zero-trust model Tag

The ultimate end state of software-defined network security is what we at Nemertes Research call deep segmentation. The term refers to the ability to finely control what entities can see, who they communicate with and how they do this, end to end across the enterprise network. With...

Trust No One At least, not implicitly. And when we say "no one" we mean "nothing and no one" -- entities in your meshwork of IT services are more often software or hardware entities than they are humans, after all. Extending no implicit trust to an entity...

The past few weeks have seen a spate of infrastructure-related cybersecurity vulnerabilities. On March 8th,  Apache released a critical vulnerability alert (CVE) regarding a significant vulnerability in its Struts 2.0 opensource enterprise Java framework, which is widely used in enterprise deployments.  The vulnerability permits remote code execution (RCE) in the framework; recommended mitigation strategies include upgrading the framework or changing implementations.