Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Tripwire Experts Offer Point of View on Zero Trust at EO’s 6-Month Milestone
  • Critical Vulnerability
  • Cyber Attacks

Tripwire Experts Offer Point of View on Zero Trust at EO’s 6-Month Milestone

4 years ago Maurice Uenuma
Tripwire Experts Offer Point of View on Zero Trust at EO’s 6-Month Milestone

When the Biden Administration released its Cybersecurity Executive Order in May 2021, it was clear that Zero Trust would be a central component of the government’s security approach moving forward. Agencies and their partners scrambled to assess their existing Zero Trust investments and the gaps that would need to be filled in order to quickly ramp up implementation. Six months later, after hearing from customers and integrators about the challenges they face, Tripwire experts have published a whitepaper offering their point of view about what they believe federal practitioners must consider as they move forward on Zero Trust implementation. 

In the whitepaper, our team discussed how agencies that implement a Zero Trust Architecture (ZTA) without implementing controls to establish and maintain system integrity across all critical systems will not achieve true Zero Trust.

“All zero trust architectures must align to a known, trusted state, and stay that way,” says Tim Erlin, VP of Strategy for Tripwire. “In federal security circles, there is a lot of conversation now about how to authenticate successfully, how to determine the trustworthiness of a request or determining whether the request is coming from an individual or a device, but how you maintain the trustworthiness of the systems involved in a zero trust architecture itself doesn’t seem to be a big topic of discussion.”

In a recent podcast, I explained further:

…in order to trust a particular device that is connecting into a given system for a particular session, in addition to property credentialing itself, the secure state of that device is also a very important factor. It may properly authenticate in as a device that has some degree of trust by virtue of it being an enterprise-maintained, enterprise-issued device. But, do we know that that particular system is actually in a hardened state? Do we know that actions have not been taken on that device, i.e. changes made that would take that system either out of compliance with that desired standard or introduce some new risk or indication of compromise that we would want to know about?

This is where “integrity” as an operating principle really becomes the key to the long-term success of any Zero Trust implementation. In the whitepaper, Tripwire experts define integrity as the ability to ensure a known good state, expanding beyond the management of file (FIM) and configuration (SCM) changes. Integrity monitoring takes on a bigger role when applied throughout an environment to other critical systems.

“We need to take a step back and understand integrity monitoring or ‘integrity management’ as maintaining a known good state, which implies a lot of other capabilities in addition to FIM,” said Erlin.

Unfortunately, this concept is not broadly understood. A recent survey of security practitioners suggest that awareness of integrity as the foundation of Zero Trust is lacking. When asked the question of how important integrity monitoring is to a successful Zero Trust strategy, only 50% of the respondents said it’s foundational, 43% said that it’s somewhat important, and the rest said that it’s not that important, essentially.

Fundamentally, Zero Trust is about the continuous revalidation of trustworthiness. Understanding what a “trusted state” is, being able to measure that trusted state and monitor it for changes, is really a capability that has to be foundational to a successful ZTA.

The whitepaper concludes with the suggestion that if we’re building ZTAs without adequately accounting for something that’s foundational to success, the effectiveness of Zero Trust itself will erode over time – and fail to achieve the long term goals outlined in the Executive Order.

Do you consider integrity the foundation of your current Zero Trust strategy? Learn more by downloading the whitepaper Building the Foundation of Zero Trust for Long Term Success and/or listening to the podcast No Integrity. No Trust. The Foundation of Zero Trust Architecture.

The post ” Tripwire Experts Offer Point of View on Zero Trust at EO’s 6-Month Milestone” appeared first on TripWire

Source:TripWire – Maurice Uenuma

Tags: Critical Severity, Goverment, TripWire

Continue Reading

Previous GoDaddy’s Latest Breach Affects 1.2M Customers
Next Secure Your Configurations with Tripwire’s Configuration Manager

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

21 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

22 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

24 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

1 day ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT