Tuesday, June 25, 2024

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented the Zero Trust security model. 

It calculates how fully a company has adopted Zero Trust’s foundational concepts, such as stringent authentication of each user, device, and application.

Recently, the NSA released guidance on Zero Trust Maturity to secure the application from attackers.

Guidance On Zero Trust Maturity

The NSA released a Cybersecurity Information Sheet on advancing Zero Trust maturity for the application and workload pillar. 

It provides recommendations for progressively achieving “never trust, always verify” capabilities, such as securing applications from unauthorized access and continuously monitoring workloads, under a comprehensive Zero Trust framework. 

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

The goal is to continually mature cybersecurity protections, responses, and operations over time through Zero Trust implementation efforts.

NSA’s Dave Luber stated:-

“This guidance disrupts malicious cyber activity by applying granular access control and visibility to applications and workloads in modern networks. Implementing Zero Trust better secures sensitive data, apps, assets, and services.” 

The CSI notes applications are programs and services executing on-prem or in cloud, while workloads are standalone solutions or coupled processing components performing mission functions, the two are mutually dependent under Zero Trust.

Application security prevents exceptions to an app or system’s security policies.

The application/workload Zero Trust pillar secures access at the application layer by integrating user, device, network, and environment capabilities to prevent unauthorized access or tampering with critical processes/services. 

In advanced ZT, users strongly authenticate to apps and networks, while apps have reduced attack surfaces and least privilege controls.

Workloads dynamically segregate components with granular access rules between them. 

Key capabilities include application inventory, secure development/integration, software risk management, resource authorization/integration, and continuous monitoring/authorizations. 

This enhances visibility, reduces risks, and mitigates application threats under Zero Trust.

Application and workload pillar maturity (Source - Defense.gov)
Application and workload pillar maturity (Source – Defense.gov)

The National Security Agency (NSA) has been actively helping the Department of Defense (DoD) agencies pilot and implement the Zero Trust architectures on their networks.

At the same time, the agency is also developing detailed guidelines for incorporating fundamental Zero Trust principles and models into company-wide system designs.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

Website

Latest articles

Hackers Exploit Multiple WordPress Plugins to Hack Websites & Create Rogue Admin Accounts

Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins. The initial...

Hackers Attacking Windows IIS Server to Upload Web Shells

Windows IIS Servers often host critical web applications and services that provide a gateway...

WikiLeaks Founder Julian Assange Released in Stunning Deal with U.S.

WikiLeaks founder Julian Assange has been released from prison after reaching a deal with...

Four Members of FIN9 Hackers Charged for Attacking U.S. Companies

Four Vietnamese nationals have been charged for their involvement in a series of computer...

BREAKING: NHS England’s Synnovis Hit by Massive Cyber Attack

In a shocking development, the NHS has revealed that it was the victim of...

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles