Security News

Accurately summarizing the complexities of this implementation process, the National Security Agency released its latest government and industry guidance on the importance of integrating zero trust security. As zero trust is a model, not a single technology or a product, the mindset required for zero trust must be embraced for any implementation to be successful.

Guardicore unveiled new zero trust assessment capabilities in Infection Monkey, its open source breach and attack simulation tool. Available immediately, security professionals will now be able to conduct zero trust assessments of AWS environments to help identify the potential gaps in an organization's AWS security posture that can put data at risk.

G/On has proved particularly effective where organizations need to scale remote access provision fast. The solution only allows access to authorised users and devices.

Gartner predicted in 2018 that at least "80 percent of worker tasks" would shift to mobile devices by 2020. The mobile device that an employee uses to access their corporate data in platforms such as Google Workspace or Office 365 might be used later to browse social media or download a new app for personal use.

SAP applications are getting compromised by skilled attackersNewly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. MindAPI makes API security research and testing easierSecurity researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier.

Okta Privileged Access is a new product that unifies identity management with least privilege access controls for critical infrastructure to increase development speed, operational agility, and improve zero trust security in enterprise technology environments. To meet today's needs, modern enterprises require a real-time, zero trust security strategy anchored in identity and privileged access management spanning IT, security, and engineering teams.

Guardicore announced new capabilities that extends microsegmentation and zero trust security to the industry broadest catalog of legacy servers, applications, and operating systems. Customers using Guardicore Centra to protect their hybrid data centers that include legacy servers can now extend zero trust policies and granular microsegmentation to IBM iSeries AS/400 servers.

Like most things concerning cybersecurity, zero trust has a good side, a bad side and an ugly side. In his TechRepublic article, 5 tips for implementing a zero trust model, Lance Whitney offers how-to information on setting up and enforcing zero trust.

Many security teams are looking to better understand zero trust security and SASE, including whether or not they are mutually exclusive or compatible. What exactly are each of these security models, and how can companies determine which one will be more appropriate for their security teams as they seek to protect the broader business from cyber threats?

As further proof of the effectiveness of the model, Kindervag says that the zero-trust strategy is widely deployed in some of the world's most secure environments, which is why we've seen the NSA provide guidance on Zero Trust from their perspective recently. Among the pitfalls that organizations that opt to implement a zero-trust model should try to avoid he singles out two: thinking that Zero Trust is binary, and deploying products without a strategy.