Blog posts by John Tolbert

The ongoing SolarWinds incident illustrates that the much-lauded Zero Trust security paradigm is, in fact, based on trust. Zero Trust is about authenticating and authorizing every action within a computing environment. It is putting the principle of least privilege into action. In an ideal implementation of Zero Trust, users authenticate with the proper identity and authentication assurance levels to get access to local devices, on-premises applications and data, and cloud-hosted resources. Access requests are evaluated against access control policies at runtime. In order for Zero Trust...

Many if not most organizations have moved to a risk management model for cybersecurity and identity management. Priorities have shifted in two major ways over the last decade: decreasing attack surface sizes focusing on detection and response technologies instead of prevention only Reducing attack surfaces inarguably improves security posture. Achieving the objective of reducing attack surfaces involves many activities: secure coding practices, vulnerability scanning and management, consolidation of functions into fewer products and services, access reconciliation, user...

Ivanti has completed its acquisition of MobileIron and Pulse Secure. Ivanti, headquartered in Salt Lake City, had its roots in desktop management (LANDESK), evolved into endpoint and patch management, and had added full IT asset, service, and workspace management, as well as IAM capabilities. Though headquartered in North America, Ivanti had already become a global IT solutions provider. Pulse Secure, a strong secure access vendor, was spun-out from Juniper Networks in 2014. MobileIron was dedicated to mobile device management, mobile security, and authentication since it was...

NIST, the US National Institute for Standards and Technology, recently released SP 800-207 Zero Trust Architecture . The NIST special publication examines the principles of and motivations for ZTA, as well as implementation considerations, security concerns, and suggestions for improvements to architecture. NIST SPs are authored primarily for consumption by other US government agencies. In practice, however, their documents often become de facto standards and guidelines used more broadly in industry. In this post I’ll review the strengths of the SP and identify areas for...

MITRE recently published the detailed results of their second round of tests. This test pitted APT29 malware and methods against 21 cybersecurity vendors . The MITRE testing is an excellent benchmark for comprehensively exercising Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) tools in real-world scenarios where organizations find themselves under attack by Advanced Persistent Threats (APTs). MITRE describes the environments, methodology, and operation flow of their testing regime in great detail here . The raw results are available for review, and they have...

Matthias Reinwarth and John Tolbert explain the meaning behind the term and talk about various factors that help identify fraudulent transactions in different industries.

Matthias Reinwarth and John Tolbert are talking about the challenges of data protection in modern times.

Today, Lead Analyst John Tolbert gives his five work from home cybersecurity recommendations for enterprises.

As the business world moves to rapidly enable work-from-home (WFH), enterprise IT teams need to shift resources and priorities to ensure that remote workers are protected. Already we see malicious actors adapting and targeting remote workers more. My colleague Alexei Balaganski published a list of recommendations for small businesses . The Situation CheckPoint reports 4,000 domains related to coronavirus have been registered since January 2020, of which 3% are malicious and 5% are suspicious. Phishing attacks are increasing, which aim to capture remote workers credentials....

Security researchers are discovering a number of malicious attacks designed to exploit public fears around COVID-19, more commonly just called coronavirus. The attacks to date take two major forms: a map which looks legitimate but downloads #malware, and various document attachments that purport to provide health and safety information related to COVID-19. The coronavirus heat map may look legitimate, in that it takes information from Johns Hopkins University’s page , which is itself clean . However, nefarious actors have created a package for sale on the dark web called...