Archive for the ‘Zero trust’ Category

Adopting Zero-Trust for API Security

Why Use Zero-Trust for API Security Think of APIs as the new network; interconnected in complex ways and with API interactions happening both within and outside  of the organization. “Public-facing APIs—for example, consumer banking—are usually a key area of focus when it comes to zero-trust,” said Dunne. “This is due to the obvious risk exposure […]

Leave a Comment

Zero trust: Bringing security up to speed for the work-from-anywhere age

The first step toward a zero-trust environment consists of establishing a zero-trust network architecture that covers all aspects of users interacting with corporate internal and cloud-based IT resources, wherever the users or the resources might be located. This requires an evaluation of the context of user access, combined with the creation of risk profiles. Based on these […]

Leave a Comment

How to build a zero-trust cloud data architecture

The cloud broadens an organization’s attack surface to the point that CISOs must guard data across multiple clouds, tools, and on-premises locations. This further complicates their main objective of minimizing the risk of unauthorized data access and makes their job of ensuring information assets and technologies are adequately protected an arduous task. Even worse, traditional security […]

Leave a Comment

7 keys to evaluating zero trust security frameworks

Zero trust as a framework for securing modern enterprises has been around for years, but is drawing renewed attention with the increase in cyberattacks. The United States government is pushing for zero trust implementations across all its agencies, and more vendors are jumping on board the already rolling zero trust product bandwagon. The mix of user need […]

Leave a Comment

The 6 steps to implementing zero trust

In their minds, this security approach can only be applied to fresh, or “greenfield,” environments – and even there organizations are hesitant as they may believe security will hinder business agility. The true reason for why businesses are hesitant when it comes to zero trust is due to a lack of understanding of the process […]

Leave a Comment

The hybrid office will create great opportunities—for companies and cybercriminals

Spring is always a time of renewal, but never more so than this year. After our long winter of forced isolation, the increased accessibility of safe and effective vaccines has many looking forward to shutting off Zoom, putting on some real pants, and emerging to see friends and colleagues in person for the first time in more than […]

Leave a Comment

Infection Monkey: Open source tool allows zero trust assessment of AWS environments

Guardicore unveiled new zero trust assessment capabilities in Infection Monkey, its open source breach and attack simulation tool. Available immediately, security professionals will now be able to conduct zero trust assessments of AWS environments to help identify the potential gaps in an organization’s AWS security posture that can put data at risk. Infection Monkey helps IT security teams […]

Leave a Comment

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors. […]

Leave a Comment

Zero Trust creator talks about implementation, misconceptions, strategy

Leave a Comment

Zero Trust architectures: An AWS perspective

Our mission at Amazon Web Services (AWS) is to innovate on behalf of our customers so they have less and less work to do when building, deploying, and rapidly iterating on secure systems. From a security perspective, our customers seek answers to the ongoing question What are the optimal patterns to ensure the right level of confidentiality, integrity, […]

Leave a Comment