'Zero Trust': The Way Forward in Cybersecurity

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

Suberman99,
User Rank: Apprentice
1/25/2017 | 1:48:20 PM

Re: Nothing new except the name

Cool sounding maybe but, not many companies adhere to anything but perimeter security, including fortune 1000.

How many IT staffs/managers adhere to LAN segmentation or data center east/west, north/south security. I'm not just talking about allowing a few ports like 443, 80,8080,25,53 etc. Bad stuff rides on these ports as well because threat actors know they are most likely to be open. Zero trust is about knowing the precise application regardless of port or protocol as well as connecting a username to that session.

Reply | Post Message | Messages List | Start a Board

50%

ClarenceR927,
User Rank: Strategist
1/25/2017 | 10:37:14 AM

Re: Nothing new except the name

Our management has fallen in love with "Cyber kill chain" as if it has value. Same deal, put a cool sounding name on the same stuff security has been recommending for a decade and all of a sudden theypay attention.

Reply | Post Message | Messages List | Start a Board

100%

Joe Stanganelli,
User Rank: Ninja
1/14/2017 | 2:44:11 PM

Nothing new except the name

This strategy is what top cybersecurity experts have recommended for years. Few listened.

The only difference now is that, as of sometime in the last year+, somebody came up with a catchy name ("Zero Trust") for it.

I guess buzzterms have their place.

Reply | Post Message | Messages List | Start a Board

100%

Shantaram,
User Rank: Ninja
1/13/2017 | 6:21:53 AM

Re: 192.168.0.1

Cool! i like it!

Reply | Post Message | Messages List | Start a Board

50%

netwatcher,
User Rank: Apprentice
1/12/2017 | 3:25:21 PM

Re: Isn't this what we were supposed to be doing all along?

some reasons why...

Executive is not aware of the risks – "We have a firewall and anti-virus so I think we are covered..."headinsand
Executive has bad information – "Hackers only attack the big companies, what would they want from us?"
Executive is a risk taker – "I'll take the risk, the probability for us getting attacked is low."
Executive is cheap – "No ROI means no priority."
Executive doesn't believe investment in security is worth it – "The loss involved will be so small compared to our revenues. It's easier to take a chance and write off any losses should they occur."
Executive is overwhelmed by the size of the necessary investment required to add additional security measures – "We can't afford Fire Eye, IBM, HP, Palo Alto etc.. those tools are only affordable to the fortune 1000"
Executive believes they are covered when they are not – "Our POS (or EMR) vendor is responsible for our security not us..."
Executive doesn't believe any investment will have much of an impact – "Big companies have all the tools and they are still getting hacked."

Reply | Post Message | Messages List | Start a Board

100%

ClarenceR927,
User Rank: Strategist
1/12/2017 | 9:10:58 AM

Isn't this what we were supposed to be doing all along?

Seriously, how far removed from the real world is IT/CISO management that this concept needs to be explained to them? This exact structure has been undersood and recommeneded for at least 25 years. The more important article would be one that examines the excuses, roadblocks and technical challenges that have prevented people from actually making it happen.

Reply | Post Message | Messages List | Start a Board

50%

DamnDesert,
User Rank: Apprentice
1/10/2017 | 10:47:06 PM

If only it were that simple

If it were just up to cybersecurity to get it done it would be so simple. I've spent 5 years trying to get the company I'm at to get such controls in place to government requirements SP-800-53 for a contract we have. I the end it takes executive buy in, available Capex/Opex budget, priority from other IT departments, and patience for needed downtime for many of the changes that need to take place. No small task, needed yes, getting people to understand it's a high priority is a whole other challenge.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

Zero-Factor Authentication: Owning Our Data

Nick Selby, Chief Security Officer at Paxos Trust Company, 2/19/2020

44% of Security Threats Start in the Cloud

Kelly Sheridan, Staff Editor, Dark Reading, 2/19/2020

Ransomware Damage Hit $11.5B in 2019

Dark Reading Staff 2/20/2020

Live Events

Webinars

March 16-19, 2020: Data Center World Registration is open! Join Us

Data Center World: The leading conference & expo for Data Center and IT Infrastructure Professionals. Register Today!

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

White Papers

Let's Talk: Why Language Matters in Cybersecurity

6 Emerging Cyber Threats That Enterprises Face in 2020

Digital Transformation Built on the Cloud

Protection Inside and Outside the Office: The New State of Cybersecurity

2020 Security Trends to Watch

More White Papers

Video

All Videos

Cartoon

Latest Comment: I don't know anything about Information Security but I have to decide if you qualify for an interview with the Security team. I have a set ...

Cartoon Archive

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing and Maintaining Secure Applications

The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.

Download Now!

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

Rethinking Enterprise Data Defense

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2012-0828
PUBLISHED: 2020-02-21

Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BM...

CVE-2012-0844
PUBLISHED: 2020-02-21

Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.

CVE-2013-3587
PUBLISHED: 2020-02-21

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses...

CVE-2012-6277
PUBLISHED: 2020-02-21

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8....

CVE-2012-0063
PUBLISHED: 2020-02-21

Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]