Zero Trust Network Security Archives

Remediant launched Remediant PAM+

Posted on August 23, 2022 by admin

Remediant has launched Remediant PAM+, a strategy designed to safeguard access while speeding up enterprise zero trust initiatives. With its agentless SecureONE product, Remediant is at the forefront of the PAM+ movement. In the last twelve months, the company has doubled its ARR and deployments, and more than half of these deployments have fulfilled functionality commitments made by antiquated PAM vendors but never kept.

Raj Dodhiawala, Remediant President & CEO stated, “Privilege sprawl and credential misuse is a factor in nearly every cyberattack, so much so that both are being specifically identified as reasons for rapidly increasing cyber insurance premiums. The innovative PAM+ strategy promises to disrupt the stagnant PAM solutions market and truly solve for the today’s operational and cybersecurity pains. Remediant is laser-focused on protecting access, thereby preventing lateral movement for every customer – regardless of size, architecture model or vendor ecosystem.”

Customers have confirmed that SecureONE prevents lateral movement, frustrates red teams, and satisfies cyber insurance requirements for lower premiums. Legacy PAM falls short of this level of security, bolstering Remediant’s PAM+ strategy. For the second year in a row, Remediant was named as an Honorable Mention in the Gartner Magic Quadrant for Privileged Access Management in 2022.

These days, password protection is insufficient. Because of privileged identity sprawl, a huge attack surface that attackers covet, cyberattacks continue to be successful despite significant investments in legacy PAM solutions.

According to the MITRE ATT&CK framework, admin credentials are essential to every successful cyberattack because they allow attackers to take advantage of privilege sprawl and move laterally to access an organization’s most valuable data and intellectual property.

PAM+ goes above and beyond traditional PAM methods to tackle these risks head-on. PAM+ adds value to the customer’s zero trust journey through six capabilities:

Eliminates the pointless privilege access that is always on and available.
Minimizes the effects of hacked admin credentials
Makes malware that steals passwords ineffective
Utilizes multi-factor authentication to route all administrative access

Increased IAM/PAM program maturity through access protection
Delivers value quickly and integrates seamlessly into IT and security workflows without using agents.

Deloitte launches Zero Trust Access!

Posted on July 13, 2022 by admin

Deloitte is launching a new managed service, Zero Trust Access, to help organizations adopt zero trust more quickly and efficiently. This service offers a cloud-native approach to securing communications between users on any device, and enterprise applications, wherever they may reside. To access organizational resources across identities, workloads, data, networks, and devices, the Zero Trust concept pledges to eliminate implicit trust from an information technology (IT) ecosystem and replace it with a risk-based approach.

Andrew Rafla, Deloitte Risk & Financial Advisory’s zero-trust offering leader and principal, Deloitte & Touche LLP, said, “As perimeter-based approaches are no longer suitable to secure the modern enterprise, many organizations are working to enhance protection for their IT ecosystems via zero trust. Zero Trust Access was built as a turnkey managed service helping ourselves and our clients accelerate the adoption of this transformative security framework. Our goal was to create a cost-effective solution that can be delivered standalone or complementary to a broader ecosystem and ultimately help decrease the burden on IT and security teams who likely need to manage multiple heterogeneous solutions to achieve similar outcomes.”

Zero Trust Access provides innovative data protection that uses device-level secure microcontainer technology to safeguard infrastructure while enabling businesses to safeguard sensitive enterprise data and enforce the least privilege through dynamic access control to corporate assets. The virtual private network (VPN), virtual desktop infrastructure (VDI), and desktop as a service (DaaS) are just a few examples of remote access solutions that can be replaced by managed services. These solutions typically require significant infrastructure investments, high operating costs, and overhead for technology management.

The features of Zero Trust Access include ephemeral connectivity based on secure peer-to-peer (P2P) communication, conditional access, continuous authorization, and robust data protection for data at rest, in use, and transit. These features are consistently applied to each session, regardless of the type or location of the applications being accessed (e.g., legacy hosted applications, software as a service (SaaS), thick-client, web-based applications). Organizations can benefit from outcome-based solutions that increase business agility, boost user productivity, and lower the cost and complexity of security operations by implementing zero trust access.

Cloudflare launches the Cloudflare One Partner Program!

