NEW VIDEO: Security Weekly - How to protect AWS metadata services (used in Capital One breach). Watch now!

Zero Trust: Filling the Gap of Too Much Security, Not Enough Effort

“We control our own networks,” declared Adrian Sanabria, VP of Product Strategy and Marketing at NopSec during Black Hat 2018. While you could read this as a “duh,” Sanabria’s point is a salient one; for far too long the security community has allowed attackers to gain the upper hand in manipulating our organizations' networks. With this statement Sanabria certainly wasn’t implying that wresting back advantage is easy, however, he did point out that there are ways defenders can affect better security for the effort they’re expending.

Zero trust is one of those strategies. For one thing, said Sanabria, “Zero trust is becoming important because most of our [previous] efforts to segment networks and apply least privilege to networks and access controls to devices on our network have mostly failed” due to the complexity of past approaches and difficulty of using legacy tools. Zero trust, he said, gives security teams the flexibility and capacity to be more dynamic, a mandatory requirement in today’s attack-driven landscape. Through zero trust, microsegmentation and least privilege access (among other controls) are no longer sources of friction between security and other teams.

Whatever strategy or tactics you decide to use to secure your networks, Sanabria said it’s best to take a scenario-based approach, to look at what’s happening in your industry and with peers, or even just to imagine the worst-case situation. From there, the real work of gaining visibility begins: Security must understand how networked systems talk to one another, how data flows through those systems, how many assets are involved... To hear more of Sanabria’s guidance, take a quick listen to his interview, below.



Stay on the cutting edge. Subscribe to our blog.

Katherine Teitler, Director of Content

Written by Katherine Teitler, Director of Content

Katherine Teitler leads content strategy and development for Edgewise Networks. In her role as Director of Content she is a storyteller; a translator; and liaison between sales, marketing, and the customer. Prior to Edgewise, Katherine was the Director of Content for MISTI, a global training and events company, where she was in charge of digital content strategy and programming for the company's cybersecurity events, and the Director of Content at IANS, where she built, managed, and contributed to the company's research portal.