Zero Trust (Solution Vote)

[danb]

No...I'm not wrong. The matter of privileges is core subject of Zero Trust conception. Here's from Citrix article

What is Zero Trust Security? - Citrix

Zero trust is a security model that continuously verifies users and devices, rather than trusting by default, to protect against data breaches. Explore the zero trust model and zero trust security.

www.citrix.com

Here are other sources of useful info

What Is the Zero Trust Security Model? How Does it Work? | Fortinet

Zero trust architecture secures the network from the inside out. Learn how to shrink the attack surface and implement a zero trust security model for your network.

www.fortinet.com

Never trust, always verify: The Zero Trust security model

What is Zero Trust, and why is it attractive for modern business?

www.kaspersky.com

We are discussing two sides of the same coin. My point is, PAM is one component that is often utilized in a zero-trust strategy, but it is not required for zero-trust. And just because a company implements a PAM, that does not automatically make them zero-trust.

 

[ScandinavianFish]

This is an excerp from your website:

"The Achilles’ heel of all cybersecurity products is that they are only able to offer a single static level of protection". Also, you use the terms "Traditional" and "Next-Gen" antiviruses.

Youre no different to these "next-gen" companiese, whos whole marketing strategy is based on disinformation and propaganda, and youre not special either, no matter how proud you are of these fancy sounding technologies of yours.

 

[Jan Willy]

And just because a company implements a PAM, that does not automatically make them zero-trust.

I agree. Zero-trust policy has many aspects. Even big companies and public authorities often can't fulfil all the requirements, not to mention home users. The in this thread presented software can deliver at most a small contribution.
Edit: It doesn't mean that you shouldn't use one of those programs, but put it into perspective.

 

[simmerskool]

BTW, a global block of cmd, for example, is not a behavior block. This is a global block, and there is a huge difference. In a global block, behaviors are not evaluated in determining if cmd should be blocked, it is just simply blocked.
For these reasons, I strongly believe behavior blocking is best implemented into an allow-by-default product like a traditional or next-gen AV. Some of this is opinion and some of this is fact, you can decide what is what .

Not commenting to debate you, I've lost already, and you know I like VS. Reading more about AppGuardSolo & short time current useage, I do understand it to be a global blocker based on policy. If an activity is outside a very defined policy (AG default eg) then it is blocked, and recorded in its Activity Log and Windows Event Log. AG markets this as a plus. On enterprise AG policy is locked down by IT admin, while the Solo user is the admin and wrong edit to policy could result in bad outcome. I think VS & AG both get the job done, VS is probably more user friendly. If my comment has errors, sorry, I'm going by what I see as long-time user of VS, and intermittent short time user of AG. (But I'm liking AG too at the home consumer price).

 

[Divine_Barakah]

I forgot to mention… behavior blockers are actually allow-by-default by design. The reason we know this is because they work by allowing everything, except certain suspicious behaviors (they block specific behaviors). They obviously cannot block, and do not want to block every single behavior, which is further proof they are allow-by-default by design, and simply bear no resemblance to the zero-trust model. So behavior blockers must determine what to block and what not to block. That is great when they are correct, but not so great when they are not correct.

In this case, Avast Hardened Mode and TM Hypertensive mode are what? I think they tend to block everything unless it is trusted by their cloud.

 

[danb]

This is an excerp from your website:

"The Achilles’ heel of all cybersecurity products is that they are only able to offer a single static level of protection". Also, you use the terms "Traditional" and "Next-Gen" antiviruses.

Youre no different to these "next-gen" companiese, whos whole marketing strategy is based on disinformation and propaganda, and youre not special either, no matter how proud you are of these fancy sounding technologies of yours.

Here is an analogy you should understand.

When designing physical security, a nuclear power plant will utilize dynamic security postures to properly protect the facility. That is, a high security posture cannot be utilized fulltime because it is too costly and daunting. Likewise, a low security posture cannot be utilized fulltime, as this will result in breaches.

Cybersecurity is no different from physical security in this regard. If a single static security posture is utilized, the system is not optimally protected.

In short, the security posture should match the present threat.

If you have a better way of explaining this concept, I would be MORE than happy to update our website, thank you!

 

[danb]

In this case, Avast Hardened Mode and TM Hypertensive mode are what? I think they tend to block everything unless it is trusted by their cloud.

What are they? They are global whitelist based deny-by-default, and EXTREMELY similar to VS on AutoPilot . Global whitelists are usually correct, but they are not perfect.

If you want to be even more secure, then you can use tiny, customized local whitelists, like VS does when it is in Smart or Always ON mode.

 

[ForgottenSeer 97327]

Large cloud based whitelists are fine to establish your baseline (I use Microsoft Defender on MAX for that), smaller local whitelists are great to maintain your baseline (not only allowing installed programs to update, but also allowing programs of same signing to install (I use WDAC for that). VoodooShield also has both, this makes it easier and safer to lockdown. The local whitelist makes this a tight custom tailored solution, while still allowing your baseline to update and extend (adding new programs of already trusted signers).

