The Forrester Zero Trust Model (Zero Trust) of information security advocates a “never trust, always verify” philosophy in protecting information resources. Though the model has traditionally been applied to network communications, it is clear that today’s cyber threats warrant a new approach in which the Zero Trust model is extended to endpoints. Palo Alto Networks®… [Continue Reading]
Attivo Networks is introducing a next-generation, virtualized honeynet solution which enables you to quickly deploy information resources that appear to be part of your network. These honeynets are closely monitored virtual environments that appear to contain information and services of value to attackers that require very little maintenance. Attivo honeynets host multiple Windows and Linux… [Continue Reading]
LightCyber’s Active Breach Detection identifies active attacks after they have circumvented your threat prevention systems and before they have created a material breach of confidential information. LightCyber uses a combination of (1) machine learning to continuously profile user and device behavior to detect malicious attack behavior on your network, and (2) validates the attack using agentless endpoint… [Continue Reading]
Sentrix has introduced a paradigm-shifting architecture for web application security that leverages the cloud as an enterprise protective zone (DMZ) to eliminate the complete range of web application/site attacks including DDoS. In addition, moving deterministic content to the cloud enables easy scalability when needed. Traditional Web Application Firewalls cannot keep up with the rapid changes driven… [Continue Reading]
Cymbel has adopted Forrester’s Zero Trust Model for Information Security. Zero Trust means there are no longer “trusted” networks, devices, or users. There is no such thing as 100% Prevention, if there ever was. In light of the changes we’ve seen during the last several years, this is the only approach that makes sense. There… [Continue Reading]
Modern malware has transformed into highly sophisticated network applications and has, in the process, changed the world of enterprise security and how networks are attacked. These threats are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and scale that has never before been seen in malware. “Modern Malware for Dummies,” by… [Continue Reading]
In response to the five forces of change, our approach to defense-in-depth has changed. Our solutions are focused on applications, users, and data. In addition, many of our solutions have embraced function consolidation or unification. For example, in network security, firewall and IPS functionality are unified in next-generation firewalls. Overall, the benefits include: Reduced IT… [Continue Reading]
Reducing Modern Malware Risks Using a Zero Trust Approach
Due to changes in technologies and the motives and methods of attackers, traditional technical and administrative controls no longer effectively reduce the risks of confidential data breaches.
Thousands of applications bypass stateful inspection firewalls. Tech savvy users go through proxy servers undetected. Anti-virus products detect only a fraction of the malware used to compromise devices.
End users are baited using phishing and other social engineering techniques to click on links which take them to malware-laden web pages. You can be compromised by simply opening a malicious email! Corporate web applications are relentlessly attacked and compromised despite improvements in Secure Development Life Cycle.
This means you can no longer "trust" any network, device, or user. This is Zero Trust.
Cymbel has researched and developed a set of practical recommendations based on a Zero Trust Approach to reduce the risks of modern malware.
1. Update Network Security with Next Generation Firewalls
2. Use a "sandbox" to detect threats in unknown files
3. Establish Protected Enclaves to control access to applications and resources
4. Use a specialized anti-phishing email protection service
5. Use Threat Intelligence to prioritize vulnerability remediation
6. Use machine learning algorithms to detect compromised and malicious users
7. Implement an Incident Response system to minimize incident costs
8. Deploy a cloud-based service to discover, analyze, and control Shadow IT
9. Monitor your partners' security postures using a cloud-based service
10. Deploy an Enterprise Key & Certificate Management (EKCM) system
11. Deploy a backup, cloud-based DDoS Mitigation Service
12. Deploy a non-signature-based endpoint malware detection control
- Why phishing attacks are nastier than ever
- The evolution of SIEM
- What is a ‘sophisticated’ cyberattack?
- Zero Trust on the Endpoint
- Introducing Next-Generation Honeynets
- Introducing Active Breach Detection
- Introducing the Cloud-DMZ (TM)
- Next Generation Firewall Best Practices
- Perspective on NSS Labs – Palo Alto Networks controversy
- Detecting unknown malware using sandboxing or anomaly detection
- How Palo Alto Networks could have prevented the Target breach
- Two views on FireEye’s Mandiant acquisition
- Response to Stiennon’s attack on NIST Cybersecurity Framework
- Detection Controls Beyond Signatures and Rules
- The Secrets of Successful CIOs (and CISOs)
- DropSmack: Using Dropbox Maliciously
- Practical Zero Trust Recommendations
- The Real Value of a Positive Control Model
- Surprising Application-Threat Analysis from Palo Alto Networks
- The story behind the Microsoft Nitol Botnet takedown