“Zero trust” still confuses people—and for good reason. While the term conveys a certain absolute authority (“zero,” “nope,” “nothing”), contemporary approaches offer much more nuanced capabilities. And while zero trust today is typically associated with security initiatives, the concepts have their origin in the definition of network perimeters, who is granted access, and how that access is provided.

“Please enter the one-time-password (OTP) that has been sent to your registered mobile number.” The next time you see a statement like this remember that there is a definite reason behind it. IT administrators utilize a variety of security methods, including hardware and software solutions, to secure network data against unauthorized access and other threats. These mechanisms are a preventive measure that ensure network security.

As organizations continue to rapidly adopt cloud services, they struggle to expand network detection and response (NDR) capabilities to their hybrid and multi-cloud environments. Network visibility is critical for security operations center (SOC) teams to secure their cloud environments and ensure they can elevate threat detection and incident investigation capabilities. However, traditional NDR solutions require management, configuration and often lack the security context needed.

Another reason not to like your VPN. In networking we often discuss routing, packets, protocols and latency. It’s always been our lifeblood and our passion. Another area we are passionate about is hardware. A new router, firewall, switch or network appliance will elicit numerous debates and send us to a world of what if? What if I deployed this box to my network? How would it impact it? Would it make the network faster? Would it make my job easier?

A customer posed this question to me recently; after pausing and smiling (a little too) broadly, he continued, “Their lips are moving.” I thought this would be funnier if it weren’t partly true. The software industry has over-promised and under-delivered for years, making technical executives rightfully skeptical when they hear a new promise. Unfortunately, it’s common for software to lack promised features or to create new headaches when deployed across the enterprise.

ModSecurity is an open-source web application firewall (WAF) engine maintained by Trustwave. This blog post discusses multiple input interpretation weaknesses in the ModSecurity project. Each input interpretation weakness could allow a malicious actor to evade some ModSecurity rules. Both ModSecurity v2 and ModSecurity v3 were affected. The issues have been addressed in v2.9.6 and v3.0.8, respectively.

The growing number and diversity of connected devices in every industry presents new challenges for organizations to understand and manage the risks they are exposed to. Most organizations now host a combination of interconnected IT, OT and IoT devices in their networks that has increased their attack surface.