Tag Archive for: Zero Trust Security

RedSeal Named “Zero Trust Network Access Solution of the Year” in 2024 CyberSecurity Breakthrough Awards Program

/by

Prestigious Annual Awards Program Recognizes Outstanding Information Security Products and Companies Around the World

LOS ANGELES, Oct. 10, 2024 (GLOBE NEWSWIRE) — CyberSecurity Breakthrough, a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information security market, today announced that RedSeal, a pioneer in network exposure management, has been selected as winner of the “Zero Trust Network Access Solution of the Year” award in the 8th annual CyberSecurity Breakthrough Awards program.

RedSeal’s breakthrough network exposure management platform identifies assets in a hybrid network that are vulnerable to risks and delivers contextual information to mitigate those risks. RedSeal identifies how adversaries can access a network and also uniquely shows lateral movement and risks within that network.

RedSeal addresses network complexity due to the advent of distributed, hybrid, and cloud environments by enabling network micro-segmentation to limit the blast radius of attacks, and fencing in threat actors to prevent them from reaching high-value data and assets. RedSeal manages segmentation at the application layer in hybrid environments, ensuring continuous compliance with configuration settings as required by federal guidelines.

RedSeal also consolidates all necessary information into a single platform, providing a holistic view of attack surfaces and a common language across platforms – enabling teams to quickly identify exposed apps and investigate misconfigurations all while bridging skills gaps.

RedSeal’s continuous monitoring ensures zero trust segmentation policies remain effective, alerting organizations to any policy slips and enabling immediate corrective action without consulting siloed teams. Aligned with the guidelines from NIST and the OMB, RedSeal enables a solid foundation for all organizations.

“Through our years of partnerships with federal agencies and F100 companies, we have worked diligently to enhance cybersecurity and have played a role in evolving Zero Trust guidelines and requirements. A zero trust approach demands continuous identification of who and what can access sensitive IT assets. We excel in creating a dynamic network model to support this need,” said Greg Enriquez, CEO of RedSeal. “This award from CyberSecurity Breakthrough reinforces our commitment to delivering best-in-class cybersecurity solutions. We’ll continue to deliver these types of solutions to ensure our clients stay ahead of cyber adversaries and thwart potential attacks.”

The mission of the CyberSecurity Breakthrough Awards is to honor excellence and recognize the innovation, hard work and success in a range of information security categories, including Cloud Security, Threat Intelligence, Risk Management, Fraud Prevention, Mobile Security, Application Security, Identity Management and many more. This year’s program attracted thousands of nominations from over 20 different countries throughout the world.

“RedSeal is unique in its ability to provide a single source of truth amid increasing hybrid network complexity, persistent skills challenges, and evolving threats. As bad actors use sophisticated methods, zero trust focuses on securing data. Today’s cyber threats are relentless, making it imperative for enterprises to have a comprehensive understanding of all attack paths,” said Steve Johansson, managing director, CyberSecurity Breakthrough. “RedSeal helps organizations confidently implement a zero trust framework by delivering comprehensive visibility, control, and continuous compliance across hybrid environments. It’s our pleasure to award RedSeal with ‘Zero Trust Network Access Solution of the Year.’”

About CyberSecurity Breakthrough
Part of Tech Breakthrough, a leading market intelligence and recognition platform for global technology innovation and leadership, the CyberSecurity Breakthrough Awards program is devoted to honoring excellence in information security and cybersecurity technology companies, products and people. The CyberSecurity Breakthrough Awards provide a platform for public recognition around the achievements of breakthrough information security companies and products in categories including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Web and Email Security, UTM, Firewall and more. For more information visit CyberSecurityBreakthrough.com.

Tech Breakthrough LLC does not endorse any vendor, product or service depicted in our recognition programs, and does not advise technology users to select only those vendors with award designations. Tech Breakthrough LLC recognition consists of the opinions of the Tech Breakthrough LLC organization and should not be construed as statements of fact. Tech Breakthrough LLC disclaims all warranties, expressed or implied, with respect to this recognition program, including any warranties of merchantability or fitness for a particular purpose.

About RedSeal
RedSeal, a pioneer in cybersecurity and network exposure management, delivers proactive, actionable insights to close defensive gaps across hybrid environments. RedSeal continually discovers all resources, connections, and exposures, creating a single, comprehensive model—a network digital twin. This enables unparalleled analysis and simplified protection of the entire cyber terrain. Trusted by hundreds of Fortune 1000 companies and more than 75 government agencies, including five branches of the U.S. military, RedSeal improves operational efficiency, boosts staff productivity, and reduces business risk. Visit www.redseal.net to learn more.

Zero Trust: Shift Back to Need to Know

/by

Cyberattacks on government agencies are unrelenting. Attacks on government, military, and contractors rose by more than 47% in 2021 and can continue to climb. Today’s cybercriminals, threat actors, and state-sponsored hackers have become more sophisticated and continue to target government data and resources.

