Security professionals have started looking at the entire environment as potentially untrusted or compromised versus thinking in terms of “outside-in” attack vectors.

 Increasingly, the most damaging attack scenarios are almost entirely internal due to advanced malware and phishing exercises that compromise end-users. Remote working as a result of COVID-19 is a major proof point.

We need to better understand application behavior at the endpoint—looking much closer at what types of communication-approved applications really should be transmitting in the first place.

Similarly, organizations also need a renewed focus on trust relationships, and user-to-system and system-to-system relationships in general, within all parts of their environment. Most of the communications seen in enterprise networks today are either wholly unnecessary or not relevant to the systems or applications needed for business.

Creating a more restricted model around these communications altogether may significantly improve both security and IT operations, but many traditional controls are not capable of accomplishing them. Is a ‘Zero Trust’ model the answer? Is it practical?

Get your answers here.