Kevin Kerr, Lead Security Principal Consultant at Trustwave, participated in a discussion on Zero Trust with Steve Riley, Field CTO at Netskope during SASE Week 2021. The importance of Zero Trust is derived from how it functions. Instead of focusing on protecting a physical network, a Zero Trust network works by focusing on securing the resources that reside on or have access to the network such as data, identities, and services.
'Email is dead. It's a thing of the past.' In the IT industry, this statement, or something like it, is said regularly — usually corresponding with the rise of a new communication or collaboration platform. Each time this happens, it's prudent to remember a general rule around tools: as long as they retain specific advantages for the human beings using them, they generally endure.
The macro-economic consequences of COVID-19 have reached cybersecurity and the talented people who keep us secure. In some sense, invisibility is a hallmark of good cybersecurity, back-end operations running smoothly and keeping the assets, operations and reputation of an organization from harm. But this invisibility is built on proper resourcing, and in the last 18 months, we’ve seen a progressive erosion of the human resources behind successful organizational cybersecurity.
Over the last several years, Managed Security Service Providers (MSSP) have evolved, and some have started offering Managed Detection and Response (MDR) services as part of their overall security solution. However, an MSSP lacking MDR capability simply cannot provide the same level of security, particularly in today’s quickly changing environment that has seen remote and hybrid work become the norm.
In 2021, the cybersecurity industry was truly tested. Most notably, we uncovered the deeper fallout from the SolarWinds attacks, combatted the proliferation of advanced ransomware gangs and a surge in vulnerability exploitation, and saw fragile supply chain and critical infrastructure more targeted by attackers than ever. As global cyber defenders, predicting where the broad industry could be heading is a daunting task.
Iranian government-sponsored advanced persistent threat (APT) actors are exploiting known Microsoft and Fortinet vulnerabilities to attack targets with ransomware in the transportation, healthcare and public health sectors, according to an alert issued on Nov. 17 by the Cybersecurity and Infrastructure Security Agency (CISA).
