FUTURE TECHNOLOGY controls and absolutes rather than decisions as to whether things are good or bad .
What is Zero Trust and how can the lack of proper implementation lead to security vulnerabilities for a company ?
Probably the best definition I have read was in the US government ’ s comprehensive federal response to the cyberattack targeting the Colonial Pipeline . In May 2021 , the US Colonial Pipeline fell victim to a cybersecurity attack that involved ransomware , forcing it to temporarily shut down all pipeline operations . Colonial transports nearly half of the East Coast ’ s fuel supply through a system that spans over 5,500 miles between Texas and New Jersey . This pipeline supplies the military and transports gasoline , diesel , home heating oil and jet fuel .
The US government , in a bid to fortify its security , released an executive order mandating Zero Trust for all organisations or groups already doing business or intending to deal with the federal government . As part of this mandate , the government defined what it meant by Zero Trust . A part of it said it ’ s about ‘ removing implicit trust . Assume a breach is inevitable or has already likely occurred . So , constantly limit access to only what is needed .’
I think that ’ s a brilliant way of approaching Zero Trust and security , to assume the bad guy is already in your system . And if you ’ re removing implicit trust ,
We authorise administrators to stop people from running operations they should not be running . this means you ’ re adding explicit trust . When organisations approach security by assuming the bad guy already has access to their servers , knows all their passwords and with the conscious effort to limit access to only what is needed , that approach will change their security level .
What are some of the benefits an organisation will enjoy by implementing the right Zero Trust platform approach ?
First , it gives administrators complete control over what runs on the machines and control is such a key factor . Working in this business for over 20 years , a handful of problems we encounter come from letting users run whatever they feel like running .
At ThreatLocker , we authorise administrators to stop people from running operations they shouldn ’ t be running . It ’ s called ‘ denial by default ’ rather than ‘ permit by default ’ and this is one step ahead of the traditional approach . So , one major benefit an organisation will enjoy by implementing the right Zero Trust platform approach is
control – and this control is based on the concept which allows you to trust but verify .
How unique is ThreatLocker ’ s cybersecurity approach and how do you help clients to protect their networks and assets in an environment that is increasingly complex and digitally hostile ?
At ThreatLocker , we start with the principle of default deny , which is : ‘ If it doesn ’ t need to run , don ’ t let it run and if it needs to run , let it run .’ This removes implicit trust and adds explicit trust .
In terms of a solution , we make it easy and manageable for small and medium businesses to implement Zero Trust within a short period of time . We do a lot of work for organisations in terms of onboarding by learning their environments , understanding where they are security-wise and creating a list of policies and rules to secure their systems .
Basically , ThreatLocker builds a Zero Trust security solution that offers a unified approach to protecting users , devices and networks against the exploitation of zero-
INTELLIGENT TECH CHANNELS 35