Zero trust market is showing signs of maturity with RSA2022

Zero trusts needed a crucible to burn off hype and retain the essence of what all cybersecurity vendors offer, and the pandemic did. Akamai, Appgate, Cisco, CrowdStrike, Delinea, Ivanti, Palo Alto Networks, Zscaler, and many others have announced next-generation zero trust solutions or demonstrated their latest release at RSA2022.

Where the zero trust is mature

While much of the cybersecurity vendor community treats zero trusts as a set of product features rather than architectures and frameworks, this year’s RSA will mature the platform by allowing vendors to choose to solve more difficult problems. Prove that you are. CrowdStrike challenged to provide real-time telemetry data and long-term data archiving with Humio for Falcon and launched Asset Graph. This shows that vendors first understand that zero trusts are about architectures and frameworks. Real-time telemetry data is invaluable in building a zero trust architecture.

Cisco will introduce Cisco Security Cloud, Cisco Secure Access with Duo and Box, and their integrated Secure Access Service Edge (SASE) solution, Cisco + Secure Connect Now. This reflects the rapid maturity of zero trust vendors.

In addition, the partnership between Ericom and Cyber ​​Guards will provide zero trust network access (ZTNA) to midsize companies and SMBs, providing SASE to companies that most need ZTNA support but are most budget-constrained. increase.

Ericom’s ZT Edge SASE platform reflects how rapidly zero trust solutions are maturing in the midmarket and SMB. Many innovations in Remote Browser Isolation (RBI) extend to Web Application Isolation (WAI). This allows organizations to use the web to protect their data and apps, while allowing third-party unmanaged devices to allow their own device (BYOD) to access corporate apps. Based RBI-based technology is another proof.

ZTEdge Web Application Isolation (WAI) closes the air gap between public and private web apps and cloud apps in a secure, isolated cloud environment. Organizations can apply fine-grained app access and data usage policies. Ericom was able to do this without the contractor installing apps or browser extensions, changing the configuration of third-party devices, or using a special “corporate” browser.

John Kingervag created the Zero Trust while at Forrester and is currently Senior Vice President of Cybersecurity Strategy at ON2IT Cybersecurity. Interviews he conducted during RSA provide guardrails for getting zero trusts correctly.

“So the most important thing you need to know is what you need to protect. That’s why I often call people who say,” I bought Widget X. Where should I put it? ” .. So what are you protecting? “Well, I’m not thinking about it.” Well, you’ll fail, “Kingervag said in an interview.

Sign Avender Understands Zero Trust

Given the rapidly maturing landscape, it is easier to separate vendors who understand zero trusts. Vendors who have it recognize that their systems and solutions are part of an integrated zero trust architecture. Companies do not “buy” zero trusts. This is an architecture that is integrated into the unique workflow of a particular business.

During RSA, two standards have been released that provide vendors with the guardrails and guidance they need to serve their businesses. First, the National Institute of Standards and Technology (NIST) National Cyber ​​Security Center of Excellence (NCCoE) has published an implementation of the Zero Trust Architecture. NCCoE plans to release two additional guides in July and August.

Ericom Software’s Chief Strategy Officers Kindervag and Chase Cunningham were one of the industry leaders in drafting the President’s National Security and Communications Advisory Board (NSTAC) on Zero Trusts and Reliable Identity Management. The report defines a zero trust architecture as “an architecture that treats all users as potential threats and prevents access to data and resources until they are properly authenticated and granted access.”

The NSTAC Draft and new NCCoE guidelines for zero trust and identity management help companies plan zero trust toy initiatives while helping vendors break away from the chaotic expansion of features and provide streamlined and effective solutions. Useful for. The NTSAC documentation provides a five-step process briefly described by Kindervag in an interview at RSA.

Here are some key aspects that show that cyber security vendors understand zero trust solutions with a chaotic increase in value and minimal functionality:

• Support for multirole and multicloud in Identity Access Management (IAM). The RSA2022 watermark for zero trust maturity provides and implements IAM support for multiple roles, personas, and hybrid cloud configurations. IAM vendors, who are doubling the way they do this right, are adopting zero trusts across today’s enterprises as customers can use their solutions in more use cases. Zero trust vendors continue to innovate rapidly in this area, making them one of the best-protected secrets in RSA 2022. The CISO went to RSA and tried to understand how to control multi-cloud access such as AWS, Google Cloud Platform, Microsoft Azure. IAM platform. Organizations need a cloud-based multi-factor authentication (MFA) platform that can support multiple roles or personas at the same time. AWS Identity and Access Management, BeyondTrust, Ivanti, Microsoft, SailPoint, and more all support multirole IAM.

• Resilience increases with each release. One of Gartner’s key messages in the 2022-23 cybersecurity forecast is that businesses need to focus on building a resilient tech stack rather than trying to shut down the most common threats of the day. It means that there is. The cyber security vendors that offer the greatest value in zero trust solutions have a proven track record of providing resiliency to platforms and systems. For vendors mature in this area, Absolute Software has continuously improved a new set of partnerships announced for Absolute Resilience, Absolute Ransomware Response, and Absolute Application Persistence-as-a-Service (APaaS) during RSA. It is included. Utopic and WinMagic leverage Absolute’s firmware-embedded technology to monitor and automatically repair mission-critical security solutions across their customer base. Akamai, Cisco, Illumio, Ivanti, Palo Alto Networks, and Symantec Enterprise Cloud are zero trust vendors, and product releases over the last two years have each been designed with greater resiliency at the technology stack level. Reflects.

• Achieving scale through integration. The more enterprise software adopted, the greater the demand for broader integration. Every company’s technology stack is unique and integration options are a challenge. Another of RSA’s best-preserved secrets this year is how abundant it is in this area. This is a key indicator that zero trust vendors have the most active and diverse sales cycles. Prior to RSA, Absolute Software announced that it had partnered with BlackBerry to enable shared customers to use the Absolute Application Persistence feature to enhance CylancePROTECT, reflecting how each one achieves a larger scale through integration. doing. This partnership aims to enable Absolute Resilience co-customers to extend self-healing endpoint device connections embedded in Absolute firmware to BlackBerry’s Endpoint Protection Platform (EPP). Box also announced more complete integration with Cisco, Relativity, Theta Lake and Splunk. RSA also introduces new security extensions to the core platform to help administrators and security teams protect the flow of content inside and outside the organization and across multiple devices.

The maturity of the zero trust sector is increasing

RSA has also advanced from Marketing Blitz in 2020 to the power of vendors who understand the Zero Trust in 2022 and contribute to customer cybersecurity and risk management. A key part of the show was the reduction in the number of vendors, the reduction of chaotic growth in features, and the focus on solving complex security challenges. As Kindervag hinted at an RSA interview, companies are overcoming the inertia of implementing zero trusts.

“What we did was understand how to break down a very complex issue called cybersecurity into very small pieces called protection helmets, and as one of my friends said. “We discussed for longer than the time it took to build the first zero trust environment we built.” So stop discussing it and do it, “he said. ..