Executive Order 14028 (Improving the Nation’s Cybersecurity) established new requirements to secure the federal government’s software supply chain. The requirements involved systematic reviews, process improvements, and security standards for both software suppliers and developers, in addition to customers who acquire software for the federal government. The software supply chain is only truly secure when all entities throughout t...

Zero Trust remains one of the main topics in the cybersecurity industry. But what is Zero Trust really about? The broad theme of Zero Trust is about reducing implicit trust throughout the enterprise. The goal is to take an organization from an old non-defensible architecture based on compliance, controls, and a static protection oriented mindset, to a defensible security architecture based on continuous dynamic threat informed defense, and ris...

Zero Trust Network Access (ZTNA) has transformed cybersecurity in recent years, allowing governments to provide access to vital applications from the office, home, field or anywhere else. But ZTNA is not enough. In today’s ongoing perimeter-less environment, state and local agencies must do more to ensure network security, safeguard government data and protect sensitive constituent information. ZTNA 2.0 is the next generation of access m...

During the past decade, increasing numbers of organizations have transformed their applications to be cloud native, building workloads based on multicloud architecture. Connecting and securing these cloud workloads has not been effective for many reasons and today, there are many benefits to a converged workload communication architecture that unifies security and operations. SANS tested the new Zscaler Zero Trust platform for cloud workloads,...

Zero trust is a cybersecurity concept, and implementation architecture, that emphasizes the need for strict verification of all devices, users, and networks before granting access to sensitive data and systems. Security teams love the idea of zero trust, but what goes behind implementing and successfully maintaining zero trust architecture? During this event, we'll bring together experts and industry leaders to discuss the latest developments...

The castle model is dead, it's time to move on. Protecting our corporations primarily from the outside looking in is a naive and inefficient approach. Prevention is great, but inevitably the defenses will fail, and the attackers are on the inside. Threats attacking us from the inside are real, and we can neither avoid it nor can we "trust our employees". While it would be nice to trust employees, and we can trust most of them, we need to be vi...

As federal agencies and private organizations continue the push to Zero Trust deadlines, we’ve all got some some Trust issues to work on. The best thing to do is get it all out in the open and don’t let your relationship with your networks get toxic. Moving to Zero Trust requires a good foundation that your organization can build trust on. In this Webinar, experts from Corelight’s Public Sector team will discuss how security...

The physical boundaries of business have blurred. Many organizations now operate as virtual ecosystems with no borders. While this change has helped improve agency resiliency and workforce satisfaction, it upends the traditional security framework and increases risk across every other aspect of an organization. Utilizing a Zero-Trust framework can be an effective security strategy that doesn't compromise user experience or team productivity. A...

Adoption of remote access solutions continues to increase in parallel with internet growth. A rapidly escalating threat landscape in conjunction with Covid-19, skills shortages, increasing complexity, business automation, and need for data, are driving the demand for more robust, identity-based access management, data security, and secure remote access solutions. In this First Look webcast, Certified SANS Instructor Stephen Mathezer and Xage S...

Organizations are increasingly focused on implementing Zero Trust policies to limit exposure to cyberattacks, which is admirable best practice. But how can you verify that your policies and configurations are actually working as intended? In Episode 4 of his ongoing series on using packet forensics for cybersecurity, Jake Williams looks at why packet data is an indispensable resource for verifying Zero Trust implementations and troubleshooting...