I think the benefit of VoodooShield is that you can start using it in auto pilot mode using it as an advanced user controllable addition to Microsodt Defender, tighten your security by moving on to smart mode. After your local whitelist is build, you can move to the highest security level always.

There are not that many default deny applications offering usage modes which provide such an easy learning curve. Most only have training (which basically allows everything) and block mode (default deny). When I figured out my WDAC local whitelist in 2019, I borked my PC once (Microsoft co-signed generic driver passed the whitelist, but the vendors'latest driver got blocked when I installed that after reading on this forum that it had patched some critical vulnerabilities).

 

[ichito]

My point is, PAM is one component that is often utilized in a zero-trust strategy, but it is not required for zero-trust. And just because a company implements a PAM, that does not automatically make them zero-trust.

I don't know what allows you to present such opinion. Sorry but I would rather trust sources that can be verified like this for example

The Zero Trust Model and PAM (Privileged Access Management)

The overarching Zero Trust concept of “never trust, always verify” is about controlling access. Start with privileged access, the riskiest type of access.

delinea.com

@danb
do you remember this thread on Wilders?

VoodooShield/Cyberlock

New to me. http://voodooshield.com VoodooShield™ Beta Download We are currently offering our beta version free, for a limited time. The...

www.wilderssecurity.com

I think 11 years is enough long. I'm tired.

 

[ScandinavianFish]

Here is an analogy you should understand.

When designing physical security, a nuclear power plant will utilize dynamic security postures to properly protect the facility. That is, a high security posture cannot be utilized fulltime because it is too costly and daunting. Likewise, a low security posture cannot be utilized fulltime, as this will result in breaches.

Cybersecurity is no different from physical security in this regard. If a single static security posture is utilized, the system is not optimally protected.

In short, the security posture should match the present threat.

If you have a better way of explaining this concept, I would be MORE than happy to update our website, thank you!

A fellow user sent me this.

 

[danb]

I don't know what allows you to present such opinion. Sorry but I would rather trust sources that can be verified like this for example

The Zero Trust Model and PAM (Privileged Access Management)

The overarching Zero Trust concept of “never trust, always verify” is about controlling access. Start with privileged access, the riskiest type of access.

delinea.com

@danb
do you remember this thread on Wilders?

VoodooShield/Cyberlock

New to me. http://voodooshield.com VoodooShield™ Beta Download We are currently offering our beta version free, for a limited time. The...

www.wilderssecurity.com

I think 11 years is enough long. I'm tired.

How funny, even the title of the article you posted absolutely proves that PAM is a merely subset of ZTA... "Can PAM Coexist with the Zero Trust Security Model?". Let that sink in .

Also, as you pointed out, VS started in 2011, and according to the article, the term zero trust was coined shortly afterwards in 2010.

The concept of zero trust security isn’t new; the term was coined by Forrester Research Inc. back in 2010 and was initially synonymous with a network security approach known as micro-segmentation. Micro-segmentation is a way to create secure zones in data centers and cloud deployments that allow you to isolate workloads and protect them individually.

So what "allows you (me) to present such opinion"? SImple... VS, along with the other early deny-by-default products, are the products and companies that defined and created zero-trust for the rest of the industry.

Sure, I remember that thread, but I am missing your point when you say "11 years is enough long. I'm tired". VS is doing quite well and I am extremely happy that I stuck with it. I admit, we were 10-11 years too early, but it is a good thing that we started when we did, so that VS would be ready and available when it was needed most.

 

[danb]

View attachment 271639
A fellow user sent me this.

Most of JT's post is not even worth responding to, but I do fully admit that VS can best be described as "Adaptive Cybersecurity". I have stronly believed for 11 years that Adaptive Cybersecurity / Dynamic Security Postures will play an extremely important role moving forward.

Sophos is a great product, so I am certainly not bashing them when I point out that the article JT posted, entitled "Introducing the Sophos Adaptive Cybersecurity Ecosystem" was published on MAY 05, 2021, almost 11 years to the day that VS was created.

Introducing the Sophos Adaptive Cybersecurity Ecosystem

Leveraging automation and human operators in a virtuous circle that constantly improves.

news.sophos.com

I further admit that Dyanamic Security Postures have not yet been "established by any research by credible industry groups or any government agency". Does JT not realize that new tech cannot be "established..." until it is created? Not only that, but his statement also proves that VS is developing something truly novel. Again, let that sink in .

But I do agree that Adaptive Cybersecurity is going to play an ever increasing role in the cybersecurity space.

 

[Ink]

Anyone have experience with NordLayer (by Nord Security)?

NordLayer is an adaptive network access security solution for modern businesses. We help organizations of all sizes to fulfill scaling and integration challenges when building a modern secure remote access solution, within an ever-evolving SASE framework.

Homepage: Adaptive Network Access & Security Solutions | NordLayer