A small study found that security professionals are open to new solutions even as they rely on traditional vendors to protect their networks. Tempered talked to 100 cybersecurity professionals at RSA Conference 2020 in February and found other contradictions like this one:
- 74% of respondents use penetration testing
- 59% said these tests were successful a majority of the time
Survey respondents also weighed in on defense by depth, a security approach that involves layers of defensive mechanisms. Most respondents said the more layers the better:
- 32% of the professionals said five or more network security components
- 25% believe it requires four to five
- 28% said three to four
- 14% said three or less
Limited budgets may be blocking more experimentation with new security tactics; 45% of respondents listed small budgets as the top network admin challenge today. Integrating software came in second at 27%.
SEE: How to get users on board with essential security measures (free PDF)
Tempered’s security philosophy is zero-trust. The company claims its Airwall platform can make a network and all the devices connected to it invisible. Airwall secures network communication between devices, enables zero-trust network connectivity for applications and users, connects legacy infrastructure, and secures critical infrastructure.
Guannan Lu, an analyst at Forrester, said implementing zero-trust network access solutions is one way to improve security by giving less privileged application access.
Tempered founder Jeff Hussey said the Airwall solution enables organizations to consolidate their network security toolset and achieve defense in depth with fewer solutions.
Forrester analysts coined the term “zero trust” several years ago. The firm describes zero as a conceptual and architectural model to achieve security via microperimeters and microsegmentation. The approach increases data security through obfuscation techniques, limits the risks associated with excessive user privileges, and improves security detection and response through analytics and automation.
In “Future-Proof Your Digital Business With Zero Trust Security,” the company explains that the strategy is called “zero trust” in an effort to warn security leaders about the dangers of the numerous trust assumptions they make in their architecture. This can be trusting internal network traffic as legitimate by default, trusting employees to always have the best intentions, or trusting partners to treat access to a company’s systems and data as if it was their own.