A

You're listening to the Cyberwire Network, powered by N2K. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave, and with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce Zero Trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.

B

The word is ztna, Spelled Z for zero, T for trust, N for network, and A for access, A technology set designed to support the cybersecurity First Principle strategy of Zero Trust that limits device people and software component access to only designated authorized resources and nothing more. Example sentence the Zero Trust Network Access solution prevented the attacker from moving laterally within the network. Origin and context in the early 2000s, the US military started experimenting with the idea of deperimeterization under the project name the Jericho Forum. The concept was to move away from the old perimeter defense model to decouple the identification and authorization functions away from the workload. In other words, you don't connect to the sensitive workload and then try to log in. Instead, you connect to a separate system that verifies your identity and validates that you are authorized to connect to the sensitive workload. If you are, then the system establishes the connection to just that workload and nothing else. The Jericho forum captured some of the first ideas about what would eventually be known as the cybersecurity First Principle Zero Trust strategy. But they never built it. The man who gets the credit for the name Zero Trust and the initial concepts in the model is John Kinderbog. In 2010, while working for Forrester, he published a research report entitled no More Chewy Centers Introducing the Zero Trust Model of Information Security, which outlined a security model that assumes that all network traffic is untrusted and must be verified before access is granted. The same year that Kinderwog published his paper, Google got hit by a massive Chinese cyber espionage attack called Operation Aurora. The hackers unit 61398 of the People's Liberation Army. APT1, as it would become to be known later, targeted 34 major companies, including Google, Microsoft and Juniper, with three goals. Number one, accessing the Gmail accounts of Chinese human rights activists two spying on the Google's internal legal discovery portal, the portal that managed law enforcement requests for information pertaining to ongoing investigations and finally, number three, stealing the source code and signing certificates of those 34 companies. In response to the Aurora attack, Google's site reliability engineers redesigned their internal security architecture from the ground up, using the concepts of deperimeterization and the Zero Trust philosophy. This might be the first publicly acknowledged deployment of ZTNA technologies. A few years later, Google released a commercial product called BeyondCore that incorporated many of the ideas they developed internally. ZTNA technologies involve verifying the identity of each user, device and software component, attempting to access a resource, and then enforcing policies that determine what level of access each should have based on factors such as role, location, device status, and behavior. Nerd Reference John Kinderwog, the father of the original zero trust idea, spoke at the Create the Future conference in 2022

C

so there's a lot of myths about zero trust. The first one is zero trust means making a system trusted. How much trust should there be in a Zero Trust system? I tried to make it as explicit as as I could. 0 We're trying to get rid of trust, not make system trusted. Zero Trust is also not about identity. It consumes identity, but it isn't equal to identity. I can prove that with two words Snowden, Manning. They were trusted users. They had all the right identity and mfa, but nobody look at their packets post authentication. And then there are Zero Trust products. That is not true. There are products that work well in Zero Trust environments, but Zero Trust is a strategy designed to stop data breaches and make other cybersecurity attacks unsuccessful. It's a strategy that uses products.

B

Word Notes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrick and me, Rick Howard. The mixed sound design and original music have all been crafted by the ridiculously talented Elliot Peltzman. Thanks for listening. Foreign.

A

When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com.