and counter supply-chain attacks.

As companies seek to implement a zero-trust network access solution, there are important considerations that need to be made to avoid common pitfalls, in areas such as performance, data loss protection, advanced threat protection, visibility and reporting. Performance is crucial when it comes to selecting the right ZTNA solution.

A zero trust security model is based on the idea that no IT resource should be trusted implicitly. Prior to the introduction of zero trust security, a user who authenticated into a network was trustworthy for the duration of their session, as was the user's device.

Over a decade after the zero trust security concept was first introduced, Ericom's survey results indicate that zero trust solutions are being widely adopted. Spurred by the recent sharp increase in ransomware and other sophisticated cyberattacks, the majority of organizations - 80% - have concrete plans to enable zero trust security solutions within the next year, with over half planning to begin implementation during 2021.

Zero Trust deployment - moving all your apps and data to the cloud and assuming no user or device is trustworthy until proven otherwise in order to gain access - has been rapidly introduced as a result of the pandemic. Most attempts at achieving Zero Trust access today are a patchwork of disparate products from different vendors connected to virtual private networks, with rudimentary on-off access controls based on limited visibility.

Last year's sudden transition has created numerous cybersecurity challenges for businesses as they attempt to adjust to this new way of working. Some of the new security challenges - both for employees and employers - include BYOD policies, sharing the same network with relatives or roommates, using the same devices for work and personal activities, VPN security issues and, of course, working from home with more distractions in our personal lives.

Vulnerabilities allow attackers to remotely deactivate home security systemA DiY home security system sold to families and businesses across the US sports two vulnerabilities that, while not critical, "Are trivially easy to exploit by motivated attackers who already have some knowledge of the target," Rapid7 warns. Cyber threats, passenger vessels and superyachts: The current state of playIn this interview with Help Net Security, Peter Broadhurst, Maritime Senior VP Safety, Security, Yachting and Passenger, Inmarsat, talks about the impact of cyber threats on passenger vessels and superyachts, and provides an inside look at maritime cybersecurity today.