< ciso
brief />
Tag Banner

All news with #zero trust tag

192 articles

Enterprises favor convenience, increasing lateral movement risk

🔒 Zero Networks’ 2026 report, analyzing 54 trillion activities across 312 enterprise environments, finds that most internal servers remain broadly reachable and rely on legacy protocols. The study highlights that >80% of servers are accessible from anywhere inside networks, with 87% accepting RDP/SSH and 78% reachable via SMB/WinRM, while 43% still use NTLM. Experts warn this widespread internal connectivity enables easy lateral movement for attackers and call for segmentation, identity controls, and containment strategies.
read more →

Fortinet Unified SASE: Architecture Built for AI Era

🔒 Fortinet outlines why unified SASE must be genuinely integrated rather than assembled from disparate products. The company highlights AI-driven security, autonomous operations, and digital experience convergence as core innovations within its FortiOS-based platform. Fortinet emphasizes hardware acceleration with FortiASIC, sovereign deployment options, and consistent policy enforcement across cloud, edge, and on-premises environments. Customer recognitions and analyst placements are cited as validation of the platform’s maturity.
read more →

Cloudflare joins UK cyber resilience pledge

🔐 Cloudflare announced it has joined the UK government's Cyber Resilience Pledge as a founding signatory, aligning with the pledge’s pillars of democratized security, leadership accountability, and radical transparency. The post highlights rising cyber threats — including massive DDoS volumes and AI-driven attack vectors — and describes how Cloudflare's global network, zero trust controls, and free protections support resilience across the UK economy. Cloudflare emphasizes supply-chain assurance, board-level governance, and international certifications to meet the pledge's aims.
read more →

Agentic AI Exposes Zero Trust Blind Spots

🤖 Stephen Wilson of HashiCorp describes agentic AI as “really smart kindergartners” — capable of execution but lacking judgment. This mismatch strains traditional zero trust models that authenticate humans and grant privileges gradually, because agents can be created and destroyed rapidly. Organizations often respond by lowering controls, risking incidents such as accidental deletion of production data. Wilson argues this will force necessary long-term improvements like zero standing privilege and dynamic credentials while keeping humans "on the loop."
read more →

IAM Identity Center: Customer Managed App Account Access

🔐 IAM Identity Center now lets customer managed applications programmatically discover user-assigned AWS accounts and roles and retrieve temporary credentials for account access. If your application authenticates users via an external identity provider (IdP), you can configure that IdP as a trusted token issuer and enable AWS account access so users who already signed in through the IdP can obtain credentials without re-authenticating. Administrators must explicitly enable this for each customer managed application, and only management account or delegated administrators can grant the capability, ensuring centralized governance. The feature is available across all commercial, GovCloud (US), and China Regions.
read more →

Practical Zero Trust Plan for OT: 90‑Day Roadmap

🔒 The article reframes zero trust for operational technology (OT) by focusing on practical, non‑disruptive steps that align with regulatory requirements and operational realities. It proposes a 90‑day plan: Days 1–30 prioritize mapping assets and identities at IT/OT boundaries; Days 31–60 contain vendor remote access to gain early wins; Days 61–90 build a simple maturity scorecard and narrative. The approach emphasizes targeted controls, governance alignment, and measurable progress rather than abstract architectures.
read more →

CISA guidance steers agencies from TIC 2.0 to SASE

🔒 CISA has issued guidance to help federal agencies transition from perimeter-based Trusted Internet Connections (TIC) 2.0 to a more flexible TIC 3.0 using Secure Access Service Edge (SASE) technology. The guidance explains how SASE can replace legacy Managed Trusted Internet Protocol Services (MTIPS) and combines networking and security functions such as SD-WAN, secure web gateways, CASBs, next-gen firewalls and ZTNA. It is vendor-agnostic and emphasizes architecture and visibility requirements rather than specific products.
read more →

Restrict AWS Console Access Using Sign-In Policies

🔒 This post explains how AWS Sign-In now supports resource-based policies and resource control policies (RCPs) to restrict AWS Management Console and AWS CLI sign-in to expected networks such as corporate IP ranges, on-premises data center networks, and Amazon VPCs. It walks through a financial services use case that enforces console sign-in from a corporate network, shows how to create and enable a sign-in resource permission statement, and describes verification via AWS CloudTrail. The article also contrasts single-account resource-based policies with organization-wide RCPs and explains integration with AWS Management Console Private Access and the broader data perimeter framework.
read more →

Reframing Trust: A CISO’s Risk-Tiering Model

🔍 Security awareness training that taught employees to spot obvious phishing cues is no longer sufficient. AI-generated attacks and legitimate-looking infrastructure have erased the surface signals users were trained to rely on, making sustained human vigilance unrealistic. The article argues for applying Daniel Kahneman’s fast/slow thinking at the organizational level to map and re-tier processes, keeping fast lanes where justified and revoking them where risk has changed.
read more →

Five Eyes urge CSOs to update cyber risk strategies now

🔒 The Five Eyes cybersecurity agencies warn that rapidly advancing AI capabilities are already reshaping offensive and defensive cyber operations and urge CSOs to treat cyber risk as core business risk. They recommend prioritizing secure-by-design practices, defense in depth, rapid patching, reduced attack surface, stronger identity controls, and testing breach responses. Some experts call the guidance too general or overdue but agree it reinforces the need for executive alignment and urgent action.
read more →

