Zero Trust Tag

The ultimate end state of software-defined network security is what we at Nemertes Research call deep segmentation. The term refers to the ability to finely control what entities can see, who they communicate with and how they do this, end to end across the enterprise network. With...

Trust No One At least, not implicitly. And when we say "no one" we mean "nothing and no one" -- entities in your meshwork of IT services are more often software or hardware entities than they are humans, after all. Extending no implicit trust to an entity...

The destruction of hard perimeters, the rise of remote work and mobility, and increasingly hybridized infrastructures push identity to the center of enterprise security. Join us as we discuss identity-centric security in a multicloud environment, and concrete steps you can take towards that goal....

In the wake of out most recent round of cloud and cybersecurity research, I've been thinking about the slow evolution of application security and the evocative, if misleading, concept of "zero trust." Trust and Application Security, v. 1.0 I am (to my occasional astonishment) old enough to...

We spend a lot of time at Nemertes nailing down the metrics that define "success" for a particular initiative. To be useful, a success metric must be: Quantitative. If you can't measure it in numbers, it doesn't serve to measure progress. And if it's not something...

Shifting to a zero-trust model is imperative if your goal as a cybersecurity professional is to get away from the perimeter-based model. But: • What are the components of zero trust, and what does it take to implement them? • What should you do first, second, and...

Should you be worried about the Chinese Supermicro spy chip revelations? In a nutshell, yes. If you're among the organizations using Supermicro server boards: Run, do not walk, to your server rooms and examine the boards in minute detail. And regardless of what server hardware you use,...