Zero Trust Network Architecture with John Kindervag

Поделиться
HTML-код
  • Опубликовано: 25 янв 2025

Комментарии • 10

  • @avioz8901
    @avioz8901 2 месяца назад

    Great video on Zero Trust concepts and principles, thanks a lot @John Kindervag it is very informative content 😃

  • @Douglas_Gillette
    @Douglas_Gillette 10 месяцев назад +2

    Most security products and strategies are not new or advanced. This includes the ‘Zero Trust’ strategy, regardless of how frequently vendors mention it. Authentication being used behind the firewall and on the internal devices of a network has been used for decades.

    • @xelerated
      @xelerated 10 месяцев назад

      Every single aspect of 'zero trust' is a rehash of things we've had for decades. And now I see "single packet authentication'..... ITS PORT KNOCKING. Zero trust is the biggest scam of this security generation. Its a money grab, period.

  • @Car_Mo
    @Car_Mo 7 лет назад +4

    Goverment and military have been building IT this way, segmenting networks and building systems around information security levels for many many years ... finally the IT-industry has also "invented" it and found a buzz word for it.

    • @YoungSecurity
      @YoungSecurity Год назад

      This is one of those comments that aged poorly. Because you know, the gov and mil have been doing XYZ for "many many years", so there is no way the private sector could possibly improve on anything the gov or mil Is doing. The gov and mil do something for a long time so there must be no better way to do it. This lack of willingness to accept there is room for improvement is laughable. The evidence speaks for itself.
      Here are a few examples:
      Office of Personnel Management (OPM) Breach (2015): This breach exposed sensitive information of millions of U.S. government employees, including security clearance details. It was attributed to Chinese hackers.
      Stuxnet Attack on Iranian Nuclear Facilities (2010): While not a traditional breach, the Stuxnet worm was a cyberattack that targeted Iran's nuclear facilities, disrupting their uranium enrichment efforts. It's widely believed to have been a joint effort by the U.S. and Israel.
      Democratic National Committee (DNC) Hack (2016): Russian hackers breached the DNC's email servers, leading to the release of sensitive emails during the U.S. presidential campaign.
      Equifax Data Breach (2017): While not directly a government or military breach, Equifax is a credit reporting agency that holds sensitive financial information on millions of individuals. The breach exposed personal data of nearly 150 million people, including some government employees.
      U.S. Government Systems Breach (2020): A sophisticated cyber espionage campaign, often referred to as the "SolarWinds hack," targeted multiple U.S. government agencies and private organizations. The breach allowed hackers to access government networks and data.
      German Federal Networks Hack (2015-2018): A group believed to be linked to Russian intelligence breached the German parliament's network, targeting sensitive information. The breach continued for several years before being fully discovered and mitigated.
      South Korean Military Cyberattack (2016): North Korea was suspected of hacking into South Korea's defense ministry's intranet and stealing military plans, including a contingency plan for war.
      Australian Parliament and Political Parties Breach (2019): An attack attributed to a nation-state exposed data of political parties and lawmakers, leading to concerns about potential foreign interference.
      UK Ministry of Defence Breach (2017): An employee's social media account was compromised, leading to the leakage of sensitive information, including details about military operations.
      Indian Government Websites Breach (2020): Hacktivists breached several Indian government websites as a protest against government policies, defacing pages and stealing data.
      These examples highlight some of the significant breaches that have impacted government and military institutions.

    • @Douglas_Gillette
      @Douglas_Gillette 10 месяцев назад

      At best he is a marketing talking head and at worst he is a con-artist.

  • @MoSec9
    @MoSec9 4 года назад +1

    Hierarchical :) I know, just had to say it. Thank you sir for the video. This is great.

  • @ThoriumHeavyIndustries
    @ThoriumHeavyIndustries 10 лет назад +1

    Technology cannot make you magically being complaint to security standards. It can only support it. But Security Standards are about organisation structures and processes, not about putting more hardware into you network. To me it looks like "Zero Trust" means stop thinking put it all in. In the end you have exploding management, license, training and monitoring costs being bound to a single vendor. Instead you should analyse what are your risk vectors and how can this risk be mitigated regardless who is the communication partner... that is real zero trust.

    • @xelerated
      @xelerated 10 месяцев назад

      Which is exactly what the OSSTMM does with measuring trust (and the mobius defense)

  • @xelerated
    @xelerated Год назад

    So John i guess was not aware that 5 years prior, the OSSTMM did say Trust is a Vulnerability. Not only that, but Stephen Paul Marsh first talks about Zero Trust in....1994. hmmmm