Posted on June 24, 2022 by admin

Cloudflare launches the Cloudflare One Partner Program which enables all sizes of companies to adopt zero trust strategies. This program is built around their Zero Trust, Network as a Service, and Cloud Email Security offerings. It aims at helping channel partners deliver on the promise of Zero Trust while generating real revenue from this significant architecture through a wide range of tools, enablements, and rewards.

Matthew Prince, co-founder, and CEO of Cloudflare, “In order to keep today’s business environment protected and productive, organizations need a unified solution to secure their distributed workforces and at the same time accelerate employee systems. But another key piece is broad adoption, and that’s why we’ve been working to seamlessly layer this into organizations without interruptions. Critical architectures like Zero Trust shouldn’t be complex, yet we hear every day from businesses that don’t know where to start. That’s why we have modernized how partners can fully implement and deliver what organizations of all sizes need most today.”

Benefits of Cloudflare One Partner Program:

Cloudflare is aiming to help build a better internet for everyone. With no additional hardware, software, or coding changes required, the Cloudflare product suite secures and speeds up any Internet application. One of the robust incentive programs for extending Zero Trust exists today due to Cloudflare’s deeply integrated strategy and direct paths for channel partners, which enable partners to:

Guide customers at every step
Deliver comprehensive solutions
Automatically protect users from phishing attacks
Secure every connection with Zero Trust controls while accelerating users and services

Gary Alterson, Vice President, Security Solutions at Rackspace Technology said, “By furthering our partnership with Cloudflare in the new Cloudflare One Partner Program, Rackspace Technology is able to deliver Cloudflare’s leading Zero Trust solutions paired with Rackspace Elastic Engineering and professional services at their massive scale and with continued implementation support. Since partnering with Cloudflare to develop Zero Trust solutions, we’ve already seen strong engagement with clients and prospects such as the likes of one of the world’s largest creative companies.”

Netskope Improvised Netskope Private Access

Posted on June 22, 2022 by admin

Netskope announced significant improvements to Netskope Private Access, the zero-trust network access (ZTNA) foundation of its security platform. Customers of Netskope can now apply zero trust principles to the broadest range of hybrid work security requirements, including SaaS, IaaS, private applications, web, e-mail, and endpoint devices.

In hybrid work environments, enterprises are rapidly adopting Secure Access Service Edge (SASE) technology architecture. ZTNA is critical to SASE, it enables organizations to transition from legacy remote access VPN infrastructure to a modern, efficient, and secure infrastructure.

Netskope Private Access, which provides ZTNA services, is an essential component of the Netskope Intelligent SSE platform. It connects users to corporate resources anywhere, using any device, and continuously evaluates context and adapts to reduce risk. This context has now been extended to the enterprise data layer, leveraging Netskope’s unified DLP capabilities. Netskope provides advanced data protection capabilities, which are highlighted as an area where other SASE and SSE vendors fall short.

John Martin, Chief Product Officer at Netskope stated, “Enterprises need data-centric ZTNA—period. Private applications often house some of an organization’s most valuable information, including trade secrets and code repositories, and are an absolute must for comprehensive data protection capabilities. These key enhancements to Netskope Private Access extend Netskope’s award-winning zero-trust data protection capabilities that much further, offering enterprises multiple options to protect the information, from inspecting private application traffic to applying DLP in risky use cases such as third-party access and BYOD.”

A hybrid work environment needs the ability to apply zero trust principles to govern user, device, network, application, and data behavior, thereby increasing confidence in policy enforcement everywhere. Under zero trust, technology resources no longer implicitly trust any entity seeking to connect. The resource can determine an appropriate level of confidence, or trust, only for that specific interaction and by evaluating several contextual elements such as user role and identity, device identity and security posture, time of day, data sensitivity level, and more. Businesses become more agile, reduce risk, and streamline application deployment and ongoing maintenance because of using Netskope Intelligent SSE with zero trust data protection throughout.

Chris Rodriguez, Research Director of Security & Trust at IDC stated, “Zero trust network access is all about optimizing the balance of enabling access and mitigating risk, and the most effective ZTNA solutions, including Netskope Private Access, help reduce the risk and exposure associated with legacy remote-access VPNs. Enterprises should be pleased to see that Netskope continues to innovate and has now added capabilities to strengthen data protection policies across the widest range of use cases, from SaaS to private apps.”

Everything you need to know about Zero Trust Security in 2022!

Cloudflare Added Enhancements to its Zero Trust Security Platform

Posted on June 21, 2022 by admin

Cloudflare has added several new capabilities to its zero-trust SASE platform, Cloudflare One. It is the only cloud-native zero-trust solution with a global network scale. Cloudflare One now comes with advanced email security protection, data loss prevention tools, a cloud access security broker (CASB), and private network discovery. It can be used by any organization to provide a comprehensive and deeply integrated zero-trust security and networking solution to protect and accelerate the performance of devices, applications, and entire networks to keep workforces secure and productive.

Matthew Prince, co-founder, and CEO of Cloudflare stated, “When I sit with customers, they share that one of the most daunting aspects of Zero Trust security is simply where to begin. Making matters worse, every vendor has a different definition for Zero Trust, turning a critical approach to security into a misunderstood and overused term. We believe Zero Trust must extend to the entire network, all the way from email to data centers, and accelerate user and endpoint connections, not slow people down. And we want to give every customer a step-by-step guide for what they can do today, this week, and this month to make themselves more secure regardless of what vendor they use.”

Cloudflare One unifies network security-as-a-service built natively into one of the world’s largest networks, delivering fast, dependable global connectivity, cloud-based security, and improved visibility and control via a unified dashboard and API. Organizations can easily secure their applications and employees against the modern threat landscape using Cloudflare’s Zero Trust platform without incurring complex integration costs or disrupting employee productivity, as many legacy systems do.

Cloudflare One is a comprehensive zero-trust SASE solution that is natively built into Cloudflare’s global network, which spans more than 270 cities in over 100 countries. This deeply integrated approach enables organizations to automatically protect users from phishing attacks. Because email is one of the most common cyber-attack vectors on the Internet, integrated email security is critical to any true zero-trust network. Malicious links will be quarantined automatically in a remote browser session by combining leading phishing protection from Cloudflare’s recent acquisition of Area 1 Security with Cloudflare’s cutting-edge Browser Isolation.

Cloudflare’s global network enabled zero trust filtering will be applied to everything, whether users are connecting to internal resources, the Internet, or simply opening an email. It will ensure secured connections for all along with zero-trust controls while speeding up users and services.

Cloudflare’s zero-trust platform offers real-time controls with built-in data loss prevention tools to scan for sensitive information or against data-at-rest with an API-driven CASB. It also provides in-line scanning with comprehensive data controls in all locations.

It helps connect and secure data, devices, offices, cloud networks, and other resources without the use of hardware boxes. Cloudflare Magic WAN is now generally available, allowing businesses to accelerate and secure their networks at a fraction of the cost of legacy MPLS architecture.

Read more articles:

Everything you need to know about Zero Trust Security in 2022!

Appgate SDP 6.0 to Accelerate Zero Trust Security

Posted on June 3, 2022 by admin

Appgate launched Appgate SDP 6.0, the latest version of its Zero Trust Network Access (ZTNA) solution. The new version includes a new risk model capability, allowing customers to extend the value and reach of their existing enterprise security tools to simplify and accelerate Zero Trust deployments. Appgate offers a market-leading Software-Defined Perimeter solution, the Consumer Access suite of Risk-Based Authentication and Digital Threat Protection capabilities, and the Immunity suite of offense-oriented software and adversary simulation services.

Customers will be able to assign high/medium/low sensitivity levels to specific workloads and resources with Appgate SDP 6.0’s new risk model capability. It will provide a simple, flexible way to compare user/device risk at sign-on, via existing security tools, to the sensitivity of the resource they are attempting to access. The risk model will then adjust access rights dynamically based on the risk score.

Jawahar Sivasankaran, President, and Chief Operating Officer, Appgate stated, “While Zero Trust is becoming more widely adopted, many organizations have very complex IT environments, including a wide range of already-deployed security tools, and it can be difficult to know where to begin. The user-friendly risk model in the latest version of Appgate SDP will help organizations get the most out of the cybersecurity investments they’ve already made while bringing these tools forward into a Zero Trust security model. We’re focused on continually innovating our solutions to help our customers simplify their cybersecurity journeys, accelerate progress, and scale as their IT infrastructures evolve.”

The new Appgate SDP flexible risk model will enable organizations to easily integrate with existing security tools and map workloads and users. It will also help them quickly deploy and scale the solution and support by providing seamless access to the resources. It also offers automated protection for organizations’ most valuable assets.

