VaaSBlock’s Post

Or as I like to describe it: "My *specific* product puts the zero in zero trust!" By the way, the Microsoft Security suite of products provide the most comprehensive set of capabilities to help customers on a Zero Trust journey (as you've seen in the mapping to NIST ZT capabilities I shared), but it does not solve everything, and your ZT journey is not just enabling a bunch of checkboxes, features or products in that Suite.

It's amazing how many brilliant people fail to understand the difference between a strategy and a product. For example, Zero Trust is a strategy and a very important one for most security teams today. There is no silver bullet for being mature in your ZT journey but there are key controls and products that can assist in the 5 primary pillars of Zero Trust outlined by CISA. Some of these controls are more important than others but I have not seen any vendor be able to solve for all of them. As a matter of fact, the most mature ZT programs I've seen in the industry have been a combination of best in breed technologies that solve for the highest order bit in each of the 5 pillars of zero trust. As far as the identity pillar of zero trust, here is a guide on how you can get to the "optimal" state for your business - https://lnkd.in/gMGbKzaT #zerotrust #identitysecurity #cisa

Strategy? You mean, a collection of vendor tools whose procurement timeline maps closely to Gartner hype cycles for [insert category name here] technology? Ask about your org's strategy: "Are we risk-based? Business-aligned? Compliance-driven? Innovation-enabling?" Yes. The reality is, most security orgs rarely have a defined strategy. After all, strategy is a path to an envisioned future state. How do you define it? Fewer breaches? Good luck. Better compliance scores? Oh, but "compliance is not security," remember? Higher scores on phishing tests? That's nice, that'll really impress the North Korean hackers! So, how DO you measure success as a security organization? How do you measure your success as a CISO? Wrong answers only, please 🙃 #ciso #cybersecurity #security #leadership #cyberrisk

Here’s the deal. Security and compliance aren’t just nice-to-haves. They’re your ticket to customer trust, closing deals faster, and a solid information security system. That’s why we've put together a no-fluff, quick-hit guide to help you tackle the most common frameworks without losing your mind (or your weekends). eu1.hubs.ly/H0cvfp70

Watch or rewatch the podcast about #DocumentSecurity 🔒 It’s surprisingly simple to secure your critical business documents like invoices. Yet the benefits are enormous, compared to the damage a company risk, not having a secure landscape.   Learn which simple yet powerful measures you can take today as we explore how to -         prevent fraud, invoice hijacking and cyber attacks -         secure document exchanges and data integrity -         safeguard the entire document journey   Listen for free right here (18 min): https://formpi.pe/btd031   #Security #CyberSecurity  

What security structure is best for the issuer? Here's where experience pays off. #privateinvesting #accredited #privatedebt #privateequity https://lnkd.in/gk_vT5x

Join us for our zTrust for Networks webinar on Oct 3, 2024, at 3.00pm UK time! Understand what auditors are looking for to comply with PCI/DSS Mainframe Network Segmentation. Learn about the importance of network segmentation in today's security landscape and more. Don't miss out! We'll cover the topics we’re asked most about by clients in this area. If you’re considering network discovery and segmentation to improve security and #compliance, and save money, the insights provided will help you to make more informed decisions on the options available. Most importantly, you can quiz the experts with your own questions. Register here. #mainframe #zerotruststrategy https://lnkd.in/e4Yj-cJc

Say goodbye to periodic password resets! Are you tired of constantly resetting your passwords? The good news is, the days of periodic password changes might be numbered. As we approach 2025, it's time to align with the latest standards in digital identity. The new NIST draft proposes eliminating mandatory password resets, focusing instead on proactive protection. It's no longer just a recommendation—it's now a requirement. NIST's updated guidelines advocate for changing passwords only if there's evidence of compromise. With Entra ID Protection you can meet NIST's guideline to only change passwords if there is evidence of compromise. ✅ Reduced help desk calls ✅ Happier users ✅ Enhanced security The 2024 version is 800-63-4. Here: https://lnkd.in/dGnEwnRm

If your company is outsourcing transactional business communications and payment services to a third-party provider, it is worth the time to learn about the security frameworks that address the unique requirements of your industry. Our new blog breaks down why these certifications are so valuable when it comes to protecting customer data and which ones matter in your industry. https://loom.ly/l8kaEck

Strengthen your accounts by enabling Multi-Factor Authentication (MFA). Adding an extra layer of security can make all the difference in keeping your data safe. Pendragon Security can assist in setting up MFA for your business systems! 888.560.2910 | https://lnkd.in/gXnXSCTz