<div dir="ltr"><a href="https://www.infosecurity-magazine.com/next-gen-infosec/principles-tech-next-cyber/">https://www.infosecurity-magazine.com/next-gen-infosec/principles-tech-next-cyber/</a><br><div><br></div><div><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Everyone is always looking for the next big thing but how do you know when the time’s up for the current tools?</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Over <a href="https://def.camp/impact-cybersecurity-five-years/" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">recent years</a>, we have faced increasing incidents of cyber-attacks and unprecedented technologies being used to cause data breaches.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">It’ll only get worse unless organizations adapt their <a href="https://www.infosecurity-magazine.com/opinions/improving-cybersecurity-higher/" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">cybersecurity strategies</a> to the principles and technologies of the current transformation in the state of enterprise cybersecurity.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Here, we discuss three of these big principles and highlight some of the technologies driving the trend.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><strong>Zero-Trust</strong></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Basically, this is a principle that strips security authentication systems of the assumption of trust when handling access requests.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">As against traditional security models, the zero-trust framework aims to ascertain the identity of a user and their legitimacy to be granted the required access.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">This moves away from dependence on hardware devices and <a href="https://www.infosecurity-magazine.com/news-features/2020-cybersecurity-predictions/" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">knowledge-based authentication</a> models, all of which may be easily breached/hijacked. By not trusting anything outside the network perimeter until the user’s identity is firmly established, organizations can greatly reduce incidents of data breaches.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><strong>Least Privilege</strong></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">One of the principles promoted in the zero-trust model is <em>least privilege </em>cybersecurity. The principle means that users do not have access to network resources beyond what’s necessary for fulfilling a (legitimate task).</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">The ultimate aim is to manage and reduce the impact of data breaches.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Essentially, if even the CEO cannot have access to more network resources than they require to fulfill an assignment, breaching the system through that endpoint limits the amount of damage that a cyber-attacker can wreak.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><a href="https://www.infosecurity-magazine.com/news/a-fifth-privileged-users-elevated/" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">Least privilege</a> appears to be a cross between smart permission management and advanced network segmentation that reduces a cyber-attack surface.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><strong>Edge Security and User Responsibility</strong></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">This is the <a href="https://startupgrowthguide.com/top-business-functions-that-are-best-outsourced-for-your-startup/" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">age of the distributed workspace</a>, which is a welcome development. However, eliminating the physical boundaries of office networks must require a transformation in organizations’ approach to cybersecurity.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Apparently, the edge has attained the same level of importance as the core. The cybersecurity technologies of the future would be those that place greater importance upon securing the edge from malicious infiltration.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">The fast-rising adoption of IoT makes this all the more important.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Companies need to focus on <a href="https://www.infosecurity-magazine.com/news/endpoint-pain-point/" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">securing endpoints</a>, wherever they exist. As expected, this means individual users (employees) have a greater responsibility in securing office data.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Therefore, new cybersecurity technologies must focus on empowering employees as the first line of defense, in order to resist attacks.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Now, to the specific technologies that implement these principles:</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><strong>Software-Defined Perimeter</strong></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">An SDP is used to segment network resources and limit access to approved users.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">SDP solutions use a zero-trust strategy and a least privilege model by assuming that everything outside the defined perimeter is untrusted.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Once connected to the network, a user is only granted access for carrying out a particular task as approved. Therefore, the larger network remains secure even if a data breach occurs.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><strong>Risk-Based Authentication</strong></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Traditional authentication systems are too rigid and that is a disadvantage. If everyone (regardless of the level of privilege) is only required to supply a password to access a system, it is only a matter of time before highly privileged accounts are breached.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">RBA prevents this by applying varying authentication requirements according to the sensitivity of the data to be accessed as well as the login context.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Therefore, <a href="https://www.infosecurity-magazine.com/opinions/authentication-lazy/" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">without using 2-factor authentication</a>, you can still deliver scalable and easy-to-use login authentication.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><strong>Secure Access Service Edge</strong></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><a href="https://www.perimeter81.com/solutions/sase" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">SASE</a> consolidates network connectivity and security functions into cloud-delivered solutions.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">With the rising adoption of remote work and distributed endpoints, SASE solutions govern access to network resources in a scalable way, ensuring security compliance across contexts.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><a href="https://blogs.gartner.com/andrew-lerner/2020/01/06/networking-predictions-2020-edition/" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">Gartner predicted</a> last year that “By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE.”</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><strong>Cloud Access Security Broker</strong></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><a href="https://www.gartner.com/en/information-technology/glossary/cloud-access-security-brokers-casbs" style="text-decoration-line:none;color:rgb(227,6,19);outline:0px">CASBs</a> are used to integrate multiple categories of security policies and enforce them as users try to access system cloud resources. A CASB operates between the users and the cloud service providers to enforce security compliance.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Some of the security policies may include authorization, malware detection and prevention, incident response, remote access, business continuity, etc.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><strong>Next-Generation Firewall</strong></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Traditional firewalls use stateful packet filtering; however, NGFWs go beyond by implementing security at the highest layer of the OSI model: the application layer.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">NGFWs also include an Integrated Intrusion Prevention System, Deep Packet Inspection, threat intelligence, and other capabilities not possible with traditional firewalls.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"><strong>Conclusion</strong></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">Enterprise cybersecurity has relied upon traditional VPNs, firewalls, encryption, antivirus, and other similar technologies. However, they have failed to deliver the kinds of cyber resilience required as the world of work changes.</p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px"></p><p style="line-height:1.5714em;margin:0px 0px 16px;color:rgb(51,51,51);font-family:Bitter,"Times New Roman",serif;font-size:14px">The next generation of cybersecurity will require that tools and technologies assume no trust but instead authenticate everything that tries to access a network.</p></div></div>