The recent Executive Order on Improving the Nation’s Cybersecurity directs federal agencies to take decisive action and work with the private sector to improve cybersecurity. The EO puts it bluntly:

“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.”

The Office of Management and Budget (OMB) also issued a memorandum for agencies to improve investigative and remediation capabilities, including:

  • Centralizing access and visibility
  • More defined logging, log retention, and log management
  • Increased information sharing
  • Accelerate incident response efforts
  • More effective defense of information

In light of continued cyber-attacks, the EO requires bold and significant investments to protect and secure systems and data. This represents a cultural shift from a somewhat relaxed security environment created over time as legacy systems continued to grow and migrate legacy systems to cloud resources.

Security concerns only grew with the rapid shift to remote work. Agencies had to scramble to redefine infrastructure to accommodate remote workers, which significantly increased the attack surface.

For governmental agencies, hardening security requires a return to “need to know” using zero trust security protocols.

Zero Trust Security: What Is It?

Zero trust is a security framework that requires authentication and authorization for all users on the network. Traditionally, networks have focused on security at the edge, managing access points. However, once someone penetrated the security framework, threat actors were able to access additional network resources. As a result, many attackers were able to escalate privileges and escalate the damage they caused.

Zero trust requires users to be re-authorized at every connection to prevent unauthorized and lateral movement for users on the network. This prevents access to resources except for those with a need to know and need to access.

Current Cloud Security Measures Can Fall Short

The rising adoption of cloud services has changed the makeup of most agency infrastructures. Currently, lax cloud security measures can expose organizations to risk and harm and incremental improvements are not keeping pace.

Factors that leave openings for threat actors include:

  • Gaps in information technology (IT) expertise and challenges in hiring
  • Problems with cloud migration
  • Unsecured application programming interfaces (APIs)
  • Vulnerabilities in third-party providers
  • The complexity of security in multi-cloud and hybrid cloud environments

Zero trust is an important weapon in the battle against cyber threats, yet there has not been universal adoption. The recent Cost of a Data Breach report from the Ponemon Institute reports that only 35% of organizations employ a zero-trust framework as part of the cybersecurity protocols. This leaves agencies and businesses open for attacks.

Besides protecting networks and data, there’s also a significant financial benefit for deploying zero trust. While breaches can still occur even when zero trust is in place, the average cost to mitigate breaches for organizations with a secure zero trust framework was $1.76 million less than those without zero trust deployment.

Zero Trust and the Return to Need to Know

Intelligence agencies have employed the practice of “need to know” for years. Sensitive and confidential data is restricted to only those that have a specific need for access. In cybersecurity, zero trust includes the concept of least privilege, which only allows users access to the information and resources they need to do their job.

Contrast the zero trust with the practice of edge security which is in wide use today. Edge security is like putting a security perimeter around the outside of your home or building. Once inside the perimeter, visitors are free to move from room to room. The principle of least privilege only gives them access to the rooms—and things within each room—if they have a need to know.

With zero trust in place, visitors won’t even be able to see the room unless they are authorized for access.

Building a Zero Trust Architecture

Building a zero-trust architecture requires an understanding of your infrastructure, applications, and users. By mapping your network, you can see how devices and applications connect and pathways where security is needed to prevent unauthorized access.

A zero-trust approach requires organizations to:

  • Verify and authenticate every interaction, including user identity, location, device integrity, workload, and data classification
  • Use the principle of least privilege using just-in-time and just-enough-access (JIT/JEA) with adaptive risk policies
  • Remove implicit trust when devices or applications talk to each other along with instituting robust device access control
  • Assume breach and employ micro-segmentation to prevent lateral movement on a need-to-know basis.
  • Implement proactive threat prevention, detection, and mitigation

Mitigating Insider Threats

Zero trust also helps mitigates threats from insiders by restricting access to non-authorized resources and logging activity within the network.

When we think about data breaches, we generally think about threat actors from outside our network, but there’s also a significant threat from insiders. The 2021 Data Breach Investigations Report (DBIR) from Verizon suggests that as many as 22% of all data breaches occur from insiders.

According to the Government Accounting Office (GAO), risks to IT systems are increasing, including insider threats from witting and unwitting employees.

Managing Complex Network Environments

As organizations have grown, network environments have become incredibly complex. You need a deep understanding of all of the appliances, applications, devices, public cloud, private cloud, multi-cloud, and on-premises resources and how they are connected.

RedSeal automatically maps your infrastructure and provides a comprehensive, dynamic visualization. With RedSeal, you can identify any exposed resources in the cloud, visualize access across your network, demonstrate network compliance and configuration standards, and prioritize vulnerability for mitigation.

For more information about implementing zero trust for your organization, download the complimentary RedSeal Guide: Tips for Implementing Zero Trust. Learn about the challenges and get insights from the security professionals at RedSeal.