Blog posts by John Tolbert

Blog

The Non-Zero Elements of Zero Trust

The ongoing SolarWinds incident illustrates that the much-lauded Zero Trust security paradigm is, in fact, based on trust. Zero Trust is about authenticating and authorizing every action within a computing environment. It is putting the principle of least privilege into action. In an ideal implementation of Zero Trust, users authenticate with the proper identity and authentication assurance levels to get access to local devices, on-premises applications and data, and cloud-hosted resources. Access requests are evaluated against access control policies at runtime. In order for Zero Trust...

Blog

Attack Surface Reduction and XDR

Many if not most organizations have moved to a risk management model for cybersecurity and identity management. Priorities have shifted in two major ways over the last decade: decreasing attack surface sizes focusing on detection and response technologies instead of prevention only Reducing attack surfaces inarguably improves security posture. Achieving the objective of reducing attack surfaces involves many activities: secure coding practices, vulnerability scanning and management, consolidation of functions into fewer products and services, access reconciliation, user...

Blog

Ivanti’s Zero Trust Journey

Ivanti has completed its acquisition of MobileIron and Pulse Secure. Ivanti, headquartered in Salt Lake City, had its roots in desktop management (LANDESK), evolved into endpoint and patch management, and had added full IT asset, service, and workspace management, as well as IAM capabilities. Though headquartered in North America, Ivanti had already become a global IT solutions provider. Pulse Secure, a strong secure access vendor, was spun-out from Juniper Networks in 2014. MobileIron was dedicated to mobile device management, mobile security, and authentication since it was...

Blog

A Look at NIST’s Zero Trust Architecture

NIST, the US National Institute for Standards and Technology, recently released SP 800-207 Zero Trust Architecture . The NIST special publication examines the principles of and motivations for ZTA, as well as implementation considerations, security concerns, and suggestions for improvements to architecture. NIST SPs are authored primarily for consumption by other US government agencies. In practice, however, their documents often become de facto standards and guidelines used more broadly in industry. In this post I’ll review the strengths of the SP and identify areas for...

Blog

What Some Vendors Missed in MITRE ATT&CK Round Two and How to Fix the Gaps

MITRE recently published the detailed results of their second round of tests. This test pitted APT29 malware and methods against 21 cybersecurity vendors . The MITRE testing is an excellent benchmark for comprehensively exercising Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) tools in real-world scenarios where organizations find themselves under attack by Advanced Persistent Threats (APTs). MITRE describes the environments, methodology, and operation flow of their testing regime in great detail here . The raw results are available for review, and they have...

Blog

Top 5 Work from Home Cybersecurity Recommendations for Enterprises

As the business world moves to rapidly enable work-from-home (WFH), enterprise IT teams need to shift resources and priorities to ensure that remote workers are protected. Already we see malicious actors adapting and targeting remote workers more. My colleague Alexei Balaganski published a list of recommendations for small businesses . The Situation CheckPoint reports 4,000 domains related to coronavirus have been registered since January 2020, of which 3% are malicious and 5% are suspicious. Phishing attacks are increasing, which aim to capture remote workers credentials....

Blog

Malicious Actors Exploiting Coronavirus Fears

Security researchers are discovering a number of malicious attacks designed to exploit public fears around COVID-19, more commonly just called coronavirus. The attacks to date take two major forms: a map which looks legitimate but downloads #malware, and various document attachments that purport to provide health and safety information related to COVID-19. The coronavirus heat map may look legitimate, in that it takes information from Johns Hopkins University’s page , which is itself clean . However, nefarious actors have created a package for sale on the dark web called...


KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Stay Connected

KuppingerCole on social media

Subscribe to our Podcasts

KuppingerCole Podcasts - listen anywhere


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00