now browsing by tag


Why I don’t trust US VPNs | #predators | #childpredators | #kids | #parenting | #parenting | #kids

[ad_1] James Martin/CNET Fast cars, Champagne and virtual private networks — some goods are best imported. It’s not about snobbery; it’s about getting the best value for your dime, especially […] View full post on National Cyber Security

How do I get my wife to trust me again? | #facebookdating | #tinder | #pof | romancescams | #scams

How do I get my wife to trust me again? | #facebookdating | #tinder | #pof | Dating Scams 101 “)), n = v(f[r.size_id].split(“x”).map(function (e) {return Number(e);}), 2), i.width = […] View full post on National Cyber Security

#hacking | Wikileaks Suspect Lost Agency’s Trust, CIA Hacker Tells Jury

Source: National Cyber Security – Produced By Gregory Evans Law360, New York (February 5, 2020, 6:23 PM EST) — A CIA computer expert told a Manhattan jury Wednesday that Joshua Schulte, the former CIA coder accused of giving secrets to Wikileaks, was a talented worker with “rough edges” whose workplace feuding caused intelligence officials to […] View full post on

Companies Pursue Zero Trust, but Implementers Are …

Source: National Cyber Security – Produced By Gregory Evans Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say. Worried about protecting data, the likelihood of breaches, and the rise of insecure […] View full post on

Never Trust, Always Verify: Demystifying Zero Trust …

Source: National Cyber Security – Produced By Gregory Evans

The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it’s to eliminate the concept of trust from digital systems altogether.

Standard security models operate on the assumption that everything on the inside of an organization’s network can be trusted, but that’s an outdated notion. With attackers becoming more sophisticated about insider threats, new security practices must be taken to stop them from spreading once inside networks.

Enter Zero Trust, which is a cybersecurity strategy that addresses the shortcomings of these failing approaches by removing the assumption of trust altogether. Though much mythology surrounds the term, it’s crucial to understand the point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it’s to eliminate the concept of trust from digital systems altogether.

Simply put, the “trust” level is zero.

Understanding What Zero Trust Is and Isn’t
Zero Trust is not only a general best practice but also a strategic security initiative. Breaches often have been tied to internal causes, either malicious or accidental, which means sensitive business and customer data must be protected by giving users the least amount of access needed for them to do their jobs.

Adopting a Zero Trust architecture defines the business use of segmentation and provides a methodology for building a segmented network. Zero Trust architecture is like tailoring a suit. Think about how custom clothing is made — the designer first measures you, then creates a pattern and next, after those two steps are complete, the sewing begins. Zero Trust follows a similar process. The only way to architect an effective and secure network is by first understanding what needs to be protected and how those systems work.

Zero Trust is a powerful prevention strategy when implemented across the entire enterprise — from the network to the endpoint and to the cloud. With a comprehensive approach, Zero Trust becomes a business enabler. Here are the methodologies I recommend following when implementing a Zero Trust network architecture to simplify protection of your sensitive data and critical assets.

Zero Trust Methodologies
Minimize Risk
Protect critical assets by limiting access by role and a “need-to-know” basis. It’s crucial to inspect all traffic for malicious content and unauthorized activity, both inside and outside your network, and also ensure all data and resources are accessed securely based on user and location. You must identify the traffic and data flow that maps to your business flows, and then have the visibility into the application, the user, and the flows.

Understanding who the users are, what applications they’re using, and the appropriate connection method is the only way to determine and enforce policy that ensures secure access to your data. Additionally, it’s important to adopt a least-privileged access strategy and strictly enforce access control. By doing this, businesses can significantly reduce available pathways for attackers and malware, and prevent attackers from exploiting vulnerabilities hidden in trusted applications.

Simplify Operations
Security teams can automate and streamline Zero Trust policy management, from creation and administration to deployment and maintenance. Simplify deployment and enforcement with a next-generation firewall, architected around User-ID and App-ID. Security teams must be able to define things with higher fidelity to keep their companies secure. One of the key steps to a Zero Trust network is to ensure that teams write their policy rules on the segmentation gateway based on the expected behavior of the data, the user, or applications that interact with that data. This is what next-generation firewalls, serving as a segmentation gateway in a Zero Trust environment, allows you to do.

Accelerate Execution
Another core tenet of Zero Trust is to log and inspect all internal and external traffic for malicious activity and areas of improvement. To better monitor environments, evaluate where you may already have security analytics to make the most of the tools you already own. It’s also important to reduce time to deploy, manage, and integrate across your enterprise — on-premises, within the cloud, and across partner ecosystems. Security teams should also effectively use limited resources by minimizing incident volume and reducing response and remediation time for critical incidents, which will also simplify compliance and auditing.

With a Zero Trust approach, businesses can protect what matters — their data, assets, applications, and services.

Related Content:

John Kindervag is the Field CTO at Palo Alto Networks, where he advises both public and private sector organizations on how to solve their toughest cybersecurity challenges, including best practices in the design and building of Zero Trust networks.
Prior to joining Palo … View Full Bio

More Insights

Click here for the source of this story.

The post Never Trust, Always Verify: Demystifying Zero Trust … appeared first on National Cyber Security.

View full post on National Cyber Security

Why #trust is the #essential #currency of #cybersecurity

Cisco trust strategy officer Anthony Grieco spoke with TechRepublic’s Dan Patterson about how organizations can improve security by building trust.

Watch the video or read their conversation:

Patterson: Humans remain the intractable cybersecurity problem. They also represent a cybersecurity potential solution … I wonder if we could start with that premise, that trust is, and that humans are the challenge for cybersecurity and trust is one way to solve that problem.

Patterson: When a company, when an enterprise company engages with partners and other enterprise companies or even other SMB’s and start ups, cybersecurity can emerge as a big, big threat to intellectual property, to potential hacking and upstream challenges. How do you encourage organizations, or how can we build trust amongst partners and encourage communication and collaboration in ways that would tamp down on hacking and other cyber problems?

Grieco: Yeah, Dan it’s good to be back with you again. You know it’s a really critical set of conversations that we need to be having as an industry. This notion of the role that humans play and how companies need to be thinking about cybersecurity and the role that trust plays around their business is really critical. We see so many of those companies that have traditionally not been digital companies, are now becoming and using digital technologies in ways that are transforming their businesses.

Humans are a critical component to that. I spoke to a bank the other day and it’s a major bank, and they describe themselves in a few years they were going to be just a technology company with a bank logo on the outside of their building. So, this use of technology and digitalization is really transforming the business landscape and the use of and the building on the notion of trust that has been built in many of those brands for years, is a really critical component to where businesses need to go.

So we think about that and we think about the role that trust plays and we think about how digital businesses and those legacy businesses that are transforming, need to explicitly think about how security, data protection and privacy really play a foundational role in continuing to build that trust that businesses have built over the years.

Patterson: Trust is really a currency and it can accrue over time. Especially as businesses are undergoing what you describe which is digital transformation. So many companies now think of themselves as that, the bank that you described, a technology firm that happens to do their industry vertical.

What are some of the risks of trust building or after you’ve built trust, of eroding some of the trust equity that’s been built?

Grieco: Yeah, the currency analogy and the currency of trust is, I think is a really important thing for businesses to think about. Trust is liquid, it can come and go. It can be destroyed, it can be created in the context of your customers and how it is you’re thinking about these discussions. Ultimately trust must be backed by something as well. This is really foundationally what we see our customers really beginning to grapple with.

For many years in this notion of businesses have treated the digital technologies as implicitly trusted, and today more and more we see this notion of explicit trust. What we see, many times, and you talk about what the risks are around trust and the digital transformations, we see trust being destroyed when there’s not the clear notion of being transparent with the customers about expectations.

Ultimately we think this notion of explicitly giving customers artifacts and evidence and reasons why they should be trusted as a third party, as a provider, as a partner, really becomes foundational to the notion of building trust, continuing to build that currency.

Ultimately fulfilling the expectations of your customers. You know, when we think about that for us, we think about it quite a bit in making sure that we’re transparent with our customers about how we do security in our development processes. How we’ve built a culture around security data protection and privacy as it relates to the overall discussions with our company.

Ultimately we really tell our customers and encourage our customers to understand the behaviors and expectations of us as a business and look to provide evidence to build that trust. Without those things, we see customers beginning to worry. So the risks, from a business perspective are really transparent today. Today, there’s friction in this market space.

Customers are worried about this conversation, they’re worried about security, they’re worried about data protection, they’re worried about privacy. Being proactive, from a business perspective and being transparent about how you’ve built trust into what you’re producing and delivering from a digital perspective can give you an advantage from a business. Both to differentiate yourself and to remove that friction that’s existing in the market space today.

Obviously if you fail in these fundamental areas you risk destroying the trust that you’ve built. The destruction of that trust is not necessarily just tied to the digital world. It can be tied to that legacy of trust that you’ve built across your business for many years.

Patterson: I love the idea of exchanging of artifacts or doing the things that we do just as humans that accrue trust over time, but when enterprise companies have a real concern over exchanging of intellectual property or sharing protocols and procedures that may be inappropriate to share outside of the company, how do you exchange or in what ways have you seen a good examples of companies exchanging trust artifacts or behaving in a way that will accrue trust that other companies could learn from? Even if they have these types of sensitive protocols or data.

Grieco: Yeah I think there’s a tiered approach that we’ve taken and we’ve seen many take in the context of this conversation. First we think it’s really important to be broadly public about the overall approach to how your building explicit trust. For us, that’s talking about our secure development life cycle, or vulnerability disclosure policy.

All of those things are really broad and public facing and frankly meant to be consumed by all of our customers to help them understand the breath and depth of the things that we’re doing as a company. There’s next layers of things, more advanced customers may ask us more advanced questions and indeed, non-disclosure agreements and limited environments in which you display that information can be techniques that are used in many cases to help do these things.

In many cases we share for instance, testing results with our products, of how we’ve security tested our products. In limited environments with customers to help them build confidence in what it is we’re doing as a company to implement those practices that we’ve talked about in our secure development life cycle and many others.

In some limited instances it may even make sense to go even deeper, into a deeper relationship, a deeper partnership with those customers that are really looking at you as a critical provider of technology and capability to them, in order to get into really deep conversations about design and architecture and many of those sorts of things.

We look at it from a risk perspective every time we do this. We look at risk as it relates to ourselves, we look at risk as it relates to all of our customers. So when we think about those trade-offs that we make in the context of exposing that information, it is really critical that we understand not only the risk to us as a company but the risks and the secondary risks to everyone of our customers when we take on these activities.

I will say though, the trend in this conversation is one that is more towards public disclosure. More towards openness and more towards transparency in all aspects of these businesses because there’s such a hunger from the marketplace to really understand what’s going on in this space.

SEE: Hiring kit: IT audit director (Tech Pro Research)

Patterson: I’d love to go back to what you mentioned a moment ago, as well as that hunger for transparency. So when we see a consumer facing data leaks, like what happened with Facebook and Cambridge Analytica, there is this changing of, going from implicitly trusting everything to maybe I should pull back a little bit. Although that’s in the consumer space, have you seen a similar reaction in the enterprise or the B2B data space in terms of how customers think about data, data availability and changing the default motion of implicit trust true to, or implicit trust to trust building or actions that accrue trust equity over time?

Grieco: 100%. It’s begun well before any of the events that you described and it’s been led up to by high profile breeches that have been well documented that have really created the awareness to what businesses in particular need to be thinking about and beginning to explore when it comes to risks that they’re taking around trusting implicitly in the ICT space and the connected technology space.

