By Brad Pierce, Structured Managing Director of Security, CISSP/CISA/PCIP -- Zero Trust is a philosophy, a journey. No one manufacturer or security product will get you where you’re going. It will take all of your technologies, and likely some new ones, to arrive at a Zero Trust architecture. Trust is dead, long live trust! Zero Trust is a paradoxical name as it is not the elimination of trust but a specificity of trust (less catchy, I agree). It is an architecture where every user, system, service, device and packet gets to only access what it is authorized to access, in the right place, at the right time. A brief history Started in 2007 as the Jericho project, using a city fortress metaphor, it began to take shape as a new security architecture. It was intended to replace the old "castle and moat," or perimeter-based architecture, that was predominant then ... and still is today. In 2011 Google ambitiously developed Beyond Corp as a Zero Trust example architecture that it had deployed internally to great success. But that’s Google. They built the tools needed to accomplish their goals as they did not exist in a way that could work at their…

Supply Chain Hacks: Fallout from a nation-state-backed attack


By Jesse Wilson, CISSP, Sr. Security Engineer -- Two weeks have passed since the discovery of Sunburst (https://us-cert.cisa.gov/ncas/alerts/aa20-352a), an exploit so vast it likely will become the biggest breach in history – at least to date. Government agencies and private businesses alike are scrambling to detect indicators of compromise (IOCs), install patches and implement damage…

Read More

Secure Critical Infrastructure Demands Proactive Measures


Electricity Infrastructure with Cityscape

By Collin Miller, Director of Cloud Security -- Given the emergency brought on by rapid spread of COVID-19, many businesses have been shut down or are transitioning to telework to comply with public health measures. However, for the group of organizations that make up our critical infrastructure, shutting down is not an option.  Critical infrastructure…

Read More

Back to Basics – Inventory Documentation and Network Visibility


Calm Worker in Clouds

By Brad Pierce, Structured Managing Director of Security, CISSP/CISA/PCIP -- One of the first things you must do as a network or systems administrator is document. Oh, Documentation! The bane of IT professionals everywhere. In our harried work lives, it is a tedious, time-consuming process. Most people prefer to avoid documentation. But, when it is…

Read More

Supply Chain Hacking 101


An educational piece about the supply chain attack By Jesse Wilson, CISSP, @CyberWarior1775 To start, let’s talk about what the supply chain is in relation to Information Technology. In this case, the supply chain refers to the coordination of order generation; order processing; order fulfillment via the distribution of products, services and/or information; manufacturing; and…

Read More