informa

Cybersecurity In-Depth

The Edge

Zero-Trust Security 101

What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak?

Zero trust sounds so harsh. But real cybersecurity results can come from the harsh-sounding scheme that defines every relationship as fraught with danger and mistrust. Zero-trust security is a common topic of discussion in cybersecurity circles these days, but understanding it goes beyond the name. The simple-sounding strategy comprises several key components. 

No Soft, Chewy Center
The classic network model was described as a hard shell surrounding a soft center. The idea was that perimeter security would be so effective that nothing could get through to the network assets inside. The problem with the model is obvious.

No perimeter can be 100% effective 100% of the time. People began to ask, "How do we protect networks when the assumption must be that attackers will get inside the perimeter?" The answer? More perimeters.

And "zero trust" was the label, coined by John Kindervag, now field CTO at Palo Alto Networks, when he was vice president and principal analyst at Forrester Research.

A Perimeter in Every Pot
What if every network segment, every application, and every critical data resource was its own perimeter requiring authentication? Attackers who made it through the external network perimeter might be limited in the damage they could do,because they could not get into important network and data resources.

In order to make an attacker's job as difficult as possible, authentication requirements can divide the network into many small regions -- a process known as microsegmentation. Each of the segments can be defined and protected by a next-generation firewall to ensure that only authorized users, devices, services, and traffic can move between segments and protected resources.

Least Privilege for Smallest Resource
To keep the risk at each segment as small as possible, user and device privileges tend to be assigned according to the principles of least privilege, in which each authenticated agent has only the privileges required to access that segment; privileges don't carry over between segments.

By limiting the privilege of each account and limiting the scope of each segment, zero-trust networks limit the damage that can be inflicted by any attacker. Zero-trust architectures have the additional benefit of being reconfigured more easily than more traditional networks because the scope of any single change is limited in reach. New segments can be added, or segments can be dropped, without requiring changes across the entire network.

Related Content:

MODULE B: Latest content for DR

High-Profile Breaches Are Shifting Enterprise Security Strategy

Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.

Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.


7 Smart Ways a Security Team Can Win Stakeholder Trust

By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.

By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.



What Are Some Red Flags in a Vendor Security Assessment?

The last thing you want is a vendor that lies to you about its security practices.

The last thing you want is a vendor that lies to you about its security practices.


MacOS Security: What Security Teams Should Know

As more macOS patches emerge and cybercriminals and nation-states take aim at the platform, experts discuss how macOS security has evolved and how businesses can protect employees.

As more macOS patches emerge and cybercriminals and nation-states take aim at the platform, experts discuss how macOS security has evolved and how businesses can protect employees.


Loss of Intellectual Property, Customer Data Pose Greatest Business Risks

The slightly "good" news? Security professionals are a little less concerned about certain threats than last year, according to Dark Reading's "State of Incident Response 2021" report.

The slightly "good" news? Security professionals are a little less concerned about certain threats than last year, according to Dark Reading's "State of Incident Response 2021" report.


Name That Edge Toon: Mobile Monoliths

Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Oct 04, 2021


Why Windows Print Spooler Remains a Big Attack Target

Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.

Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.


10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage

Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations

Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations