BACKGROUND:
Zero Trust Security means always connecting users and devices to applications, and never to the network. As a result, threats cannot spread laterally to infect other devices and applications. Because a business’ applications and users are invisible from the internet. If there is no attack surface to exploit you can’t attack what you can’t see. Expert weighs in below if these recent attacks can be prevented if Zero Trust Security model was adopted.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>Software supply chain attacks, like those against Kaseya VSA, allow adversaries to quickly multiply the scope of their attacks to hundreds or thousands of organizations. For today’s digital businesses, where organizations rely on an ecosystem of technology partners to operate, implementing a Zero Trust security model has never been more critical. Even with trusted tools and partners, organizations should assume that every connection could be a potential attack, and build their controls around identity and business policy enforcement to enable secure access to applications, not the network. <u></u><u></u></p>
<p>Using Zero Trust, applications and resources are not visible and cannot be discovered by the adversaries, thus eliminating the external attack surface.<u></u><u></u></p>
<p>As we continue to see an escalation in both supply chain and ransomware attacks, Zero Trust is the most effective way to reduce business risk, unlike traditional network security approaches that leave the front door open to potential attacks from trusted sources.</p>