Implementing Egress Controls to Prevent Data Exfiltration

🔒 This post outlines an architecture and controls for preventing data exfiltration from AWS environments by combining centralized network inspection, DNS filtering, and data perimeter policies. It explains a hub-and-spoke pattern using Transit Gateway, AWS Network Firewall, and Route 53 Resolver DNS Firewall to inspect and block unauthorized outbound traffic, including scenarios involving compromised workloads and agentic AI. The article details layered preventive, detective, and corrective measures using AWS services such as GuardDuty, Security Hub, IAM Access Analyzer, EventBridge, and Firewall Manager to automate detection and response.
read more →

Legacy Infrastructure Enables AI Agent Hijacking

🔒 This article explains how attackers bypass AI security by exploiting legacy infrastructure that AI agents inherit, such as Active Directory, cloud storage, and unpatched servers. It outlines a staged attack where a CVE-exploited perimeter server leads to credential theft, lateral movement, and compromise of an AI Co-Pilot's knowledge base. The piece urges exposure management that maps dependencies and fixes choke points to protect AI environments.
read more →

Zero Trust as the AI control plane for Southeast Asia

🔒 At Zscaler’s Zenith Live 2026 in Vienna, the vendor argued that AI agents are rapidly becoming digital workers while regulators tighten data residency and supply‑chain threats move closer to core operations. Zscaler proposes extending its Zero Trust Exchange and SASE platform to govern AI agents, unmanaged devices, multi‑cloud workloads, and B2B partners, positioning zero trust as the control plane for secure AI adoption in regulated, highly connected markets like Southeast Asia. The company emphasised an AI Broker, endpoint AI security, and an AI Access Graph to map and protect AI assets and data flows.
read more →

Cloudflare releases Cloudflare One stack for Zero Trust

🛡️ Cloudflare announced the Cloudflare One stack, a pair of agent skills designed to automate planning, deploying, migrating, and managing Zero Trust environments. The toolkit packages Cloudflare’s institutional migration expertise into two skill files — cloudflare-one and cloudflare-one-migration — to assist with VPN replacement, Gateway policies, connectivity, vendor-to-vendor translation, and troubleshooting. When paired with the Cloudflare code mode MCP server, agents gain typed, controlled access to the Cloudflare API for live inventory, configuration inspection, and curated change workflows.
read more →

AWS Sign-in adds resource and control policies

🔐 AWS Sign-in now supports resource-based policies and resource control policies (RCPs) for the AWS Management Console. These policies let administrators restrict console sign-in to expected networks and are evaluated during sign-in and when the console session requests new credentials. Resource-based policies target individual AWS accounts while RCPs apply organization-wide via AWS Organizations. Administrators can combine these controls with AWS Management Console Private Access to manage allowed sign-in networks and account access across their environment.
read more →

Survey Finds Anonymized IPs Drive Modern Incidents

🔍 A recent study of over 200 security practitioners by Spur Intelligence shows anonymizing infrastructure—VPNs and residential proxies—appears in nearly every incident, yet many teams lack the context and workflows to act on IP data. Analysts increasingly face noisy enrichment feeds without attribution, behavioral signals, or automation to inform real-time decisions. Organizations remain reactive, applying IP intelligence mainly during investigations, while internal risks from employee VPNs and proxy usage add blind spots that zero-trust must address.
read more →

Why many organizations struggle to implement zero trust

🔒 Zero trust, introduced by John Kindervag, remains a vital security strategy but many organizations struggle to implement it correctly. Reports from Accenture and Gartner show high rates of implementation challenges and failures, while researchers have highlighted vulnerabilities in some ZTNA products. Experts stress zero trust is a mindset and methodology — not a single product — and recommend starting small, aligning with business priorities, leveraging existing tools, and measuring outcomes to succeed.
read more →

AWS Management Console Private Access Launch

🔒 AWS Management Console Private Access now lets customers reach the AWS Console from VPCs without any internet connectivity, enabling management of AWS infrastructure in air-gapped and strictly controlled networks. The feature routes console traffic through VPC endpoints using AWS PrivateLink, letting customers enforce VPC endpoint policies and existing IAM, Service Control, and Resource Control policies. Available in all AWS commercial regions, customers pay only for the underlying VPC endpoint usage and data processing.
read more →

Cloudflare adds private origin routing for apps

🛡️ Today Cloudflare launched Application Services for Private Origins in closed beta for eligible Enterprise customers, enabling secure routing to private IP origins without exposing them to the public Internet. This lets Cloudflare’s WAF, bot management, rate limiting, Workers, and other services sit in front of private applications using existing private connectivity such as Cloudflare Tunnel, Cloudflare Mesh, or Cloudflare WAN. The feature uses a toggle on proxied DNS records or an API attribute to instruct Cloudflare’s private networking layer to route traffic to private networks, and extends Layer 4 support via Spectrum for TCP/UDP services.
read more →

AI-powered worm highlights urgent enterprise risk

🛡️ Researchers at the University of Toronto built an AI-driven worm prototype that autonomously discovered and exploited vulnerabilities across a simulated enterprise network. Using a locally hosted, free LLM and a custom agentic harness, the worm self-replicated to multiple systems by chaining old and recent CVEs and common misconfigurations. Over several days it spread to most targets, demonstrating that attackers do not need cutting-edge models to mount damaging, adaptive attacks. The findings underscore the need for faster patching, AI-assisted defensive testing, and improved architecture such as segmentation and zero trust.
read more →