So the trends and the sets of questions that we get from customers is really only accelerating when it comes to complexity and depth that we’re being interrogated at as a critical provider of technologies to customers.

Indeed, I think the awareness that is being raised by all of the high profile breeches and the behavior change that we see from our customers reflects the importance and awareness that we now see in the context of this discussion.

For so many years we’ve really though about cybersecurity as an awareness problem, I would tell you that I think this conversation that we’re having around trust and explicitly being trusted as an artifact of the fact that we’re no longer in the need to raise awareness to cybersecurity.

The awareness is there, the need and understanding from a customer, it can, increasingly from consumers but especially from businesses and enterprises, they all understand what they’re, what they need to be, … they all understand they need to be thinking about it.

What we see them struggling with the most today is how to effectively and efficiently address those concerns. That’s again, where the notion of being proactive in the context of explicit trust is important. Putting those pieces of artifacts of data that really give the evidence to build those confidence and capabilities with those entities.

Whether it’s about data as you mention, how it’s protected, how it’s gathered, how it’s used, all of those sorts of really critical fundamental ideas around data, and more importantly and increasingly the resilience of the capabilities that are there. Are they going to be when they’re under attack? Are they going to be there when you need them to be?

Those two key topics are ones that we find really actively being engaged by our customers and I do believe it is an outcropping and an outcome of many, many of the recent high profile breeches that we’ve seen. Not just in the past six months, but frankly building over the past five years.


The post Why #trust is the #essential #currency of #cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How do #cyber-criminals use #trust as a #weapon?

Source: National Cyber Security News

For cybercrime to succeed, attackers need to convince users to trust them.

With the average person acquiring more sophisticated knowledge of the internet on a daily basis, it naturally follows that cyber-criminals are creating more advanced ways of carrying out attacks, particularly malware and ransomware.

Menlo Security, based in Palo Alto, California, released a report exploring how bad actors are using traditional measures of trust online to hoodwink unsuspecting web users. It’s referred to as trust-hacking.

CEO of Menlo Security, Kowsik Guruswamy, explained to “Trust-hacking is a real and credible threat for any internet user. In Menlo Security’s 2018 State of the Web report, we talk about ‘background radiation’.

“Every visit to a website has one’s browser connect to an average of 25 other background sites for ads, CDNs [content delivery networks], videos etc. This is one of the primary avenues for malware and ransomware infections on the web. The legacy web security solutions, unfortunately, simply don’t have any conclusive defences against these attacks.”

What makes a website risky?
Menlo researchers analysed the top 100,000 domains as ranked by Alexa to understand the risks we are taking when using the world’s most popular websites.

Read More….


View full post on National Cyber Security Ventures

Why you shouldn’t trust the “world’s most secure” email service

To Purchase This Product/Services, Go To The Store Link Above Or Go To Source: National Cyber Security – Produced By Gregory Evans If something seems too good to be true, it probably is. In the cybersecurity world, if something is said to be “unhackable” …

The post Why you shouldn’t trust the “world’s most secure” email service appeared first on

View full post on

5 Steps To Help You Build Trust When You’re Online Dating

One of the most common concerns people have about online dating is how to know whether someone you met on the Internet is trustworthy or not. I’ve learned through experience that there are steps you can take to build genuine and mutual trust with someone over the Internet. I was skeptical at first that this was possible. We’re just typing back and forth, I thought to myself, how do I know this person is who he says he is? Read More….

The post 5 Steps To Help You Build Trust When You’re Online Dating appeared first on Dating Scams 101.

View full post on Dating Scams 101

LifeLock tries to regain consumers’ trust with a new credit card management app, Identity


Source: National Cyber Security – Produced By Gregory Evans

LifeLock tries to regain consumers’ trust with a new credit card management app, Identity

Identity theft protection company LifeLock is back today with the launch of a new mobile app designed for better credit card management, called Identity. The goal with the app is to offer consumers a single place where they can view

The post LifeLock tries to regain consumers’ trust with a new credit card management app, Identity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures