Zero Trust model creator John Kindervag puts it like this: “The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.” He came up with the model in 2010, at a time when many businesses were just beginning to put foundational cybersecurity controls in place and over-relied on the assumed security inside their enterprise-owned network boundaries.
Navy Vice Adm. Nancy A. Norton, the director of Defense Information Systems Agency (DISA) and commander of Joint Force Headquarters-Department of Defense Information Network, outlined the way ahead for a cybersecurity paradigm shift that will help the U.S. military maintain information superiority on the digital battlefield.
A new Rapid7 research found that the security of the internet overall is improving. The number of insecure services such as SMB, Telnet, rsync, and the core email protocols, decreased from the levels seen in 2019. However, vulnerabilities and exposures still plague the modern internet even with the increasing adoption of more secure alternatives to insecure protocols, like Secure Shell (SSH) and DNS-over-TLS (DoT).
The Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency (NSA) have issued an activity alert due to the recent malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operational technology (OT) assets.
With telecommuting here to stay, now is the perfect time to re-examine just how much network access you are giving your users and machines. You might be shocked to see how open your network really is. Most organizations allow more access than their users or machines will ever need or should ever have – this excessive trust is what allows attackers who get into the network to spread and cause a lot of damage.
Honeypots were the first form of deception technology. IT security researchers started using them in the 1990s, with the intent to deceive malicious actors who had made it onto the network into interacting with a false system. In this way, honeypots could gather and assess the behavior of the malicious actors. They were not created for threat detection. However, things have changed a great deal in the years since honeypots were created – including deception technology.
The United States Department of Justice charged two Chinese hackers with global computer intrusion campaign to target intellectual property and confidential business information, including COVID-19 research.