Protecting the perimeter is a concept as old as the first time someone had something of value. And there is a natural belief that we can better control and keep an eye on anything close to us.
It is tempting for organizations to view their computer systems the same way, placing them very close physically. But in the context of a modern enterprise that is trying to become digitized as quickly as possible to keep up with and beat the competition, the intangible nature of blending on-premises, cloud and partner resources blurs the lines in favor of bad actors. can do We need to start thinking about putting all of our computing resources into hostile territory.
“Zero trust” is a term that has recently been used to represent a set of principles that help network defenders view their home networks as hostile territory. A person who walks through the halls of a cyber-security salesperson, or consumes marketing collateral, can actually draw a lot of conclusions about “zero trust”, but I think the money has finally fallen and Now everyone understands that it is very important to be right.
Taking advantage of vulnerabilities in on-premises systems is a beach that has recently become popular with attackers. Ultimately, systems that are on-premises are because they’re vulnerable – well-known examples include Microsoft Exchange Server, SolarWinds, and even the holy grail, Microsoft CA. Many organizations have gone ahead and started using cloud versions of their email servers, their security management, and their public key infrastructure (PKI), but tens of thousands of organizations haven’t, and have suffered.
What all these trusted on-premises systems have in common is that their vulnerabilities invite attack, and enable the attacker to establish a beachhead. In the case of Microsoft CA, research recently shared at the Black Hat conference introduced tools to attack configuration vulnerabilities and steal root keys to create identities in home networks. Thankfully, researchers have also released tools to help mitigate those vulnerabilities, but fixing it requires work and technical knowledge. We have to face the fact that these on-premises systems are showing their age. Keeping the aging system close to the chest, and relying too heavily on what is closest, is becoming a weakness, not a strength.
Call it zero trust, or whatever you need to justify an effort to change, but the era of overestimating the systems behind the periphery is over. The new perimeter is the identity of the nodes connected to you. It is important to use the correct credential form factor to convey that identity. Digital certificates are the correct form factor in many cases, and the lifecycle management of those identities has evolved to handle the scale. Protecting the integrity of data moving across hostile network boundaries begins with encrypted communication with authenticated sessions. The goal is that, in the event an attacker reaches the beach, their next lateral move into your network will not be as easy as it is now.
visit for more information sectigo.com
basically . Published on business reporter
Credit: www.independent.co.uk /