Jerry Chapman, engineering fellow at Optiv commented, “Advancing Zero Trust maturity is an iterative, multi-year process, but that doesn’t mean that you can’t make real progress in a relatively short period. A solution like Appgate SDP can provide organizations with the flexibility they need to easily integrate into their cybersecurity stack and simplify the process of defining risk parameters for secure access.”

Read more articles:

Zero Trust Security in 2022!

NanoLock to Ensure the Security of ICS Devices

Posted on May 18, 2022 by admin

NanoLock Security will provide device-level security solutions for legacy, new industrial machinery, and smart factory production lines. NanoLock has released its full suite of tailored cybersecurity solutions for the industrial and manufacturing markets, which has been tested with customers in Europe and is now available globally. NanoLock’s industrial solutions are available in the United States through World Wide Technology (WWT), a major American professional services integrator.

NanoLock’s zero-trust industrial product suite was developed in collaboration with industrial and manufacturing companies. It will protect ICS devices and industrial machines and ensure the operational integrity of machines and production lines while having no impact on performance or functionality. This innovative and unique solution, which is easily integrated into devices and systems, ensures the integrity and safety of connected industrial devices from multiple attack vectors, including outsiders, insiders, supply chain sources, and human errors.

Eran Fine, CEO of NanoLock commented, “The chaotic reality of the cybersecurity landscape is that there is no way to know where the next attack will come from, so the world must move away from detection to prevention to ensure business continuity. The recent joint cybersecurity advisory emphasizes the need to adopt a different security approach, to better protect the industrial/OT environment for both legacy and new machines.”

It is impossible to predict where the next APT will come from in current cyber scenarios – state-level conflicts, financial hackers, insiders, or anyone along the supply chain. NanoLock’s Industrial Solution Suite is patent-protected. It prevents APTs and other cyberattacks on industrial machines, programmable logic controllers (PLC), industrial control systems (ICS), and Supervisory Control and Data Acquisition (SCADA) devices by employing a device-level Zero Trust security approach that prevents unauthorized changes to their functionality.

NanoLock’s Zero Trust security solutions follow most of the recommendations made by the US Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation’s Cybersecurity Advisory (CSA) released on April 13th (FBI) and the National Security Agency (NSA).

Read more articles:

Zero Trust Security in 2022!

Everything you need to know about Zero Trust Security in 2022!

Posted on May 6, 2022 by admin

Before being permitted or maintaining access to applications and data, all users, whether inside or outside the organization’s network, must be verified, authorised and continually checked for security configuration and posture. Zero Trust presupposes that there is no typical network edge; networks can be local, cloud-based, or a blend of the two, with resources and workers located anywhere.

For today’s modern digital transformation, Zero Trust is a framework for safeguarding infrastructure and data. It specifically addresses today’s business concerns, such as securing remote workers, hybrid cloud systems, and ransomware attacks. While several suppliers have attempted to define their own terms.

Why adopt a zero-trust security model?

Cybercriminals targeting business-critical and sensitive data, such as personally identifiable information (PII), intellectual property (IP), and financial information, may find cloud settings appealing targets.

Even though all data breaches will never be completely eradicated, and no security plan is perfect, zero trust remains one of the most effective security solutions today. Zero trust minimizes the attack surface and negates the effect and intensity of cyberattacks, saving time and money in the aftermath of a breach.

Benefits of zero trust

1. Minimize company and organizational risk

Zero trust solutions prevent all apps and services from communicating until their identity attributes—immutable qualities that comply with predefined trust rules like authentication and authorization—are confirmed.

As a result, zero trust decreases risk by revealing what’s on the network and how those assets communicate. After baselines are established, a zero-trust strategy reduces risk by eliminating overprovisioned software and services and reviewing the “credentials” of every communication asset on a regular basis.

2. Take command of cloud and container environments.

Security professionals’ biggest concerns about going to the cloud are access management and visibility loss. Despite improvements in CSP security, workload security is still a shared responsibility between your company and the CSP. However, you can only influence so much within the CSP’s cloud.

Security policies are imposed depending on the identity of communicating workloads and are related directly to the workloads themselves in a zero-trust security architecture. This keeps security as close to the assets that need to be protected as feasible, independent of network constructions like IP addresses, ports, and protocols. Protection follows the workload and remains consistent when the environment shifts.

3. Reduce the possibility of a data breach

Every entity is assumed hostile based on the concept of least privilege. Before “trust” is provided, each request is examined, users and devices are authenticated, and permissions are evaluated. As the context changes, such as the user’s location or the data being accessed, this “trust” is regularly reviewed.

An attacker who gains access to your network or cloud instance via a compromised device or other vulnerability will be unable to access or steal your data if you lack trust. Furthermore, the attacker will have nowhere to go because the zero-trust architecture produces a “safe section of one” with no way to move laterally.

Votiro and Thales Extended Partnership to Enhance Zero Trust Solutions

Posted on May 5, 2022 by admin

Votiro and Thales are expanding their partnership to provide enhanced zero trust security solutions and the full lifecycle protection of inbound, outbound, and at-rest data. Votiro will integrate Votiro’s Zero Trust CDR solution, Votiro Cloud, with the Thales CipherTrust Data Security Platform.

The Thales CipherTrust Data Security Platform combines data discovery, classification, data protection, and unprecedented granular access controls with centralized key management, all on a single platform. When combined with Votiro Cloud technology, organizations can include data sanitation alongside Thales’s data discovery, protection, and control offerings.

Ravi Srinivasan, CEO of Votiro commented, “The increased reliance on cloud storage environments, such as S3 buckets, and file transfer capabilities have underscored the growing need for ransomware prevention and content security. In a world where digital files need to cross multiple networks and trust boundaries for productive work, these files must be secure and safely delivered, to not disrupt the business processes. We’re excited to partner with Thales to further our joint mission of enabling companies to operate freely without risk of any hidden threats delivered through malicious files or losing sensitive data and intellectual property in the process.”

Votiro’s technology scans and sanitizes user data before classifying, encrypting, and storing it in cloud environments like S3 buckets. By incorporating Votiro’s advanced CDR capabilities into Thales’ workflow, Votiro and Thales will provide a joint end-to-end data security solution that proactively prevents ransomware and zero-day attacks.

Votiro’s Zero Trust content security architecture provides users with safe file content wherever it is accessed while also proactively preventing evasive and unknown cyber threats. Zero Trust is applied to a customer’s automated file processing or application-to-application file transfer process by Votiro. Votiro’s scalability, speed, and depth/breadth of accepted file formats place them in an excellent position to assist enterprises in achieving file security. For high-volume operations, files are processed at scale, and the entire process occurs in milliseconds, completely invisible to the end-user.

Read more articles:

Banyan Security Released Team Edition

Keeper Secrets Manager, the First Zero-Trust and Cloud-Native Solution

Absolute Software Enhances its Security Access Product Portfolio!

Posted on April 8, 2022 by admin

Absolute Software, today announced new platform advancements that will allow clients to identify, and respond to possible endpoint security access threats across distant, distributed device fleets more quickly. This company is a leading provider of endpoint resilience solutions.

“The number of endpoint devices operating out of physical reach and off the corporate network has made it more challenging than ever for IT and Security admins to identify where their organization might be most vulnerable or exposed to risk,” said Ameer Karim, Executive VP of Product Management at Absolute. “These platform enhancements signal our ongoing commitment to delivering the visibility, intelligence, and self-healing capabilities our customers need to ensure devices and data remain protected, and critical applications stay healthy and resilient.”

IT and security professionals can now protect essential infrastructure, applications, devices, and data without sacrificing user productivity thanks to these product upgrades.

Benefits to users:

Security access enforcement and dynamic re-authentication:

Customers may now more simply deploy current cloud authentication solutions to reduce the risk of compromised credentials. The ability to challenge a user’s security credentials if the conditions or environment change, forcing them to re-authenticate using existing technology such as Multi-factor Authentication, is one of the new features.

2. Foundational zero trust security:

New ZTNA policy actions improve the capacity to protect employees against harmful applications and network destinations, as well as prohibit lateral movement.

3. Resilient deployment architecture:

Using active server technology, Absolute has added Resilience to its distributed network architecture, bringing the benefits of Software-as-a-Service (SaaS) to customer-managed environments, including high availability, horizontal scale-out, and zero downtime upgrades. Improved diagnostics and monitoring capabilities:

4. Truly resilient ZTNA:

Absolute’s self-healing ZTNA client for Windows is capable of autonomously reinstalling itself if it is tampered with, accidentally uninstalled, or otherwise stops working, ensuring that it remains healthy and offers the full value intended.